RSS
 Business Trends:Internet Online products, services, resources and tips By Kelly Jackson Higgins Ready For Takeoff Security guru Marcus Ranum, chief scientist at firewall vendor V-One Corp., has found a way to fill a gap in network security. Ranum's start-up, Network Flight Recorder, is offering Internet service providers (ISPs) a security monitoring tool that records security attacks similar to the way a cockpit flight recorder, or black box, records flight information. The idea is for an ISP to catch an attack that's in progress, nip it in the bud and replay the "recorder" to rehash what happened during a security attack.  Ranum says the Network Flight Recorder fills a gap found in traditional intrusion-detection software by providing a good source of data on a security breach. Typically, corporations or ISPs h
ave to commission security experts in intrusion detection, as well as use specialized tools to track a security hole. Intrusion-detection tools probe your network and systems for vulnerabilities or holes and generate reports on them.
Ranum says Network Flight Recorder lets you decompose break-ins and actually determine the sequence of events that led up to them. No one yet has taken this approach of maintaining accurate records as evidence of security breaches, he says. Several big ISPs--including UUNET Technologies--are currently testing Network Flight Recorder. Ranum plans to sell commercial rights to the software.
A More Unified Front
On top o f all that, ISPs have had a shaky record when it comes to security. Critics say security has taken a back-sea t to the more pressing day-to-day demands of running the network and marketing newer services. But ISPs aren't sitting back and deflecting criticism anymore. Recently, they set up the IOPS.ORG group, a consortium of major ISPs that addresses operational issues of the Internet, like interconnection and router problems (see Business Trends, July 15, page 30). IOPS.ORG even is working on a standard trouble-ticket architecture ISPs might use to help track network troubles, as well as looking at ways to improve security alerts on the Internet. Now there's the ISP Security Consortium (ISPSec), a group of major U.S. and international ISPs that is looking at ways to improve their response to security attacks on their networks and prevent them from occurring. ISPSec, under the auspices of the National Computer Security Association (NCSA), has its own Web site (www.ncsa.com) with valuable information like who to call when a Ping o' Death or SYN Flood attack hits, for instance, as well as a listserv for informal dis cussions on security topics. ISPs have worked informally when security attacks occur among their networks, in much the same way they deal with a faulty router jamming traffic across their networks. The rule of thumb that applies when a hacker started jiggling your network locks has been to pick up the phone and call your interconnected ISP, who also was at risk or who might have been hit unknowingly.
ISPs increasingly are taking a more proactive approach to the flood of denial-of-service attacks like SYN Flood and those obnoxious spamming incidents that affect everyone's network. Fred Avolio, vice president of technology at firewall vendor Trusted Information Systems, says he expects ISPs to start tracking spamming more actively by monitoring these attacks more closely and shutting them down. The bottom line: No ISP is an island anymore.
by Kelly Jackson Higgins Context Will New Privacy Rule Impair Web Commerce? by Rivka Tadjer Updated September 8, 1997 
|
