Wednesday, July 16, 2008
CIOL Network sites
CIOL Network Sites
Search by Issue | CD Search | Sitemap | Advanced Search
Discuss & Share Infrastructure Planning with global leaders from IBM
Home > ITstrategy
The Right Way to Deploy Enterprise Security
Saturday, July 05, 2008
We are all well aware of the
importance of securing an
enterprise's IT setup and the
measures to be taken to protect
against the various security
threats. But every year we
come to know about some
security disaster or the other
that has struck a reputed
organization. And the reason is
the same; we don't update our
security solutions regularly.
Security devices and practices
are not issues that you install
once and forget the other day.
You need to revisit those regularly. Even a minute change in the IT
infrastructure would require a complete changeover in your security
policies. For instance, imagine you have a web server running in your
organization, and your e-mail server was outsourced/hosted, and now you
decide to shift your mail server as well to your own datacenter. In such a
scenario, the perimeter security you would be having might need a
complete makeover, so that it can cope with the risks which a mail server
possesses and those which were not there in case of a web server. Intel
co-founder Andrew S. Grove once said, 'Only Paranoid Survives.' We have
to be paranoid about security to survive against ongoing new threats taking
birth every day. This story talks about some of the most common and
uncommon threats that your enterprise faces each day and also what are
the best approaches to combat them.
Blocking the gaping holes
As it is vital to safeguard your house at entry
points, similarly it's always important to protect
your IT infrastructure at all possible points of
attack. But to do so, first you have to
Your Passport to Success
What does your IT
need the Most?
Page 1 of 6PCQuest : ITstrategy : The Right Way to Deploy Enterprise Security
understand what could be the entry points in your IT infrastructure. Internet
or the broadband gateway is not always the only point of entry for hackers.
Rather hackers and worms are pretty smart now and know that today
people use a firewall to restrict unwanted incoming connections. They
would rather focus on other contemporary ways of getting into the network.
And once they enter, they can open channels and ports through your
Internet connection to go out and connect to the outside world.
Even a simple USB pen drive could be that entry point. These drives are
capable of 'autorun' and are plugged into many machines each single day,
and hence can get infected very easily. We have visitors coming to us with
their own USB drives, with data, and share it with us by copying it to our
production machines. And if that USB drive is compromised, it can easily
upload a worm or a virus or a rootkit in a machine. And once it gets
uploaded, it can easily start spreading across the network and infecting
other machines. That's not all; these viruses can easily start opening up
channels from your PC to hacker machines and can then start uploading
sensitive data. Not just a pen drives but also portable devices such as
digital cameras, laptops, mobile phones, PDAs and handhelds, all of them
pose the same threat.
So, you must be figuring out how one to protect your infrastructure from
these threats. One option could be to ban all portable data transfer devices
in your organization, which many enterprises are actually doing. But that is
not the right approach as by doing so you are completely avoiding the use
of a great technology. Rather you should deploy solutions that can take
care of the risk and at the same time you can keep using benefits of such
Another solution would be a good end point security solution. Essentially an
end point solution is nothing but an antivirus/antispyware which sits on all
the workstations and laptops (even on mobile phones for that matter), but it
connects back to a centralized server for upgrades, deployments and
logging/reporting. There are plenty of such solutions available from different
vendors such as Symantec, Micro World, Quick Heal, etc.
Other way of protecting against such type of attacks is by deploying a
firewall or a UTM solution which not only scans for the inbound (incoming)
traffic but also scans the outbound (outgoing) traffic. This will make sure
Tools such as this one called EtherApe are very handy to quickly
determine worm attacks that flood the network. In one shot you can
see the infected nodes
Page 2 of 6PCQuest : ITstrategy : The Right Way to Deploy Enterprise Security
that if by chance any malware or virus has entered your network and
already spread itself, the device would prevent it from opening ports and
channels to hackers' websites and also from inviting more worms or
uploading sensitive data. There are quite a few organizations that deal with
such UTM/Firewall solutions, which scan both inbound and outbound traffic.
Some examples are Cyberoam, GajShield, etc.
The threat within
According to a survey which we did last year in the month of Jan, it was
found that internal security threats can sometimes be more deadly than
external ones. This is a very crucial point to remember. A disgruntled
employee could give strategic information to you competition. It could even
be done by an innocent employee 'unknowingly'. Such cases are equally
dangerous and need to be tackled differently. Just imagine, if an employee
turns hostile and passes strategic business information to competition?
This is a spine chilling thought, but can become a reality at some point of
To learn about how you can protect your IT infrastructure from such threats
the first thing to do is to understand the difference between an internal and
an external attack. There are essentially two types of attacks which
someone sitting inside the network can perform and which rarely occur
through an outsider. These attacks are Ethernet sniffing and spoofing. The
former is used to promiscuously listen to the flowing traffic on the network
and gathering data from such activities, while the latter means faking the
identity of some other machine to access data intended for that machine.
Both are very serious scenarios that could result in loss of precious data.
The solutions for such issues are twofold. Either you secure the data or you
secure the medium. For securing data, you have to encrypt each and every
piece of sensitive data travelling across the network. For example your
mail, passwords, files, etc all have to be encrypted; whenever they are
copied or transferred over the network.
And to secure the medium, you have to replace your network switches with
the once that is more secure. Yes! There are network switches which are
secure and others which are not. To understand this, first you have to
understand how data is switched inside a network switch. For switching
data all switches have a cache table called the arp cache table, which
A non-traditional way to check whether your site is being faked for a
phishing attack is to use an online plagiarism checking website to
see replicas of your site's content
Page 3 of 6PCQuest : ITstrategy : The Right Way to Deploy Enterprise Security
keeps a log of all the machines connected to it, and keeps a pair of the
machine's IP and MAC addresses. For spoofing data, a hacker manipulates
this entry and changes the IP MAC pair which is called the ARP FlipFlop.
To protect against such kinds of attacks we do have switches which provide
an encrypted arp cache table and hence can't be manipulated or read by
hacking machines. These secure switches are easily available through
most of the switch vendors but are slightly heavy on your pocket.
You obviously can't change your complete IT infrastructure by deploying
new switches and at the same time it may not be feasible to even encrypt
all data traveling on your network. In such a case, you can deploy an
inward facing IPS solution with alerts. This IPS is essentially an intrusion
detection and prevention system which checks for all types of spoofing,
sniffing or other attacks on the network, and alerts you in case of a
problem. It also tells you the source and destination of the attack. Once you
get the source of such an attack, you can catch the attacker red handed.
You can get an IPS solution as a part of a UTM solution or you can opt for
a stand alone IPS system. Snort is one of the most famous IPS system for
wired networks and Kismet is a renowned solution in the wireless domain.
However, while deploying an IPS solution you should always configure
alerts in such a way that there is minimal delay between generation and
delivery of the alert. So, for instance an SMS alert will be the quickest
amongst the lot.
Faking of identity
Phishing or faked websites are always a key concern for users doing online
transactions, but it is a bigger concern for enterprises who own websites
that can be phishing targets. When a site is phished, it is out of the control
of the owner of the actual site as he doesn't even know that his site has
been phished, unless someone reports a scam about it. And such phishing
sites are the biggest cause for loss of reputation for such websites.
So, if you own a website that is vulnerable to phishing, you must start
thinking of measures to take towards preventing it. Yes, you would have to
secure your site with digital certificates from known certification authorities,
and would need to introduce multifactor authentication for your users and
But other than doing all this there is another easy way to keep track of
which sites are trying to phish your website. The technique doesn't use any
security device or application; rather it works on the great power of today's
If you do a simple search on the net you will find lots of free and
commercial web based plagiarism detection tools. Essentially these tools
are used for checking copying of copyrighted material across websites.
Such tools tally each and every sentence on a website and try to search for
matching sentences on other websites, indexed on a given search engine.
During the process of phishing, the attacker copies the actual website to
create an exact replica in terms of look and feel, and so he must be using
the same text as the real site.
Page 4 of 6PCQuest : ITstrategy : The Right Way to Deploy Enterprise Security
If you run your website through a plagiarism checker, it must show you all
websites with the same text, including those that are likely to be phishing
websites. This technique works pretty well with websites having fewer
images and animations and more of text.
One such free website where you can check for plagiarism is
http://copyscape.com. It gives you 10 tries in a one month, which should be
good enough for a regular check.
gfedcb I am interested in more information about this product
I am interested in buying this product
Please enter text shown below :
HEMANT PATEL Says I read this news letter on security IT >>>
Fighting the Monster called Infrastructure Complexity
The Key to Successful IT Project Management
CIO Concerns and Resolutions for the New Year
Planning your Next IT Purchase
LogMeIn - Really 100% Free &
Easy Access To PCs From
Intel-Based Small Form
USB Flash Drive Security
Protection with Encryption-
Password Rated 5 Stars.
Hp Enterprise Solution
Servers Powered by Quad-Core
AMD Opteron™ Processors-
Magazine Subscription | RQS | Contact Us | Team PCQuest
Other CyberMedia web sites
[Dataquest] [Voice&Data] [CIOL] [Living Digital] [IDC India]
[CIOL Shop] [DQ Channels] [the DQweek] [CyberMedia India]
[Cybermedia Dice] [CyberMedia Events] [Cybermedia Digital]
[CyberAstro] [Global Services Media] [BioSpectrum] [BioSpectrum Asia]
[Computer Shopper] [College Buying Guide] [Voice&DataConnect]
Page 5 of 6PCQuest : ITstrategy : The Right Way to Deploy Enterprise Security