From: cult hero (jerichodimensional.com)
Date: Thu Jun 03 1999 - 11:04:40 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nytimes.com/techweb/TW_New_Tools_Prevent_Network_Attacks.html

June 3, 1999
New Tools Prevent Network Attacks
Filed at 8:49 a.m. EDT
  
IT managers alarmed by high-profile security breaches are gaining new
software tools to ward off network attacks.

Axent Technologies this week will release an intrustion-detection system
with improvements to protect networks against a range of existing and new
types of attacks in real time.

Internet Security Systems (ISS) will rollout a souped-up version of its
RealSecure system that filters out false alarms from real attacks with
greater efficiency and precision. Other vendors said they plan product
updates by year's end. CyberSafe, for example, will deliver security
features that detect intrusions in individual applications.

The advancing functionality of these high-tech burglar alarms comes as
Internet-based computing exposes security vulnerabilities. Recent hacker
attacks on the FBI and other government websites, as well as the loss of
sensitive nuclear weapons information to China, have heightened corporate
awareness of the need for multiple layers of network security.

As intrusion-detection systems "enter their midlife, they are starting to
become a viable part of the total protection strategy in many
corporations," said Mike Hagger, vice president of network security at
Oppenheimer Funds. The investment company uses ISS' RealSecure to identify
and respond to certain types of hacker attacks, such as SYN flood attacks.

"Intrusion detection is only one line of defense," Hagger added, citing
the need for firewalls, antivirus and authentication tools.

Jim Patterson, director of security at service provider Level 3
Communications, agreed, saying intrusion-detection systems must move
beyond simple event detection to behavioral analysis. If an intruder is
using a "valid ID or password, the typical system wouldn't pick that up as
wrong behavior," he said.

IT managers also need tools that will help them build a baseline of
typical usage patterns. Thus, if a user tried to access a network at 2
a.m., for example, an IT manager would be notified.

"I want to get details on what things are being accessed and what systems
are being used," Patterson said.

For Electronic Data Systems, intrusion detection could be the first line
of defense. The IT services provider is testing Axent's NetProwler 3.0 on
the access point into the network-outside the firewall, said Wayde York, a
network operations supervisor at EDS.

By placing NetProwler at the network perimeter, it can detect "stealth
scans and newer attacks" that the firewall typically won't pick up, he
said. Placing the intrusion- detection system in front of the firewall
also reduces the false alarms common to these network-based systems, York
said, because it's less likely to have to monitor a wide variety of
traffic types, as it would inside the firewall.

NetProwler 3.0 also can send alerts to Check Point Software Technologies'
Firewall-1 product -- which EDS uses -- once an attack is detected so that
the firewall could then be reconfigured to fend off future attacks of the
same type, York said.

Tighter integration between NetProwler and Axent's host-based Intruder
Alert system lets IT managers monitor network devices and servers from
Intruder Alert's central management console. Protecting mixed platforms
and critical resources is the goal behind ISS' product rollout, scheduled
for the week of June 14.

-o-
Subscribe: mail majordomorepsec.com with "subscribe isn".
Today's ISN Sponsor: OSAll [www.aviary-mag.com]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]