Safety net

Although the Web offers endless opportunities to local businesses, it can be a dangerous place. Security software ensures your survival.

  • E-Mail
By  Neil Denslow Published  February 2, 2003

I|~||~||~|Connecting to the internet offers companies a host of possible business opportunities. Processes between partners can be automated and the global reach of the web can greatly expand a business’s range of possible suppliers and customers. However, the internet is a dangerous place to travel in. Hackers, worms and viruses are all lurking in cyberspace ready to delete data, randomly send out users’ confidential files and overwhelm a company’s IT infrastructure, if given the opportunity.

The Middle East, despite its relatively limited internet penetration rates, is not immune to these security threats either. For example, Etisalat’s servers suffered from a denial of service (DOS) attack that emerged from within the UAE, and the last variant of the Yaha virus was first spotted in Kuwait.

“Security breaches are actually happening in this region,” confirms Dominic Morris, marketing manager, Seven Seas. “The corporates here are aware that it’s happening, but the level of knowledge and awareness hasn’t reached quite the same peak it has in US and Europe,” he adds.

The consequences of a virus infection vary from the trivial to the serious. A virus that makes a PC sound a noise every time a certain key is pressed, for instance, is annoying, but nothing compared to a virus that wipes out databases or forwards confidential files to random recipients. “A business can die as the result of an infection,” says Scott Dunderdale, account director, Middle East, MessageLabs.

While the cyber threats are legion, they can be defeated. Security software can secure a company’s data and minimise the possibilities of hack attacks and virus infections.
“It’s right for people to be concerned about viruses… but you need to keep it in perspective,” says Graham Cluley, senior technology consultant, Sophos. “It’s fairly easy to stop viruses with antivirus software and common sense,” he explains.

The minimum security software requirements for a company looking to go online depends on the size and scope of the organisation. As such, the first step in deciding on what to implement is to asses the various threats that exist on the internet and how much of a risk they pose to the company and its data.

“Don’t just go for a product because there is a threat out there,” advises Abdul Karim Riyaz, marketing manager for Computer Associates’ Middle East operations. “Firstly find out how that [threat] is going to affect the organisation.”

Viruses present the most common threat to an organisation because unlike hackers, who have to actively choose to target a specific server, they attack companies indiscriminately. A mass mailer virus, for example, randomly spreads itself round the internet by piggybacking on e-mails sent to addresses found in infected PCs.

Given the publicity that has surrounded viruses such as Melissa and Code Red, most people are aware of the threat they pose and the need for antivirus software. As such, the penetration of antivirus software among large enterprises with dedicated IT departments is almost certainly 100%. The adoption rate at smaller companies is rapidly nearing this mark as well, as awareness of the problem grows. The practice of bundling antivirus software with new PCs, which is now an industry standard, has greatly increased uptake as well.

||**||II|~||~||~|While antivirus software is vital, it needs to be supported by good policies and procedures for it to remain effective. With new viruses that exploit previously unknown flaws appearing all the time, an administrator needs to ensure that new updates are regularly downloaded from the antivirus vendor. “If you have the best antivirus in the world and it’s not been updated for two weeks, then it’s a vulnerability,” says Riyaz.

Vulnerability assessment software can help to ensure that policies and procedures are being followed, and that the latest patches have been downloaded onto the right machines. “As new vulnerabilities are discovered, they [administrators] can assess their systems [with these tools] to see which systems are vulnerable, what the potential impact of those systems would be if they were compromised, and then reconfigure those systems to try and circumvent those vulnerabilities,” explains Ivor Rankin, technical sales manager, Middle East, Symantec.

Key to defending the organisation against viruses is the antivirus software sitting on the e-mail server. The vast majority of viruses are now spread via e-mail, so the need for antivirus software sitting on the gateway is self-evident. However, even though up to date software will block infected files attached to e-mails at the gateway, there is still a need for companies to deploy desktop antivirus software as well, as viruses can spread in many different ways. “If someone brings in an [infected] screensaver on a floppy disk, for instance, there’s no point having the antivirus at server, it has to be at the client level,” notes Riyaz.

Furthermore, so-called blended viruses, such as Bugbear, are now not just reliant on dissemination by e-mail, as they can also spread via network shares. Other blended viruses are now also spreading via instant messaging systems, which allows them to enter a network via the internet but without passing through the e-mail scanner. “The vast majority of viruses still come through the gateway and e-mail, but the blended threats are changing this,” says Justin Doo, managing director, Trend Micro Benelux, Middle East & Africa.

The growing use of desktop-to-desktop e-mail encryption is further increasing the need for client antivirus software as well. Because any virus piggybacking on an encrypted e-mail is also encrypted, the gateway scanner is unable to detected it. “Companies [using encryption] are moving forward in one area of security and taking a step back in another... The only way round this is desktop antiviurs software,” notes Cluley.

Alongside antivirus software, the most commonly implemented form of security software is a firewall. A firewall acts a barrier preventing unauthorised access to or from a company’s internal. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified criteria.

||**||III|~||~||~|While firewalls are near ubiquitous among larger enterprises, the need for one among smaller companies depends upon how often the company accesses the internet. For those that are only online for a few minutes each day, then little threat is likely to be posed by outsiders. These limited users are “only vulnerable once they’ve dialled up to the internet, and as soon as they log off, they’re not,” says Ian Williams, Datamonitor’s e-security analyst.

However, with businesses’ growing dependence on the internet and the falling price of using it making always-on connectivity an affordable option, the number of companies that uses the internet for only a limited amount of time each day is rapidly diminishing. As such, the probability that an unauthorised user or Trojan horse virus will seek to exploit a network flaw are almost as high as a virus infection via e-mail. “If you’re not covering against those two, then you are potentially going to have a problem in the very near future,” warns Doo.

“[However,] if you are protecting against content coming in and non-permitted access, then you’ve got the basic of your security sorted out,” he adds.

Beyond these two most basic security elements, a company may consider a host of other software options the importance of which grow with the complexity and size of the network. An intrusion detection system (IDS), for instance, sits above the firewall to help prevent attacks from both inside and outside the organisation. The added advantage of an IDS is that it can warn system administrators of real and attempted intrusions as they happen. Furthermore, it can recognise attacks against the network that the firewall is unable to detect, such as ones originating from inside the organisation. The information generated by an IDS can also help in damage control after or during an attempted intrusion.

IDSs have so far mainly been restricted to large enterprises or companies with particularly strong security needs, such as banks. However, their use is experiencing rapid growth. IDC, for instance, predicts that the worldwide web intrusion protection market will hit almost US$700 million by 2006 compared with US$65 million in 2001.

The growing use of IDSs is a further reflection on the changing threat posed by blended viruses. Code Red, for instance, effectively ‘scanned’ a network utilising a list of flaws that it could exploit to enter the system. These types of worms are predicted to become increasingly commonly, so vendors are advising companies to reassess their security software portfolio. “As the [security] problems become more complex, the minimum requirements are growing,” says Rankin.

IDSs can also stop viruses that are designed to create a denial of service (DOS) attack against an e-mail server by flooding it with e-mails. A firewall and antivirus combination would not necessarily block these e-mails, as each on its own would look legitimate.
Only an IDS would be able to automatically detect the number of e-mails, and it could then instruct the firewall to block them all. “If we have this correlation and communication ability it makes the defences more intelligent in that they can proactively respond to what is happening in the network,” explains Rankin.

To further protect the firewall from excess traffic, a company can invest in web filtering software. Such applications are designed to limit the types of internet sites that a user can visit. For instance, a company may decide to prevent users from visiting sports sites altogether, or only allow access during the lunch hour. As such, web filtering is primarily related to productivity, as opposed to protecting data, but it often falls within the security software portfolio.

||**||IV|~||~||~|“Web filtering is not so much a security issue, as a management issue in terms of the resources available to a company,” says Mark Peters, director of channel sales, EMEA, SurfControl. “However, it’s another part of the [security] jigsaw,” he adds.

To make this security ‘jigsaw’ more effective, some vendors are aggressively promoting fully integrated solutions that encompass the entire range of security software, including antivirus, firewalls and IDSs. Symantec and Computer Associates have been especially active in this area, promoting integrated product lines that can all be run from one central console.

The key advantage of such an approach they contend is that it greatly simplifies network security management. “Most companies have a single problem and that is they have bought different security technologies from different vendors. Managing and integrating these technologies is difficult at best,” contends Rankin.

“It’s much easier to have an event management and centralised control [if you buy from one vendor],” agrees Riyaz. “And the products are up and running much faster because they are all pre-integrated,” he adds.

The ‘best of breed’ approach does have it advantages though, as ease of integration is not necessarily key to effective network protection. According to Cluley, a single vendor approach does provide possible advantages in terms of administration and technical support, but “there is not any really a huge security advantage.”

In security, the need for a rapid response to new threats presents a case for specialisation. The key to protection against a new virus is to quickly download an ‘identity’ from an antivirus vendor that will block the virus. The development of these identities will be slowed, however, if the vendor is trying to create different ones for a range of different products.

“If you try to have too many diverse versions of the software out there, you will never be able to satisfy all your customers and from a development point of view, you are creating a real nightmare,” says Doo.

“The threats are [also] getting more technical, which is why a lot of serious organisations still prefer to go with a best of breed solution,” he adds.

Another reason why companies favour this approach is that pieces of security software are usually bought separately. Unless it is a Greenfield site, most companies acquire security software incrementally as they grow. As such, the majority of businesses usually buy the product that is most effective, as opposed to being guided by their installed base.
“When you are buying things on an individual basis, it’s human nature to try and pick the best in the market for each product,” suggests Williams.

The dynamics of the security market suggest that the vendors themselves also recognise that the best of breed approach is winning out. Network Associates, for instance, used to produce an entire range of security products, but it has now dropped its IDS in favour of Internet Security Systems’ application. “I think that’s the way the market is going,” says Williams, “you will get more partnerships and much cleverer ways of integrating all this together.”

Furthermore, while Computer Associates and Symantec promote their entire integrated range of software, they have also made their consoles compatible with a number of other vendor’s products as well. “What they’ve worked out that the way to increase penetration is to take in account existing solutions as well,” notes Williams.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code