Enhancing Network Security

Network security consumes a great deal of my thinking and planning. A cursory read of the headlines confirms why this should be the case for many of us. Just in recent months, Target, Neiman Marcus and the University of Maryland have all suffered damaging cyberattacks. While those engaging in Monday-morning quarterbacking might be inclined to suggest otherwise, these organizations are by no means slackers. Securing our respective organizations is a matter of knowledge and skill, significant resource availability, institutional consensus regarding acceptable risk, and, all too often — simple dumb luck.

That said, taking as much luck as possible out of the equation by being highly prepared is infinitely preferable. Today, the cyberwar escalates for all of us. In response, this requires that we take our cybersecurity capabilities to the next level.

Effective network security is a specialized endeavor. Anyone who feels otherwise is foolish or dangerously uninformed. Critical to note is that network security is a relative, and not an absolute, state. The greater the security pursued, the more expensive it becomes, rather quickly. For this reason, there must be a point of reasonableness concerning how much risk any organization is willing to accept, because resources are not limitless.

The approach traditionally practiced has been to keep threats outside the network from ever getting inside. This is done in a number of ways, including firewalls. These are largely outward-looking devices designed to identify external threats and keep them from penetrating our networks and subsequently attacking users and critical assets. Other measures operating external and internal to the network help support this approach, including malware protection that counters viruses, worms and similar threats. To be clear, this approach is almost fully dependent upon the additive ability of the measures deployed to keep cyberthreats out, or at least controlled. What happens when this fails and an active agent manages to breach our defensive perimeters or is intentionally introduced?

Intrusion Detection Systems

A higher level of defense involves intrusion detection systems (IDSs). These are installed on the inside of networks to listen to internal network traffic, identify possible threats and issue warnings and alerts. IDSs have been around for a while, and are considered security enhancements. But IDSs are not cheap with regard to acquisition and deployment. They are frequently deployed in business environments, as well as others where the return-on-investment (ROI) can be justified.

While considered good additions, there are shortcomings with IDSs. By their nature, they are passive devices that listen, detect and issue alerts; they do nothing to counter an attack. In addition, IDSs are only as good as the intelligence built into them concerning how to detect possible threats, particularly when those threats are constantly changing and evolving. Finally, IDSs by their nature report historically, on events that have already occurred. It is conceivable that the speed of an attack could be so great that even if it were detected, it might be over before action could be taken.

Intrusion Protection Systems

A far better approach involves intrusion protection systems (IPSs). IPSs are considered an evolutionary advance beyond IDSs because they are active devices that are designed to not only detect threats, but to automatically take action to counter them. The best IPSs have highly sophisticated algorithms for identifying possible threats. To be most effective, these systems listen to network traffic to detect messages that are unusual and potentially malicious, as revealed by known signatures or heuristic patterns. When detected, IPSs can take many actions. These can include quarantining traffic, blocking originating addresses and cessation of connections to high-value assets within the network. Clearly, a system capable of actually detecting and neutralizing a threat is a much better investment than one that simply issues warnings.

Numerous companies provide IDS and IPS solutions. These include Cisco, Juniper, CheckPoint, Palo Alto, Gigamon, IBM, Sourcefire and TippingPoint, among others. Even if your organization determines to pursue an escalated security posture, selecting the product that best fits needs, goals and budget is a substantive undertaking. And implementation is only the first step. Having a well-trained staff capable of performing at a heightened level and interacting with specialized systems is a fundamental component of a full solution.

We live in an age with growing threats to our digital security. How much to spend on achieving a desired level of security is a question we must all face. The threat level is only increasing, and no one should feel that “it can’t happen to me.” There is no magic bullet that buys such security; only a comprehensive response can be effective. Perhaps most sobering is that fact that no one really knows how much network security they need... until the day after they needed it.

This article originally appeared in the issue of .

About the Author

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or [email protected].

Featured

  • University of West Florida Opens New Laboratory Facility

    The University of West Florida recently announced that renovation work is complete on a new lab building for its campus in Pensacola, Fla., according to university news. Building 80 will serve as the home to the university’s civil engineering program and the Tyler Chase Norwood Construction Management Program.

  • DLR Group Hires Higher Education Business Development Leader

    Integrated design firm DLR Group recently announced that Senior Associate Megan Todd will serve as its new Higher Education Business Development Leader, according to a news release. Her responsibilities will include building the firm’s reach and client relationships in the California higher education sector, based out of San Diego.

  • Colorado State University Global, SCTE Launch Online Certificate Program

    Colorado State University Global (CSU Global), based in Denver, Colo., recently announced a partnership with CableLabs subsidiary the Society of Cable Telecommunications Engineers (SCTE) to launch an online certificate training program for broadband professionals, according to a news release.

  • Construction Begins on East Austin CTE-Focused High School

    The Del Valle Independent School District recently announced that construction has begun on a new CTE-focused high school in Austin, Texas, according to a news release. Del Valle High School will measure in at 473,338 square feet and have the capacity for 2,400 students.

Digital Edition