Networks carry the lifeblood of the enterpriseââ,¬"and in so doing, offer increasingly porous defences against attack.
It's not hard to find analogies between slack computer security and HIV; both can be spread as a mixture of complacency and frustration push it out of mind as being too pervasive, there's no complete fix, and it won't happen to me.
Not true. Yes, those who would do your business harm are finding ever more sophisticated ways to attack it, but so are the technological means of fending off their malice. Unprotected ICT is at the core of the problem: most attacks happen from within the organisation because management ignores the need for properly developed and enforced security policies and procedures.
Clever minds have risen to meet this challenge at the perimeter, but it's more often than not it's at the core that the rot sets in. As companies continue to downsize with growing enthusiasm, the ranks of disaffected former employees left in its wake (and some still on the payroll) continue to use still active passwords and login codes to wreak vengeance long after severance.
Companies seem to have little difficulty using HR technology to shut down a departing employee's benefits. Why is it then that the termination process leaves passwords still active and e-mail accounts open?
It sounds silly, but it happens all the time. Jeff Drake, director of security strategy at IBM Tivoli was reported recently as saying that typically, 40 percent of valid users in an enterprise no longer worked there.
There are effective identity management tools available to keep track of accounts and passwords: IBM Tivoli has one, while vendors such as Netegrity, Sun, Novell, and Oblix have others which manage account access, and link it to HR and payroll providing an audit trail of who has access to what, and when it ends.
There is a tendency also to allow contractors access to far more sensitive areas of their client's knowledge base than is strictly required for the task at hand.
The same of course applies to employees; not everyone needs to go everywhere and it's essential to have the means to know when workers attempt to gain access to prohibited areas on the network after hours or remotely.
And the consequences of such actions must be precise, well known and strictly enforced. This must be part of the overall security plan, properly formulated and tested by a trusted third party as effective and comprehensive.
While passwords still remain the keys of the kingdom and demand to be regularly changed and strengthened, they are not the ultimate security tools. These days, employees can download a variety of tools from the Web like Nmap which can be used to hack into credit card data by scanning a network to find default accounts.
This is where intrusion detection software (IDS) comes in. These tools watch out for dodgy activity and use pattern recognition and other capabilities to winnow out suspect activity. When it finds it, administrators are alerted or it might automatically close access to that part of the network being penetrated.
But like spam filters, some IDS systems often ring false alarms, denying legitimate network access and getting users' and administrators' backs up while system channels are re-opened and workflow restored.
This has spawned another technologyââ,¬"security event managementââ,¬"which takes data from all over the network, compiling a picture in real time or as a periodic log to show when established routines are affected by atypical events.
Dial-ins from remote sites at unusual hours, unauthorised access attempts whether password-controlled or otherwiseââ,¬"all manner of out of the ordinary events however minor which create a picture to raise IDS' hackles.
These systems are only as good as effective, basic security planning allows them to be; it all starts with people making sure that the centre of the enterprise is as solid as its periphery. The enemy is not at the gatesââ,¬"80 percent of the time they're already inside.
Richard Hogg is National president of the Australian Computer Society (ACS). The ACS is the recognised association for Information Technology (IT) professionals, attracting a membership (over 16,000) from all levels of the IT industry and providing a wide range of services. A member of the Australian Council of Professions, the ACS is the guardian of professional ethics and standards in the IT industry, with a commitment to the wider community to ensure the beneficial use of IT.
Visit this page for other ACS articles published by ZDNet Australia.
