Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction Vulnerability Management Firewalls Get Hotter Control Issues Event Correlation HIP Hosts Technology Areas How We Got Here

A few decades ago, in a mainframe world where big iron was king, AAA, strong passwords and a firm grasp of the access controls surrounding jobs and data sets were enough to survive. Unix was for scientists and academia, Linux wasn't even a pipe dream, and PCs were far from prime time. Centralized computing was the norm, and security techniques followed suit. For example, end-user protection strategies typically revolved around training employees to use strong passwords and then convincing them not to write said passwords on notes left next to their terminals. This model made sense: The mainframe stored critical data and applications; it was centralized and thus easily defensible.

Fast forward a few years. IP and IPX began to take hold, and LAN and WAN technologies started to converge. Distributed computing models gained ground, and many of the techniques pioneered in the mainframe world were applied to new operating systems such as Novell NetWare, Microsoft Windows NT and a smorgasbord of Unix derivatives. Top threats included password guessing, leveraging file-system deficiencies and exploiting system-trust relationships. The ease with which systems and networks could be built brought new challenges, but protection techniques still centered on file-access control, authentication and the occasional network restriction. Network-access controls in the form of router access-control lists and early firewalls added a few new tools into the mix.

Today, firewalls protect our perimeters, and intrusion-detection systems look for attack patterns. Our users face threats that include Trojan horses in the form of e-mail attachments, spyware, remote control software, cross-site scripting traps, hostile Web sites leveraging browser flaws, worms, viruses, VPN hijacking techniques ... the list goes on. Attackers can come from anywhere on the planet, using dozens of technology types. E-mail messages are filtered and scrubbed, Web pages are pumped through proxies, and it's not uncommon for a laptop to have three or more security-related programs running at any given time.

But we're still having huge problems.

A single piece of data may reside on a desktop, in a tape library, on a file server or in a database. It may be accessible only through a single Windows application using a single file, or it might be viewable from across the globe using Web-enabled TN3270 emulation package traversing dozens of networks. It may require strong authentication if you're using normal channels, but leveraging the latest IIS problem or a recent Oracle vulnerability may grant carte blanche to the data underneath.

Many organizations have struggled to refocus their efforts; identify critical assets and potential targets; apply relevant technology to the right protection effort; and keep policies, process, and technology efforts inline. But make no mistake: Many of our efforts are based on the world we lived in 10 years ago, a world that no longer exists. Today, nothing is unbreakable.