Contact Mobile It Solutions
Contact Mobile IT Solutions

Archive for January, 2010

Network Security

Sunday, January 3rd, 2010

Network Security

A lot of noise has been made in the media these days about network security… or the lack there of. Several experts predict costs related to data theft and recovery reaching into the billions of dollars by the end of 2009. Security professionals even go so far as to describe the virus/ antivirus race as a big game of whack a mole that the antivirus companies are destined to lose. So with so many people who are suppose to know saying that the situation is hopeless, where does that leave today’s business? Should we all just unplug our default gateway and take my OSI model and go home? Even though an unplugged network is the only absolutely secure network, you can’t just stop driving a car because of the risk of having a wreck. There is a better way. If a business wants to swim in today’s shark infested digital oceans, then they need to have three very important aspects of network security.

The first and most popular component of any secure network is a good gateway firewall. Let me say that a router is not a firewall. And a software firewall is not a gateway firewall . A router has NAT, a network routing feature, which has a side effect that many mistakingly call a secure firewall. The difference between a true firewall appliance and a router is like the difference between having locks on your doors and having a security guard sitting outside your door. Sure the door offers a level of protection, but the security guard is getting paid to watch everything that goes in and out of the door and terminate any threats. A software firewall is more for individual machines than for a network solution. If you have a single machine on an unsecure network with untrusted users, then you want a software firewall. But if you install a robust software firewall on a trusted network behind a firewall appliance you may have just caused yourself more local networking problems than you solved. There is just no substitution for a good firewall device with stateful packet inspection.

The second aspect is a good antivirus/antispyware system. There are so many ways to infiltrate a network these days that backing up your firewall appliance with a reputable antivirus/antispyware system is equally as important as the firewall itself. The biggest vulnerability of a firewall is that, for the most part, it considers traffic coming from the inside of the network as friendly traffic. If a request is made from the inside the firewall tends to let it pass. This can be a huge problem if a user receives an email that contains a virus which initiates a connection to an outside attacker opening the proverbial backdoor into your network that the security guard that we paid so much money for is not watching. That’s why you need an antivirus network system. You need one that not only is a good catch all for viruses, but also helps ease administration by centralizing the management. Being able to look in one place and know which users have viruses, had viruses, are up to date on definitions or are out of date is essential. An antivirus program is not worth the binary it’s written on if the virus definition database is out of date. To be sure, an antivirus system to keep that back door locked is a must.

Lastly, and probably one of the most under looked and underrated principle of network security is a good content filter. The modern cracker’s methods have become so cleaver it is really impressive. They have identified the universal golden ticket into any network no matter how tight. A weakness that many well trained, smart experts often overlook. This vulnerability will never go away no matter what an engineer installs or configures. That weakness is the end users themselves. Pop-ups, fake email solicitations, infected web hosts, compromised executables and the list goes on. Both the firewall and the antivirus have a single design weakness in common. They assume, wrong or right, that when a person initiates a function they know what they are doing. Fundamentally they have to make that assumption or no user would get anything accomplished. So an end user inadvertently initiates the install of a Trojan, the antivirus lets it install run and the firewall lets it connect to a server outside of the network and the rest is history. Sure the antivirus may turn around and see what is going on and slam that door shut, but often times its too little too late. So in rides the content filter on its white horse. And the content filter simple disagrees with the assumption that the firewall and the antivirus program make. The content filter boldly proclaims that it does not believe that the end user knows what they are doing. So much so, that he will block them from going to places or opening solicitations that they shouldn’t and in one skillful move eliminates the main weakness of the firewall/antivirus one two punch.

In days past a good firewall was enough. Then, the firewall/antivirus combination was the popular formula. Today, you cannot expect to successfully conduct business interacting across the internet without the triumvirate of a firewall appliance, a good antivirus system and a solid content filter. Once proper precautions are taken, then it becomes less like swimming in shark infested waters with little or no protection and more like traveling safely in a submarine.