Computer Network Security - How much is enough?
By Bill Capraro, Jr.
Published October 3, 2005
Network security and risk to computer systems have become daily topics you see on the TV news and read as headlines in newspapers. This of course was heightened by Sept. 11, 2001. Since then, many companies have come to realize that the way business is conducted will never be the same.
Consider the attacks that took place a few months ago, in which computer vandals took over computers on relatively unprotected university networks and used them to shut down Yahoo. These computer criminals are becoming very sophisticated and bolder in their approach to gaining unauthorized access.
The next time you are surfing the web, type in the word "security" or "risks." A basic search in Google on these words found more than 792,757 results in .16 seconds. Business as we know it today relies on computers and the Internet, whether it is for e-commerce, automated billing or just building a customer database.
Threats to computers and Internet users are growing by the day, according to a new report compiled by experts at the SANS Institute, and Internet security research and education organization in Bethesda, Md.
SANS researcgers, along with other experts from various technology and government security groups, note that more than 422 new computer vulnerabilities were discovered during the second quarter of 2005--a nearly 11 percent increase from the first three months of the year. And compared to the numbers of just a year ago, the number of new threats has grown nearly 20 percent.
"You can view this through optimistic glasses and say a 10 percent uptick is modest...water under the bridge," says Ed Skoudis, an instructor as SANS. "But the number of vulnerabilities keeps going up. We're spending all this money and attention on security and we're still finding all these problems. It's disheartening news."
How can you protect your company's vital assets from a security breach from an online criminal, unauthorized user or a destructive virus?
Many companies think simply updating their firewall protection and buying the latest version of a virus scan program will protect their computer. However, most IT professionals would disagree. Regardless of how vigilant they are in patching of fixing holes in their operating systems, most IT managers know that hackers and online criminals are stepping up their knowledge and becoming more adept at their skills.
Computer criminals are experts at exploiting loopholes or weak spots in a network. While many virus software programs promise complete protection, it is becoming increasingly apparent that business owners can be lulled into a false sense of security. The question is not if your organization's operating system will be attacked but simply when. The additional threat of Internet identity theft only compounds the problem.
There are some basic steps you can take to reduce risks for your computer system:
Do not accept an e-mail or download any information from unknown addresses or names.
Virus developers are disguising corrupted files that will destroy data in any form they can. Their scams are many and include pretending to scan your computer to check for suspect files.
Think like a hacker and seek out any cracks, weaknesses or unprotected areas where an authorized user could gain access to your system.
Networks are especially vulnerable when organizations are making changes to their networks or launching new systems. It is worth the effort and relatively inexpensive to obtain and unbiased, independent remote vulnerability assessment to highlight any weakness within your system.
Search out the right solution.
Look for tools that probe all Internet facing hardware and software. Find a complete suite of protection and not just an off the shelf virus scanning software package that is only as good as the last updates you retrieve.
Microsoft recently acknowledged that hackers booby-trapped its popular MSN web site in South Korea to steal passwords from visitors. While this type of atack was not a financial threat, it was the lates embarrassment for the world's largest software company, which has spent hundreds of millions of dollars to improve system security.
The key to addressing network security is to understand this is not a 'set it in place and forget it' solution-update. Update, update! Stay informed on the latest spam and viruses, constantly monitoring systems and taking action by filtering any unwanted data. It is better to spend the time and energy before a problem arises then to tie up your IT resources after your network is corrupted.
Whatever route you choose when protecting your organization's computer system, keep in mind insignificant security issues today can end up costing your company more than money in the future.