Protecting the confidentiality of corporate information, preventing unauthorised access and defending the network against attacks remain primary concerns of network security professionals today. What have changed are the precise areas of vulnerability that challenge today's networks - the different levels of trusted users, the sophistication level and quantity of attacks, and the ease with which attacks can be launched. Security professionals and analysts agree that their troubles have only just begun. In fact, the Computer Emergency Response Team (CERT*) states that an estimated 83,000 attacks occurred globally in 2002, while in the first three quarters of 2003 alone, nearly 115,000 attacks occurred, which has risen from just above 5,000 in 1999. Attacks that are increasing in number and sophistication are placing networks in an extremely vulnerable position that will continue to be a challenge made worse by several key trends.
- Ubiquitous access to the internet:
The availability of the internet has made every home, every office and every business partner a potential entry point from attack. This ubiquitous access allows sophisticated attacks to be launched against the corporate network by deliberate attackers or unknowingly by remote users logging onto the corporate network.
- Changing levels of trust:
The different levels of network access that are being granted (remote employees, business partners, customers) are making the network increasingly vulnerable. Remote employees, business partners, customers and suppliers may have different levels of access to corporate resources, and appropriate measures must be taken to protect the corporate network.
- Internal attacks:
More troubling and more difficult to defend against are the attacks that are perpetrated from inside the network by employees who have access and ultimately complete control over the network's resources. Internal attacks can range from a nosey employee trying to see how much their co-workers make, to a disgruntled employee destroying or stealing proprietary information.
- Attack sophistication:
New types of attacks that target application vulnerabilities have been added to the long list of viruses, worms, Denial of Service (DoS) and Trojan horse attacks that IT departments need to defend their network against.
- Wireless LANs - The unseen vulnerability:
The popularity and accepted use of wireless LANs (WLAN) is exposing many networks to security threats. Gartner Dataquest "forecasts the penetration rate of wireless LAN into the professional mobile PC installed base will grow from nine percent in 2000 to almost 50 percent by the end of 2003, and it is expected to surpass 90 percent by 2007"**. With little or no security on a WLAN, attackers can gain access to the corporate network with relative ease and as a result, may be free to roam the corporate network, inflicting damages or stealing data.
The trends outlined above exemplify how administrators must re-consider their network security architecture to address specific security threats without hindering access. Industry analysts and security experts agree that the key to striking a balance between tight network security and the network access required by employees, business partners and customers is a layered security solution.
Remote access communications:
In many cases, users who are accessing the corporate network are doing so across a public medium, possibly without the appropriate security measures, which mean that all communications are being transmitted in clear text and are susceptible to hackers. The primary solution to this vulnerability is secure socket layer (SSL) virtual private networking (VPN), to include strong authentication capabilities.
In this scenario, two resources (remote site and main site) that are typically connected via a high-speed connection need to be protected. Potential threats include hijacked sessions, u-turn attacks, compromised PCs, malicious users and attacks originating from one site, yet targeting the other site. To counteract this vulnerability, firewalls and IPSec VPNs should be used. Denial of Service (DoS) protection is also advisable.
Fundamentally, as the point where external communication lines enter the corporate network, this is where who and what gets in and out of the network must be controlled. Some of the vulnerabilities threatening the perimeter include hackers trying to penetrate the network, denial of service, sophisticated application level and hybrid attacks. Perimeter firewall/DoS protection (preferably multi-functional to include such features as antivirus), access control (IPSec) plus intrusion detection and prevention (IDP) layers are advised.
Network core security:
The network's core is the area that contains an organisation's most critical data resources, so is vulnerable to unauthorised user roaming, internal attacks launched by disgruntled employees, and application level attacks targeting specific vulnerabilities. High performing, properly integrated firewalls, inline but independent IDPs, IPSec VPNs, should all be deployed to protect the network's core.
Layered security to help counteract network vulnerabilities
Overall, the solutions described above should be deployed as a cohesive, layered solution to optimally secure a highly distributed network. The ultimate goal of a layered security solution is to protect the critical resources that reside on the network from today's ever increasingly sophisticated attacks. A layered security solution is made up of multiple layers of complementary security technologies, all working together to provide the required level of protection. If one layer fails, the next layer covers it. For example, administrators may deploy firewalls, VPNs, antivirus and intrusion detection and prevention as layers of protection against attacks.
Security Layer Description
Firewall Protects the network by controlling who and
what can have access to the network
Denial of Service Protects against denial of service type
Virtual Private Network Protects communications between sites
(VPN) and/or users with an encrypted,
authenticated communications session
Antivirus Protects against virus attacks at the
desktop, gateway and server levels
Intrusion Detection Protects against sophisticated attacks
& Prevention such as application level attacks
Personal Firewall Protects content on personal computers and
in turn, keeps corporate networks safe
In addition to protecting network resources from attacks, the need for layered security stems from today's network extending far beyond the walls of the corporate headquarters to where remote users, regional offices, business partners and customers are accessing network resources from their location. This extension of the corporate network is forcing IT departments to treat each of these network entry points as a potential avenue for attack. A layered security solution allows an administrator to apply the appropriate levels of security to protect resources from attacks originating from any location. Layered security is an optimal solution for two reasons:
1. If a security breach occurs, the other security layers that have
been deployed can stop the attack and/or limit the damages that
2. This allows an IT department to apply the appropriate level of
resource protection to the various network entry points based
upon different security, performance and management
requirements. For example, remote users have lower
performance requirements and access to fewer technical
resources but still need to protect their PC (and the corporate
network) from viruses with antivirus and from prying eyes
with encryption. At the other end of the spectrum, core network
security will require higher levels of performance and access to
technical resources in order to support the sophisticated levels of
security needed to protect the corporate network and business-
Most organisations acknowledge that intrusions and attacks are inevitable and a layered security strategy comprised of multiple layers of complementary security technologies, all working together, helps to minimise this risk by presenting multiple barriers to keep them from penetrating an organisation's defences.
Network segmentation and user containment
In addition to various security solutions, network segmentation and user containment can be further used to protect the network against various vulnerabilities. Once thought of as only a perimeter defence security layer, firewalls are being brought into the infrastructure to protect different segments of the network such as finance, HR and engineering. Used internally, firewalls provide additional layers of access control to protect against the organisation's sprawling definition of "authorised user", as well as to provide attack containment. Adding firewalls to the infrastructure enables an organisation to protect specific resources and helps to prevent users from unauthorised roaming and contain attack damages in the event that one occurs. Rather than implementing a separate, physical firewall for every segment, a more cost effective solution is to leverage virtual firewall functionality and VPNs that can divide the network into distinct, secure network segments.
In the network security world, one thing is certain: networks will remain the target of ever-increasingly sophisticated types of attacks originating both internally and externally. Compounding the difficulty associated with protecting the network from new types of attacks is the dramatic expansion of who may or may not have access to the corporate network.
These two factors are forcing IT departments to evaluate and implement layered security solutions that are designed to:
1. Control who and what has access to the corporate network
through robust firewall functionality.
2. Protect against denial of service attacks through built-in
intelligence and high performance.
3. Facilitate secure communications with a VPN so that remote users,
business partners and customers can conduct business across the
4. Detect attacks and quickly react, in a preventative manner to
minimise or eliminate any damages that may result from the
NetScreen Technologies are exhibiting at Infosecurity Europe 2004 at the Grand Hall at Olympia from 27th to the 29th April 2004. www.infosec.co.uk