Enhancing Network Security

Network security consumes a great deal of my thinking and planning. A cursory read of the headlines confirms why this should be the case for many of us. Just in recent months, Target, Neiman Marcus and the University of Maryland have all suffered damaging cyberattacks. While those engaging in Monday-morning quarterbacking might be inclined to suggest otherwise, these organizations are by no means slackers. Securing our respective organizations is a matter of knowledge and skill, significant resource availability, institutional consensus regarding acceptable risk, and, all too often — simple dumb luck.

That said, taking as much luck as possible out of the equation by being highly prepared is infinitely preferable. Today, the cyberwar escalates for all of us. In response, this requires that we take our cybersecurity capabilities to the next level.

Effective network security is a specialized endeavor. Anyone who feels otherwise is foolish or dangerously uninformed. Critical to note is that network security is a relative, and not an absolute, state. The greater the security pursued, the more expensive it becomes, rather quickly. For this reason, there must be a point of reasonableness concerning how much risk any organization is willing to accept, because resources are not limitless.

The approach traditionally practiced has been to keep threats outside the network from ever getting inside. This is done in a number of ways, including firewalls. These are largely outward-looking devices designed to identify external threats and keep them from penetrating our networks and subsequently attacking users and critical assets. Other measures operating external and internal to the network help support this approach, including malware protection that counters viruses, worms and similar threats. To be clear, this approach is almost fully dependent upon the additive ability of the measures deployed to keep cyberthreats out, or at least controlled. What happens when this fails and an active agent manages to breach our defensive perimeters or is intentionally introduced?

Intrusion Detection Systems

A higher level of defense involves intrusion detection systems (IDSs). These are installed on the inside of networks to listen to internal network traffic, identify possible threats and issue warnings and alerts. IDSs have been around for a while, and are considered security enhancements. But IDSs are not cheap with regard to acquisition and deployment. They are frequently deployed in business environments, as well as others where the return-on-investment (ROI) can be justified.

While considered good additions, there are shortcomings with IDSs. By their nature, they are passive devices that listen, detect and issue alerts; they do nothing to counter an attack. In addition, IDSs are only as good as the intelligence built into them concerning how to detect possible threats, particularly when those threats are constantly changing and evolving. Finally, IDSs by their nature report historically, on events that have already occurred. It is conceivable that the speed of an attack could be so great that even if it were detected, it might be over before action could be taken.

Intrusion Protection Systems

A far better approach involves intrusion protection systems (IPSs). IPSs are considered an evolutionary advance beyond IDSs because they are active devices that are designed to not only detect threats, but to automatically take action to counter them. The best IPSs have highly sophisticated algorithms for identifying possible threats. To be most effective, these systems listen to network traffic to detect messages that are unusual and potentially malicious, as revealed by known signatures or heuristic patterns. When detected, IPSs can take many actions. These can include quarantining traffic, blocking originating addresses and cessation of connections to high-value assets within the network. Clearly, a system capable of actually detecting and neutralizing a threat is a much better investment than one that simply issues warnings.

Numerous companies provide IDS and IPS solutions. These include Cisco, Juniper, CheckPoint, Palo Alto, Gigamon, IBM, Sourcefire and TippingPoint, among others. Even if your organization determines to pursue an escalated security posture, selecting the product that best fits needs, goals and budget is a substantive undertaking. And implementation is only the first step. Having a well-trained staff capable of performing at a heightened level and interacting with specialized systems is a fundamental component of a full solution.

We live in an age with growing threats to our digital security. How much to spend on achieving a desired level of security is a question we must all face. The threat level is only increasing, and no one should feel that “it can’t happen to me.” There is no magic bullet that buys such security; only a comprehensive response can be effective. Perhaps most sobering is that fact that no one really knows how much network security they need... until the day after they needed it.

This article originally appeared in the issue of .

About the Author

David W. Dodd is vice president of Information Technology and CIO at the Stevens Institute of Technology in Hoboken, NJ. He can be reached at 201/216-5491 or [email protected].

Featured

  • Enjoy Tax and Energy Savings with the Right Ceiling Solutions

    Thanks to recent innovations pairing mineral fiber ceiling panels with phase change material technology (PCM), architects, designers, facility managers, and other key players in construction and renovation projects are re-thinking the role ceilings play in supporting environmental objectives—especially energy savings.

  • Tennant Company Launches Autonomous Floor Scrubber

    Cleaning equipment and solutions provider Tennant Company recently launched the new X6 ROVR, a mid-sized robotic scrubber designed for large commercial and light-industrial environments, according to a news release. The autonomous machine can clean up to 75,000 square feet peer cycle with minimal needs for manual assistance.

  • Florida Elementary School to Undergo $47M Reconstruction

    The School District of Osceola County in Kissimmee, Fla., recently announced a partnership with construction firm Skanska to reconstruct Reedy Creek Elementary School, according to a news release. The $47-million project will involve the new construction of a 96,000-square-foot academic center, renovating the remaining facilities, a full-site redevelopment, and demolishing portions of the existing school.

  • Springfield Breaks Ground on $53.7M Pipkin Middle School Rebuild

    Construction is underway on a new, state-of-the-art Pipkin Middle School in Springfield, Mo., a major step in Springfield Public Schools’ (SPS) long-term facility improvement plan, according to local news. The $53.7-million project officially broke ground in early June, following years of planning and community input aimed at modernizing aging infrastructure and addressing student capacity concerns.

Digital Edition