This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------E81DD09E256816C42A756CBF Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-ID: <Pine.SUN.3.96.981219221919.15318Xat_private> Forwarded From: Will Spencer <wspencerat_private> 1999: The Year Of Computer Security -- Maybe Newsbytes; 12/15/98 WASHINGTON, D.C., U.S.A., 1998 DEC 15 (Newsbytes) -- By William Jackson, Government Computer News. What was hot in 1998? Security products. What will be hot in 1999? Security policies. Spending on network security worldwide this year will likely jump 53 percent from last year to $1.85 billion, according to DataQuest Inc. of San Jose, Calif. It is expected to grow to $2.98 billion next year and reach $5.18 billion by 2000. Unfortunately, many managers have not progressed beyond the product-buying stage. In a survey this year of 1,600 information technology professionals by PricewaterhouseCoopers LLP, 73 percent reported security breaches during the past year, but fewer than one in five had a comprehensive security policy. "Senior management has not said, `Let's face up,' " said Alan Paller, director of research for the Sans Institute Inc. in Bethesda, Md. "They say, `Let's buy tools.' " No single product or technology will ensure security, said Peter H. Goldman, federal sales manager for Secure Computing Corp. of Roseville, Minn. Products require policies to be effective, he said. But indications are that the products-rather-than-policy attitude is shifting. Secure Computing's professional services division has more work than it can handle, Goldman said. Growth in security services is limited only by the availability of qualified professionals, he said. The need for new and improved security products is here to stay. New forms of attack drive the development of new products, said Ray Suarez, product marketing manager for Axent Technologies Inc. of Rockville, Md., maker of the Raptor Firewall. For instance, "in the last few years, there has been a real push for audio and video support," Suarez said. And the newest release of Raptor guards against recently publicized vulnerabilities in Microsoft Outlook 98 and Outlook Express 4.x e-mail. The increasing use of virtual private networks that allow remote network connections over the Internet and replace modem banks also is increasing the demand for perimeter defenses such as firewalls, Suarez said. "We are confident that our products are secure," he said. "But unfortunately, technology can't solve all your problems." Properly configuring hardware and software, and implementing and enforcing security policies are essential to making even the best products work, Suarez said. But many federal agencies have been unwilling or unable to undertake the labor-intensive and sometimes costly step of setting up and enforcing security policies, Suarez said. "They're not going to do anything until the risk becomes great enough, " he said. For some, the risk increased with Solar Sunrise, the Defense Department's code name for February's well- publicized intrusion of the Pentagon's computer systems by a trio of teenage hackers. In testimony before the Senate Governmental Affairs Committee in June, Lt. Gen. Kenneth Minihan, director of the National Security Agency, called Solar Sunrise a classic example of an unstructured hack. "The attackers used tools and techniques readily available on Internet hacker bulletin boards," Minihan said. "Although these attacks were moderately disruptive, the good news is that the vulnerabilities exploited are relatively easily fixed." But no one had bothered to fix them before the attacks. Minihan warned that the country is engaged in an information-age conflict that requires an active defense of critical information infrastructures. "Such a defense requires that we have the best possible intelligence on the capabilities and intentions of potential attackers," he said. Much of that intelligence has been freely available for years. Secure Computing sponsors a road show in which hackers-turned-security-experts address federal audiences. The recurring observation is that the old attacks, such as those used in Solar Sunrise, still work because agencies are not closing the back-door systems gaps and loopholes they depend on. --------------E81DD09E256816C42A756CBF-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:15 PDT