[ISN] New Tools Prevent Network Attacks

From: cult hero (jerichoat_private)
Date: Thu Jun 03 1999 - 09:04:40 PDT

  • Next message: cult hero: "[ISN] U.K. Crypto Policy May Have Hidden Agenda"

    June 3, 1999
    New Tools Prevent Network Attacks
    Filed at 8:49 a.m. EDT
    IT managers alarmed by high-profile security breaches are gaining new
    software tools to ward off network attacks. 
    Axent Technologies this week will release an intrustion-detection system
    with improvements to protect networks against a range of existing and new
    types of attacks in real time. 
    Internet Security Systems (ISS) will rollout a souped-up version of its
    RealSecure system that filters out false alarms from real attacks with
    greater efficiency and precision. Other vendors said they plan product
    updates by year's end. CyberSafe, for example, will deliver security
    features that detect intrusions in individual applications. 
    The advancing functionality of these high-tech burglar alarms comes as
    Internet-based computing exposes security vulnerabilities. Recent hacker
    attacks on the FBI and other government websites, as well as the loss of
    sensitive nuclear weapons information to China, have heightened corporate
    awareness of the need for multiple layers of network security. 
    As intrusion-detection systems "enter their midlife, they are starting to
    become a viable part of the total protection strategy in many
    corporations," said Mike Hagger, vice president of network security at
    Oppenheimer Funds. The investment company uses ISS' RealSecure to identify
    and respond to certain types of hacker attacks, such as SYN flood attacks. 
    "Intrusion detection is only one line of defense," Hagger added, citing
    the need for firewalls, antivirus and authentication tools. 
    Jim Patterson, director of security at service provider Level 3
    Communications, agreed, saying intrusion-detection systems must move
    beyond simple event detection to behavioral analysis. If an intruder is
    using a "valid ID or password, the typical system wouldn't pick that up as
    wrong behavior," he said. 
    IT managers also need tools that will help them build a baseline of
    typical usage patterns. Thus, if a user tried to access a network at 2
    a.m., for example, an IT manager would be notified. 
    "I want to get details on what things are being accessed and what systems
    are being used," Patterson said. 
    For Electronic Data Systems, intrusion detection could be the first line
    of defense. The IT services provider is testing Axent's NetProwler 3.0 on
    the access point into the network-outside the firewall, said Wayde York, a
    network operations supervisor at EDS. 
    By placing NetProwler at the network perimeter, it can detect "stealth
    scans and newer attacks" that the firewall typically won't pick up, he
    said. Placing the intrusion- detection system in front of the firewall
    also reduces the false alarms common to these network-based systems, York
    said, because it's less likely to have to monitor a wide variety of
    traffic types, as it would inside the firewall. 
    NetProwler 3.0 also can send alerts to Check Point Software Technologies'
    Firewall-1 product -- which EDS uses -- once an attack is detected so that
    the firewall could then be reconfigured to fend off future attacks of the
    same type, York said. 
    Tighter integration between NetProwler and Axent's host-based Intruder
    Alert system lets IT managers monitor network devices and servers from
    Intruder Alert's central management console. Protecting mixed platforms
    and critical resources is the goal behind ISS' product rollout, scheduled
    for the week of June 14.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: OSAll [www.aviary-mag.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:24:20 PDT