Advertisment

Is Your Network Secured?

author-image
CIOL Bureau
Updated On
New Update

Gyan Ranjan Swain

Advertisment

Networks are expanding and they are running a plethora of applications that in turn drive many of the businesses of enterprises. This growth and expansion of enterprise networks, and increasing reliance of businesses on them, have given rise to new challenges of securing these networks. As the security environment worsens due to a complex set of threats and vulnerabilities, network security must be dealt with at different levels and in a much more comprehensive manner than it is being done today.

As the complexity and number of threats increases, the menace cannot be fought just with complex solutions that most enterprises don't understand. Network security can be best ensured by following a process, assessing and determining risks, designing a security policy, building a security architecture based on it and then looking for tools that are aligned with it. An enterprise must constantly change and monitor the security policy and system in accordance with the changes in the external environment and the business model it follows.

Key Threats

There is nothing called minor or major threats for enterprises. Seemingly minor threats turn out to be major ones only after attacks happen. There is no way that enterprises can afford to ignore any of them. For enterprises, security threats pour in from all directions: physical threats, environmental threats, unauthorized access, malicious misuse, unintentional errors and omissions, intentional (by planting a Trojan inside the infrastructure to obtain information) identity theft, virus, data leakage, online banking fraud phishing, farming and identity theft). Though the security threats remain almost the same year by year, they simply assume new avatars every time they appear.

Advertisment

But the biggest threats, the enterprises should consider are:

Complacency: The first step towards safeguarding information from harm is recognizing that threats do exist and deciding that information warrants security measures

Poor execution: Half-hearted security measures are worse than none at all. An inadequate security system not only fails to keep out threats, but also offers a false sense of security to the organization

The naive employee: Human nature can be the weakest link in any security regime. Many users find security procedures a nuisance and skip them to get the job done. To combat this, nothing beats continued education and empowerment of users.

Due to these threats, the enterprises would be facing data loss, loss of service, negative publicity and loss of reputation.

New Challenges

The next big wave of network deployments is likely to come from VoIP networks. Currently these networks are relatively safe, as their numbers are small, but as they grow in popularity the hackers are also likely to be attracted to them. Thus, the current trend of dealing with VoIP like just another application will need to be refined and upgraded.

Advertisment

While firewalls of today are doing a good job of protecting the networks, firewalls for VoIP will need application level gateways for protocols like SIP or H.323. These special requirements crop up due to issues like protocols using more than one port in a session, or the extremely small size of VoIP packets. A VoIP packet is one of the smallest packets in IP and presents some very unique challenges to the network security equipment.

A Tough Job

A CIO has a tough task. He has to ensure the security of the network, but also work within a specified budget. He is under pressure to optimize the return on investment on one hand, while having to serve the latest upgrades on the other. He has to plan his security policy and architecture keeping long-term goals in mind and also deal with multiple vendors in a fast-changing technology environment.

Enterprises do not receive threats from only one source. Sample this: About 26 to 32% of the causes of data-loss are due to human error such as accidental deletion and lost passwords. About 44 to 56% of the causes of data loss are due to hardware problems; 2 to 3% of the causes of data loss are due to natural disasters including power surges.

Advertisment

Enterprises thus face threats from their employees, network and applications, and natural disasters. Hence, CIOs face the challenge to decide where exactly they should start implementing security. They have to consider all the three factors while implementing any kind of security policy.

The advice to the CIO is to adopt the best practices in the industry. However, he should also keep in mind his requirements. Adopting the best of breed might not always be successful. Security solutions should be custom-built and be very specific to each business' needs and infrastructure. The key challenge for any CIO is to make the overall security strategy. And while doing this he has to assess his current requirement looking at future growth and also identify critical areas to be addressed. Preparing a road map after taking into account escalations and scalability, is a good way to start.

Security Trends

'The Bad guys are making money'-is the trend. This is a really dangerous trend that has been going on now for three years and since they are making money, there is the incentive for them to continue. They also have more resources to come up with even nastier threats. There has been a gradual attitude change of customers who are going in for multiple products for specialized purposes. Organizations are going in for Unified Threat Management technologies, by which a single device performs the role of a firewall, anti-virus and IDS equipment. CIOs are increasingly going in for Information Security Management Systems which give them a 360 degree look at information systems and data, and include measures to mitigate all forms of threats.

Many organizations are focusing on network security but the trend is going to change as organizations have started giving priority to secure their database. According to Noel Yuhanna, Senior Analyst, Forrester, "Database security will continue to gain importance across the industry, especially for those storing private data, primarily driven by increased intrusions and growing regulatory requirements." Add to this, increasing compliance requirements, which increase the importance of implementing effective security standards.

 Source: Dataquest