Thursday, November 09, 2006

Network Security: Know Your Weaknesses

As the person responsible for your company's network security, you know you are sorely outnumbered. A seemingly infinite number of potential intruders are lurking out there, and there's never enough time to prepare.

Without a doubt, the costs of cyberattacks are significant, as shown by the 2003 Computer Crime and Security Survey, conducted by the Computer Security Institute and the FBI. The 250 organizations that participated in the eighth annual study reported combined losses of $202 million, with causes ranging from theft of proprietary information, denial-of-service attacks, and viruses to insider abuse of network access.

How do you improve your odds? Your obvious first step is to identify system weaknesses. Vulnerability assessment scanners not only automatically discover security flaws on a network but in some cases correct them, too. Such tools have been around for years, but only recently have they matured into more comprehensive and user-friendly—if still complex—products, with features like customized reporting, distributed threat assessment, and automatic correction of potential problems.

Among the things such scanners can identify are known software bugs, viruses, and weak access control policies. Commonly found workstation vulnerabilities include open NetBIOS ports for file and printer sharing, as well as users who run rogue Web servers or peer-to-peer file-sharing clients.

Vulnerability assessment scanners can also find improper configurations of applications, which can leave a network unprotected. For example, Microsoft Exchange's default configuration used to leave the server as an open SMTP relay, which could be exploited by spammers. This resulted in attackers hijacking servers and sending millions of e-mails that appeared to originate as legitimate traffic from the victims' networks.