Computer Systems Security in an Internet Age— Protecting Your Network, Part One

The most publicized threat facing computer systems security is the hacker.

Though the media has helped shape the public’s perception of a hacker, the exact definition for this type of perpetrator needs refining. Technically, a hacker is someone who attempts to gain unauthorized access to a network. A child—one of my friends’ children was suspended from school for breaking into the school’s computer system on a dare—or an adult professional can carry out this act.

A cracker is a person who attempts to gain unauthorized access to a network or computer system to access targeted information for some specific use. Crackers are far more dangerous, as they operate with the intent of inflicting damage or harm.

Crackers are often referred to as “Black Hats”—private hackers who attack businesses. “White Hats” are considered hacker good guys who use their talents for a fee to break into networks so companies can identify and address security breaches before crackers have the chance to exploit them. This process of deliberately hacking into a network to discover vulnerable areas before they can be exploited is often called “Penetration and Attack Testing” and is an important part of a complete security plan.

How Real Is the Hacker Threat to a Business Network?

According to the 2001 CSI/FBI Computer Crime and Security Survey, 64 percent of survey respondents reported unauthorized use of their computer systems over the last 12 months, up from 42 percent in the 1996 survey.

The financial damage incurred from these security breaches also grew year to year. The 2001 survey reported more than $377 billion in financial losses from security breaches last year, up from $100 billion in 1997. The breakdown of the financial impact showed the highest losses resulted from theft of proprietary information, financial fraud, insider abuse of network access and system penetration by outsiders.

The source of the attacks can be increasingly traced to the Internet, which during the period from 1996 to 2001 has jumped from 38 percent to 70 percent as the origin of reported breaches, while dial-in and internal attacks have declined in frequency. This jump correlates directly to the increasing reliance on the Internet for remote access as well as businesses’ increasing reliance on Internet connectivity.

The Mighty Firewall—A Network Security System’s Front Line of Defense

A firewall is the backbone of a network security system and the foundation for building an Internet security system. A firewall sits between the Internet and the network, monitoring the traffic that comes and goes. Firewalls typically use one of three technologies: packet filtering, stateful inspection (developed by Check Point Software) or proxy server (also called application-layer gateways).

Packet filtering is the simplest of the technologies and is built into most routers (though it is not always activated, nor is this always the best place to do so). The technology looks at the data for source and destination addresses and the TCP/IP Port that the traffic is sent through, and decides whether to pass, log, drop or take some other action with the traffic. Packet filtering is usually fast, but solely depending on it leaves the device vulnerable to most sophisticated hacker attacks, some of which are known as IP fragmentation, spoofing and buffer overrun attacks.

Stateful inspection improves security by reviewing packets in detail, without compromising performance. Proxy server is aptly named, functioning like a proxy. A proxy server acts for internal devices when they want to communicate outside the network, as well as examines traffic in detail, but this causes performance trade-off compared with packet filtering.

I strongly recommend that a high level of data inspection (ideally a proxy server or a stateful inspection firewall) be in place wherever computer systems are connected to the public Internet. It is important that the firewall be a dedicated device, and that it be “hardened” to eliminate security loopholes and minimize exposure.

*****

Vulnerable to Attack

Many businesses today are connected to the Internet without a firewall, or they rely on a router using basic packet filtering. And many small businesses choose to use the proxy server functions of a network server to connect their network to the Internet. This isn’t inherently bad, and it is a function that Novell’s and Microsoft’s small-business packages allow. Proxy servers provide a valuable function by hiding internal network addresses from the Internet, and, in some cases, they can speed performance for web browsing. However, running this function on a main server exposes data and assets to hackers, as they are on the border of a network and are vulnerable.

Computer systems security is a question of risk and exposure versus cost. While some security is better than none, businesses really should give a lot of consideration to the ramifications of a security breach. They should ask themselves whether their security systems are truly capable of handling a sophisticated attack.

The next column will continue to discuss the different aspects of computer systems security risks and will explore more options for protecting a network.