Feeling Insecure - Page 8

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Verifying Identities

While security consultants are fielding calls from new customers, they are also getting more inquiries from existing customers about additional security. Most of those involve authentication, the practice of ensuring that individuals who log onto the network are who they say they are.

"One thing we do see now is the request for more biometrics, and customers asking how an organization implements biometrics," said Marlina Yee-Hales, a product manager of Novell. "Companies have been talking to our consulting business asking how we can help them."

Biometrics is only one portion of a "two-factor" authentication system in which employees use proofs other than a password to gain access to the corporate network. The other factor could be a smart card or a token - a tiny device with a digital number that gets punched in along with the password - used with biometrics.

Software from security provider Safewww places a digital signature on the computer so if someone steals or guesses a password, they also must be sitting at that users machine.

While a number of new technologies can help shelter companies from cyberattacks, many security experts feel recent events simply placed more attention on what businesses should have been doing all along: getting serious about security.

"Its not so much about the latest and greatest technology, its more of a focus on the fundamentals of security," said Ed Skoudis, vice president of security strategy of Predictive Systems, a security consulting business in New York. Skoudis is also the author of Counter Hack: A Step-by-Step Guide to Computer Attacks and Defenses.

Skoudis said most of the inquiries hes getting from I-managers now are about shoring up security policy. Most also want to tighten disaster recovery plans so an event doesnt wipe out security perimeters.

Setting up intrusion detection and response practices, establishing mandatory security settings for all servers and software that reside on their networks, and going through those networks to make sure those settings are in place are also getting top priority.

Said Skoudis: "The fact people are returning to the basics to make their systems more secure - thats a good thing."

Robert Bryce, Nancy Gohring, Brian Ploskina, Bill Scanlon, Max Smetannikov and Todd Spangler contributed to this report.