home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers


Security
F E A T U R E  
Tactical Security 101

  January 23, 2003
  By Greg Shipley


>> continued from previous page

HIP Hosts
TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 Vulnerability Management
arrow
 Firewalls Get Hotter
arrow
 Control Issues
arrow
 Event Correlation
arrow
 HIP Hosts
arrow
 Technology Areas
arrow
 How We Got Here

While the promise of HIDS has been based on an asset-centric approach, most HIDS offerings have not moved beyond log auditing and binary integrity checking. They are asset-based only in that they are located closer to most assets, on the host, as opposed to on the network. Fortunately, the HIPS (host-based IPS) market is picking up steam. Entercept Security Technologies, Okena and other companies have created solutions that can be configured to stop known and unknown attacks based on application behavioral profiles (see "HIP Check").

This approach is complicated but comes with a much higher payoff: Attackers aren't just identified by the technology; they can be stopped by it. If your organization is going to go through the hassle of deploying host-based intrusion-detection/ prevention agents on production systems, consider a proactive HIPS solution.

So where does intrusion detection fit in your security strategy? Key to any effective control is the monitoring of that control. Traditional NIDS solutions can serve as watchdogs to help verify that network-based controls, such as firewalls, are effective, and they can serve as alert mechanisms for abnormal network activity. However, monitoring the effectiveness of controls is useful only if the controls have been deployed properly. Organizations that have not taken steps to identify assets, set policies and protection profiles, and execute on those policies should not be pursuing large IDS deployments. They should be taking care of the basics first. IDS efforts should never trump firewall, host lockdown, and vulnerability assessment and patching.

Looking Ahead

Organizations must first cover the nuts and bolts of security: defining policies, identifying critical assets, assigning roles and responsibilities, deploying network and host access-control mechanisms, implementing database controls, monitoring, deploying antivirus and hostile code protection mechanisms, and implementing selective use of encryption, training, patching and auditing.

However, there are a new few technology areas that have caught our attention.

Network forensic (not to be confused with netForensics, the security information management provider) products, such as Sandstorm Enterprise's NetIntercept, help answer the question, "What happened?" after a network-based attack. These tools capture network traffic in its entirety and let administrators replay attacks, analyze transferred files and data, and put the pieces back together after a security event. While reactive, these solutions can shed light on what data is moving around on the network and what is leaving it.

Another intriguing nontraditional security product is SecureLogix's Enterprise Telephony Management, a firewall-like system for your telecommunications infrastructure that gives telco administrators many of the features found in traditional network firewalls, such as the ability to block inbound and outbound call numbers, call-type detection and real-time alerting, usage and frequency reporting. The product also helps address one problem that often flies under the infosec radar: war-dialing. ETM can detect attackers looking for open modem banks, making the product a multipurpose tool (see "Dial 1-800 Plug Holes").

Finally, spam has hit crisis proportions, so much so that it's become a security concern. Companies like Big Fish Communications are combating spam by taking a page out of the service provider and antivirus playbooks. By serving as the primary entry point for corporate mail, Big Fish's distributed network of mail systems uses a combination of heuristic, black-listing and pattern-matching technologies to create a robust filtering service. Roll in virus protection and redundancy, and Big Fish offers an attractive service.

Bottom line, there is no one-size-fits-all plan for prioritizing your security technology spending. However, understanding where your assets lie, what your weaknesses are and what various products can do for you will put you on the road to effectively deploying the right technology.

Greg shipley is the CTO for Chicago-based security consultancy Neohapsis. Write to him at gshipley@neohapsis.com.


start top  Event Correlation Technology Areas 





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo JitterPlug Into The Cloud
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet EvolutionPyramid Research
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights