The axiom that complex systems break in complex ways is maddeningly true, and such complexity requires a very granular approach to security testing. For example, during a recent forum with members of eWEEKs Corporate Partner Advisory Board, Gary Gunnerson, IT architect at Gannett Co. Inc. and a Corporate Partner, said, "We go so far as to look at the handshakes inside applications to see what those look like."With nearly every new laptop equipped with integrated wireless capabilities, IT managers must make wireless detection a mandatory part of the security tests they perform on the overall network. We recommend that IT managers consider a protocol analyzer such as Network Instruments LLCs Observer 10 or WildPackets Inc.s EtherPeek NX, both of which have wireless detection modules. In addition to providing an accurate network diagram, a protocol analyzer is one of the most useful tools available for security testing. Nearly all protocol analyzers on the market today offer well-honed expert decodes of the packets "sniffed" from the network. And a protocol analyzer is practically the only reliable way to document the application handshakes that Gunnerson referred to. Protocol analyzers and other tools that monitor network trafficincluding a clever little utility we recently discovered from Paessler GmbH called PRTG Traffic Grapher enhance security testing by letting IT managers see what normal and, thus, abnormal application and system behaviors look like. Ed Benincasa, vice president of MIS at FN Manufacturing Inc. and an eWEEK Corporate Partner, said he takes great pains to ensure that products under test will fit into his existing network architecture. Speaking of wireless networking, Benincasa said, "If an unauthorized station comes ineither a workstation or an access pointwe have intrusion protection." In addition, he said, "All wireless goes through a separate firewall with restricted access." Click here to read more about wireless intrusion detection systems. We use and have tested commercial vulnerability scanning systems including Qualys Inc.s QualysGuard and Foundstone Inc.s FoundScan product. (Foundstone is now in the process of being acquired by McAfee Inc.) In fact, we use these products daily to scan our test networks for vulnerabilities. We recommend that IT managers invest in some kind of automated vulnerability scanning process to detect the holes that can be exposed in even the most well-managed and well-monitored network. Click here to read reviews of three vulnerability assessment tools. eWEEK Labs test network is in a constant state of flux, so we see new vulnerabilities almost daily. To lower costs, IT managers with stable networks may be tempted to forgo automated vulnerability scanning because a stable, well-maintained network usually slows in the rate at which it will present problems. But we warn administrators not to become complacent. Vigilant network scanning is one of the best ways to find weaknesses in large networks. In any case, vulnerability assessment tools should also be incorporated into a security testing workflow to ensure that discovered holes get patched. Keeping systems up to date is just one of the challenges IT managers will face in the coming year. Click here to read more. Finally, we document our work in the reviews and analysis you read in print and online at eWEEK.com. Likewise, IT managers should make documenting security test results a priority. In addition to providing proof that IT is doing real work, documenting security testing and security features is a core best practice. "Security by obscurity" doesnt protect IT assets from outside hackers, and it certainly doesnt help other IT staffers manage the network. And depending on oral tradition to pass security knowledge from one IT staff member to another will likely (and rightly) go the way of the dodo in the not-too-distant future. Technical Director Cameron Sturdevant can be reached at firstname.lastname@example.org. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Many vendors offer tools for finding vulnerabilities in the ways that distributed systems communicate. TippingPoint Technologies Inc.s UnityOne-200 and Symantec Corp.s SNS 7160 are two strong contenders in this testing area.