Issue dated -28th July 2003

-

Previous Issues
CURRENT ISSUE
INDIA NEWS
STORAGE SPL.
SECURE SPACE
EVENTS
COLUMNS
TECH FORUM

THE C# COLUMN
BETWEEN THE BYTES
TECHNOLOGY
SPECIALS <NEW>
Symantec Report
Security Headquarters
JobsDB
MINDPRINTS
HMA BANKBIZ
EC SERVICES
ARCHIVES/SEARCH
IT APPOINTMENTS
WRITE TO US
SUBSCRIBE/RENEW
CUSTOMER SERVICE
ADVERTISE
ABOUT US
 Network Sites
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Pharma Pulse
  Exp. Healthcare Mgmt.
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express

 
Front Page > Secure Space Print this Page|  Email this page

Secure Space

Are you secure at the client level?

While network security is incorporated into the security framework of most corporates, it is client level security that needs to be examined and firewalls implemented on their machines, says Joy Ghosh

Picture this: One of your employees is working remotely on his laptop. He receives an infected e-mail with an attachment. The employee does not open the attachment, just views the message in a preview window; or suppose another employee has simply visited a website that was residing on an infected server, and Nimda gets onto her machine, unbeknownst to the employee. After that, the employee either connects to the enterprise network with the laptop via VPN; or brings the laptop into the office the next day, behind the enterprise firewall.

Anti-virus software catches the virus, but the network infector capability of a blended threat, such as Nimda, requires firewall and intrusion detection protection. The system has been infected, the blended threat spreads across the entire network since there is limited security protection at the client level.

If there was integrated security at the client level, here’s what would have happened:
As information is received by the client, it is passed through the client firewall and scanned for network attacks and viruses by the intrusion detection and anti-virus technologies. If an intrusion is detected, the client firewall is instructed to block network access from the offending IP address. Or in the case of a virus, the file is corrected or safely isolated. The threat is identified and contained at the client level, and is stopped before it can spread to the rest of the enterprise network.

Bigger picture

Complex blended threats, like Nimda and CodeRed and a very recent one called Bugbear, a fast replicating virus that spreads itself through computer users’ e-mail programs, have affected millions of computers worldwide, have disastrous consequences, and the frequency of these types of threats is projected to rise dramatically over the next few years. Blended threats combine the characteristics of viruses, worms, Trojan horses, and/or malicious code with methods of exploiting server and Internet vulnerabilities to initiate, transmit, and spread attacks.

Today, the numbers of possible paths of attack have increased as corporations grant access to a growing set of users. Hence, there is an urgent need to employ integrated security at every level, including the Internet gateway, network servers, and clients.

Because clients exist both inside and outside of the enterprise firewall, they are as vulnerable as any other part of the network—and their vulnerability is increasing, due to the increase of blended threats.

Striking examples of enterprise vulnerabilities behind the perimeter firewall are:

  • Laptop transmission: Many employees today use their corporate laptops away from the office. This makes them susceptible to downloaded viruses—including blended threats—giving an opportunity for the virus to spread throughout the corporate network.
  • Portable storage: Employees transfer files between the office and home via portable storage devices, such as rewritable CD media, Zip drives and floppy disks. These files are susceptible to infection while out of the purview of corporate security, and serve as transmission mechanisms for threats entering the enterprise network.
  • Remote offices: Enterprises today are globally dispersed, with remote offices connected to the corporate network. These remote offices may not have rigorous security policies as compared to their corporate headquarters. Therefore, remote client computers lacking sufficient security may create an opening for unauthorised personnel to access corporate resources.
  • Unsecured access: Any visitor to a company who finds an available network jack can connect to the corporate network. While this person may not be maliciously motivated, the visitor may still gain access to sensitive corporate data or documents.
  • Isolated virus protection: Today’s new blended threats, such as Nimda and CodeRed, are combinations of viruses, worms, and intrusions designed to exploit the vulnerabilities of security technologies working independently from one another. Therefore, companies that deploy virus protection alone at the client are not able to proactively block infection.

Integrated security at the client level

What is needed is an integrated solution that provides an enhanced layer of protection that helps meet today’s corporate needs for comprehensive security at the client level. The following benefits are available to those companies that implement an integrated client firewall solution:

  • Enhanced security enforcement: Client firewall solution allows administrators to set and lock rules on individual client machines. This prevents end-users from jeopardising security measures.
  • Blended threat protection: Unexpected network communication attempts can be identified and blocked (as per the administrator policy) using a client firewall. This stops blended threats from spreading inside a corporate network and minimises their impact on business operations, even if the threat is able to penetrate the perimeter firewall.
  • Protects against rogue applications: Client firewall allows network administrators to prohibit unknown and undesirable applications like ‘spyware’ or ‘scumware’ from communicating, thus rendering them ineffective. This provides a tool that helps maintain staff productivity and prevents unauthorised use of computing and bandwidth resources.
  • Supports business goals: A good client firewall solution enables enhanced access for those outside the traditional corporate network, so companies can explore new business opportunities, promote strategic relationships, and maximise employee productivity.

Enterprise need for integrated client security

A good client firewall solution provides integrated firewall, anti-virus, and intrusion detection protection to efficiently protect against a variety of threats.

In addition, multiple point products that are not integrated cannot be managed effectively, resulting in increased administrative and support costs, as well as overall costs of ownership. Integrated security not only means comprehensive protection and response, it also means that administrator resources are optimised, since installation, reporting, and updating of multiple security technologies can all be handled from one management console. This saves an enterprise time and money, and also diminishes the possibility that the client-level of the network goes unprotected.

Complete protection against blended threats requires integrated security solutions at every level, including the Internet gateway, network servers, and workstations, with a specific focus on the client as that is one of the most vulnerable areas of an enterprise today.

The author is country manager, India, Symantec Singapore. He can be contacted at jghosh@symantec.com
<Back to top>


© Copyright 2003: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.