Complex systems

By Cameron Sturdevant  |  Posted 2004-10-11 Print this article Print

The axiom that complex systems break in complex ways is maddeningly true, and such complexity requires a very granular approach to security testing.

For example, during a recent forum with members of eWEEKs Corporate Partner Advisory Board, Gary Gunnerson, IT architect at Gannett Co. Inc. and a Corporate Partner, said, "We go so far as to look at the handshakes inside applications to see what those look like."

Many vendors offer tools for finding vulnerabilities in the ways that distributed systems communicate. TippingPoint Technologies Inc.s UnityOne-200 and Symantec Corp.s SNS 7160 are two strong contenders in this testing area.

With nearly every new laptop equipped with integrated wireless capabilities, IT managers must make wireless detection a mandatory part of the security tests they perform on the overall network.

We recommend that IT managers consider a protocol analyzer such as Network Instruments LLCs Observer 10 or WildPackets Inc.s EtherPeek NX, both of which have wireless detection modules.

In addition to providing an accurate network diagram, a protocol analyzer is one of the most useful tools available for security testing. Nearly all protocol analyzers on the market today offer well-honed expert decodes of the packets "sniffed" from the network. And a protocol analyzer is practically the only reliable way to document the application handshakes that Gunnerson referred to.

Protocol analyzers and other tools that monitor network traffic—including a clever little utility we recently discovered from Paessler GmbH called PRTG Traffic Grapher —enhance security testing by letting IT managers see what normal and, thus, abnormal application and system behaviors look like.

Ed Benincasa, vice president of MIS at FN Manufacturing Inc. and an eWEEK Corporate Partner, said he takes great pains to ensure that products under test will fit into his existing network architecture.

Speaking of wireless networking, Benincasa said, "If an unauthorized station comes in—either a workstation or an access point—we have intrusion protection." In addition, he said, "All wireless goes through a separate firewall with restricted access."

Click here to read more about wireless intrusion detection systems. We use and have tested commercial vulnerability scanning systems including Qualys Inc.s QualysGuard and Foundstone Inc.s FoundScan product. (Foundstone is now in the process of being acquired by McAfee Inc.) In fact, we use these products daily to scan our test networks for vulnerabilities. We recommend that IT managers invest in some kind of automated vulnerability scanning process to detect the holes that can be exposed in even the most well-managed and well-monitored network.

Click here to read reviews of three vulnerability assessment tools. eWEEK Labs test network is in a constant state of flux, so we see new vulnerabilities almost daily. To lower costs, IT managers with stable networks may be tempted to forgo automated vulnerability scanning because a stable, well-maintained network usually slows in the rate at which it will present problems. But we warn administrators not to become complacent. Vigilant network scanning is one of the best ways to find weaknesses in large networks.

In any case, vulnerability assessment tools should also be incorporated into a security testing workflow to ensure that discovered holes get patched.

Keeping systems up to date is just one of the challenges IT managers will face in the coming year. Click here to read more. Finally, we document our work in the reviews and analysis you read in print and online at Likewise, IT managers should make documenting security test results a priority. In addition to providing proof that IT is doing real work, documenting security testing and security features is a core best practice.

"Security by obscurity" doesnt protect IT assets from outside hackers, and it certainly doesnt help other IT staffers manage the network. And depending on oral tradition to pass security knowledge from one IT staff member to another will likely (and rightly) go the way of the dodo in the not-too-distant future.

Technical Director Cameron Sturdevant can be reached at

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Be sure to add our Security news feed to your RSS newsreader or My Yahoo page

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel