Focus on Identity
Focus on Identity Enterprise IT architects in the year since Sept. 11 have also been hard pressed to cope with a flood of urgent items in more familiar domains, such as network operating systems, firewalls, virtual private networks, intrusion detection systems and anti-virus tools. The following trends are apparent.Network protection must, therefore, focus on identities and privileges of authorized users, using tools such as Zone Labs Inc.s Integrity. During our review this spring, we found the product (priced at $80 per user with volume discounts) effective in controlling client devices Internet access on an application-specific basis. The pervasive network can be its own worst enemy in the ease with which it propagates virus attacks. Enlisting the network in its own defense are products such as Network Associates Inc.s McAfee Security VirusScan ASaP, which uses peer-to-peer technology. Meanwhile, key IT vendors have been addressing concerns about out-of-the-box insecurity with a long-overdue shift toward more secure default configurations. In our tests last month of Microsoft Corp.s Windows .Net Server Release Candidate 1, for example, we found that the installer utility detected our failure to run the Internet Information Services Lockdown Wizard and automatically disabled IIS. Our pleasure was limited, though, by the discovery that restarting the server did not trigger any further notice of our exposuresnotably, the many default extensions retained from our previous Windows 2000 installation. On the plus side, installation of .Net Server on a bare machine gave us ample warning of bad practices, such as leaving an Administrator password blank. Poor administrative practices wouldnt be such an open invitation to attackers if systems didnt grant unrestricted superuser status. We remain strong advocates of the trusted-system architecture in products such as Argus Systems Group Inc.s PitBull, the only technology that has yet survived one of our international Openhack events unscathedthough a successful attack on the underlying operating system kernel, specifically on a version of Solaris 7 x86, did succeed in a challenge late last year. The message here is that every security technologyregardless of architectural meritsdemands continued vigilance. That vigilance is embodied in state-of-the-art intrusion detection in products such as OneSecure Inc.s Intrusion Detection and Protection appliance. Rather than merely relying on known attack signatures, the $16,495 OneSecure device (which we reviewed last month) uses various heuristics to detect previously uncharacterized attacks. By developing a model of normal traffic and using sophisticated analysis of attack patterns, the Intrusion Detection and Protection appliance can identify new threats while minimizing the time lost to false alarmsthe goal, were sure, of every IT administrator a year after Sept. 11. Technology Editor Peter Coffee can be reached at firstname.lastname@example.org. The reviews cited in this story can be accessed at www.eweek.com/links. Related Stories:
Special Report: Rebuilding for Tomorrow Still Much to Learn from Sept. 11 Locked Down, Planning for the Worst
Perimeter defense, as a viable strategy, is dead. Wireless and nomadic laptop devices, with external network connections, make it impossible to define even the physical location of the network edge. Web services make the logical location still harder to characterize.