http://www.nytimes.com/techweb/TW_New_Tools_Prevent_Network_Attacks.html June 3, 1999 New Tools Prevent Network Attacks Filed at 8:49 a.m. EDT IT managers alarmed by high-profile security breaches are gaining new software tools to ward off network attacks. Axent Technologies this week will release an intrustion-detection system with improvements to protect networks against a range of existing and new types of attacks in real time. Internet Security Systems (ISS) will rollout a souped-up version of its RealSecure system that filters out false alarms from real attacks with greater efficiency and precision. Other vendors said they plan product updates by year's end. CyberSafe, for example, will deliver security features that detect intrusions in individual applications. The advancing functionality of these high-tech burglar alarms comes as Internet-based computing exposes security vulnerabilities. Recent hacker attacks on the FBI and other government websites, as well as the loss of sensitive nuclear weapons information to China, have heightened corporate awareness of the need for multiple layers of network security. As intrusion-detection systems "enter their midlife, they are starting to become a viable part of the total protection strategy in many corporations," said Mike Hagger, vice president of network security at Oppenheimer Funds. The investment company uses ISS' RealSecure to identify and respond to certain types of hacker attacks, such as SYN flood attacks. "Intrusion detection is only one line of defense," Hagger added, citing the need for firewalls, antivirus and authentication tools. Jim Patterson, director of security at service provider Level 3 Communications, agreed, saying intrusion-detection systems must move beyond simple event detection to behavioral analysis. If an intruder is using a "valid ID or password, the typical system wouldn't pick that up as wrong behavior," he said. IT managers also need tools that will help them build a baseline of typical usage patterns. Thus, if a user tried to access a network at 2 a.m., for example, an IT manager would be notified. "I want to get details on what things are being accessed and what systems are being used," Patterson said. For Electronic Data Systems, intrusion detection could be the first line of defense. The IT services provider is testing Axent's NetProwler 3.0 on the access point into the network-outside the firewall, said Wayde York, a network operations supervisor at EDS. By placing NetProwler at the network perimeter, it can detect "stealth scans and newer attacks" that the firewall typically won't pick up, he said. Placing the intrusion- detection system in front of the firewall also reduces the false alarms common to these network-based systems, York said, because it's less likely to have to monitor a wide variety of traffic types, as it would inside the firewall. NetProwler 3.0 also can send alerts to Check Point Software Technologies' Firewall-1 product -- which EDS uses -- once an attack is detected so that the firewall could then be reconfigured to fend off future attacks of the same type, York said. Tighter integration between NetProwler and Axent's host-based Intruder Alert system lets IT managers monitor network devices and servers from Intruder Alert's central management console. Protecting mixed platforms and critical resources is the goal behind ISS' product rollout, scheduled for the week of June 14. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:24:20 PDT