Defending The Network
by Simon Perry - VP Security Strategy, EMEA, Computer Associates - Monday, 23 August 2004.
1. Scan for vulnerabilities

One of the greatest challenges in any distributed computing environment is in policing the network. How do you know if staff are downloading unapproved software? Are they opening mysterious attachments on emails? Is there a hole in the security defense that could admit a potentially devastating virus?

A good anti-virus software incorporates special ‘agents’, which reside on every server, PC, laptop and PDA on the network. These agents continually scan the host device looking for anomalies that could cause security breaches. The agents report all potential vulnerabilities back to a centralized interface. This allows the CIO or IT manager to conduct real-time, ‘at a glance’ risk assessment and implement corrective and preventative measures.

2. Prioritise remediation

New viruses sweep the world within hours of release. Systems administrators must therefore race to install the latest anti-virus updates before infection occurs. However, one-third of ISBS respondents admitted that it takes them 48 to 72 hours to remedy security vulnerabilities.

Response time can be dramatically reduced by taking strategic counsel from a security specialist. Such companies can devise highly sophisticated defenses to deal with ‘blended threats’, which possess characteristics of worms, Trojans and unique hacking techniques that would otherwise slip beneath the radar of most standard anti-virus software.

3. Patch the holes

It’s not unusual for organizations to have thousands of computers at hundreds of different sites. As an alternative to dispatching an army of IT foot soldiers into the field at the first hint of a new virus threat - which can take days or even weeks - the best solutions incorporate software delivery agents, which automatically transport and install anti-virus patches to all PCs across the network.

Security management needs to be fast and nimble. It also needs to have its own safeguards in place to report back if any patches have not successfully installed. After all, any IT security defense is only as strong as its weakest link.

Minimising the impact of spam

According to ISBS 2004, one-third of UK businesses cited unsolicited email or spam as a major issue. While not a security breach per se, spam is clearly disruptive and IT security staff and legislators alike are grappling how best to address the problem.

There is little doubt that the volume of spam is increasing at an exponential rate. Spam currently comprises more than half of all incoming e-mail in 17% of UK businesses. One in ten now rate spam as a major business issue, causing significant time to be wasted. As a result, nearly one in four businesses (and nearly half of all large ones) filter incoming email.

The impact of spam is multi-faceted. In addition to the time-consuming inconvenience of wading through masses of spam to find legitimate email, spam is often used as the vehicle to transport and promulgate viruses. Spammers are increasingly targeting poorly secured mail servers, and, using worms and viruses, turn them into relays that spread spam to other people.

The DTI recommends the following course of action to limit the impact of spam:

- Discourage staff from engaging in online activities that tend to attract unsolicited emails

- Deploy and regularly update spam filtering tools

- Discuss what steps can be taken by your ISP to minimize the delivery of spam nearer its source

It’s interesting to note that one ISBS business respondent mentioned that a small number of the company’s users receive the vast majority of spam. Despite the best intentions of the Data Protection Act, users who have published their email address on a website or in a newsgroup posting tend to be targeted most.

Security management


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th