Networking Security: What You Should Know

It used to be that only networking integrators needed to know about networks. Storage VARs didn't need to know much about them and neither did point of sale, supply chain, or document management VARs. But that's all changed because of factors like the Internet and wireless technology.

"Data doesn't just flow from point A to point B anymore," says Bob Hansmann, enterprise product manager for Trend Micro (Cupertino, CA). "Because of the proliferation of data and the Internet, data exists in many places, and there are many paths it can follow. This creates a security risk."

Christopher Klaus, founder and CTO of Internet Security Systems (ISS) (Atlanta), agrees. He compares the Internet to the Wild West complete with bandits ready to strike around every bend. VARs can be like the town marshal. Shane O'Donnell, CTO for Oculan (Raleigh, NC), believes that VARs and integrators should protect their customers with three weapons: prevention, detection, and reaction.

An Ounce Of Prevention With Firewalls
O'Donnell says if you don't take preventive measures, you'll spend all of your time in reaction mode. The prevention aspect is addressed in having security plans and passwords. In addition, Dave Aylesworth, eSoft's (Broomfield, CO) product manager, says firewalls, VPNs (virtual private networks), and antivirus software are key to the prevention aspect of network security.

Aylesworth says firewalls are like a lock on your door and are the gateway to your customer's network. But according to O'Donnell, a firewall is really not an impervious wall; it's more of a filter. It decides what traffic it should let in. Hansmann takes this idea a step further. "In general, a firewall is access security. But when you poke holes in the firewall for applications like e-mail, you end up with a fire sieve."

Klaus sees firewalls as the moat around the castle. "Four years ago, they were adequate, when you only had a Web server for billboarding. Now the Web is used for transactions with partners and e-business. The firewall opens up so much it becomes less effective."

Firewalls are designed to keep unauthorized people from getting in. In the same light, Hansmann strongly advises VARs to introduce their customers to VPNs. Using VPNs, only identified users can access the network. The message is encrypted so hackers can't steal sensitive data like forecasts and customer lists. He cautions, though, that like anything else we're talking about here, VPNs have a certain amount of vulnerability.

Hackers have easily found ways to get through firewalls. Klaus says that firewalls only look to see where the data file is coming from, not what's inside the file. The Code Red worm bypassed firewalls, and multiple firewalls would not prevent attacks like this.

Klaus explains the difference between viruses and worms. "Viruses use a passive, Trojan horse approach and have been historically introduced through e-mail attachments. They require the user to click on something allowing the virus to spread through the e-mail address book. But, worms use the same techniques that hackers use. They are active and will break in no matter what the user is doing."

The logical complement to a firewall has to be antivirus software. The software can look inside e-mails and incoming transactions, much like a bomb-sniffing dog would, adds Klaus. He cautions that antivirus software must be constantly updated, though. "VARs should recommend antivirus software that will inoculate against both viruses and worms."

Aylesworth denotes two types of antivirus software, the type that resides on the desktop and the type that resides on the server. With desktop antivirus software, users can perform their own maintenance to get the latest updates. Of course, this assumes that users will take the time to do this. Desktop software can integrate with e-mail and Web servers. But for enterprises, server-based software is preferable. A server-based solution automatically updates itself daily and your customers can schedule them to retrieve updates even more frequently than that. Server-based antivirus software can prevent e-mail attachments from ever getting to the desktop level, thereby preventing users from unknowingly clicking on an infected attachment.

Detection - Software Reporting Tools
Antivirus software is a crucial component of prevention; however, it is also an important part of detection - and even reaction. O'Donnell said, "The detection aspect is like a home smoke alarm. The alarm doesn't prevent the fire from starting or even put it out, but it lets you know there's smoke and that you must react by getting out. If you're not home, there may be a connection to the fire department."

There are detection solutions on the market that VARs can recommend to their customers, such as log analysis and reporting tools. Aylesworth recommends reporting tools over log analysis. "A log may have thousands of entries, but a summary report will show the anomalies. Reporting tools tell the end user what the network is being used for."

Aylesworth says VARs should also familiarize themselves with the intrusion detection products that have been on the market for several years. There are two types of intrusion detection. One is signature based, and the other is anomaly based. Signature-based detection knows what certain types of attacks look like, but like antivirus software, the end user must obtain the latest signatures in order for it to be effective. Anomaly-based detection is better because it has the ability to learn. It can identify problems faster than signature-based detection, because it learns what normal traffic is like and can report on traffic it hasn't seen before. Anomaly-based tools can generate false positives though, and if system administrators become flooded with alerts, they may raise the thresholds and turn off the alerts.

Intrusion and viruses aside, your customers are probably aware that most corporate theft occurs from the inside. Attacks can come from disgruntled employees, but most corporate infections occur when employees are duped into opening an e-mail, visiting an infected Web site, or making changes to settings on their PCs that open the door to viruses. These types of attacks are hard to detect, so reaction is vital.

Reaction - Equip Your Customers With Education
In the long run, reaction will be the key to your customers' network security. Yes, they must try to prevent problems, and they must detect if there's a problem, but most importantly, your customers must be able to react, says O'Donnell. They must have trained IT people who can address attacks.

Klaus says it's essential to train the IT staff and give them the equipment they need to fend off attacks. Vendors offer security classes, including hacking prevention training. This way the IT person will be able to understand the ways attackers can break in, how they can defend against break-ins, but if not, how they can repair damage once it's done.

Aylesworth says the most important components to the reaction phase are notifying authorities if necessary, having a solid backup and restore plan, and obtaining software patches to prevent the particular situation from happening again. For instance, Windows 2000 was vulnerable to a recent virus, but only if end users had installed IIS (Internet information server). In this case IIS would have to be manually removed, but Microsoft developed a patch to automatically remove the problem.

Wireless Will Offer Future Networking Security Issues
Constant threats face your customers' network security, and this means opportunity for VARs. Klaus says VARs can provide services such as security assessment to inventory the customer's hardware and software, determine where the customer's exposure lies, and implement solutions to secure the customer's network.

VARs are also best equipped to alert their customers to new threats that exist on the horizon. Currently, these take the form of wireless and cyber plagues. Right now, wireless bandwidth is keeping the threats at bay. However, Hansmann sees wireless technology advancements in products like Palm Pilots' increasing functionality and popularity. And this combination is the formula for risk - as if there weren't already enough avenues for threats to enter your customers' networks.

Surprisingly, wireless use has the potential for explosion in underdeveloped countries. It is expensive to lay copper cable, so for example, in Brazil, the cell phone industry is booming, and many cell phones have Internet capability. And unfortunately, Hansmann says, in many countries such as Brazil, there is a high percentage of impoverished people. These are the people who have the most motivation to steal from "rich" Americans' bank accounts.

As Klaus says, it's like the Wild West out there. The Internet is still like the untamed frontier, and who is better able to protect end users? It has to be VARs and integrators. You must educate yourselves and then educate your customers. As Hansmann says, the evolution of wireless and the Internet makes the future uncertain for everyone. Business Solutions likes his final comment. He says, "VARs must start reading like they never read before."