Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Host-Based Protection Protects Servers

Who says Americans aren't as soccer-adept as the rest of the world? We think the best matches take place not in the stadiums of Italy or Peru, but on fields in Everytown, U.S.A. In one recent barn burner, a kid charged straight toward the goal, and the goaltender lined up to deflect a direct kick. In a surprise attack, the player kicked the ball right, bouncing it off the forehead of his teammate and into the goal. The crowd went wild.

Corporate security administrators should take note. Mistake No. 1 is thinking that attacks will come from a single, defined and visible location: the Internet. In truth, strikes come from every angle, and attackers aren't going to storm the front gate without first trying all the windows. Case in point: When the MS SQL Slammer worm broke out, administrators thought they were safe if they'd blocked traffic to UDP Port 1434 on the firewall. Wrong. Remote laptop users picked up the worm and brought it into many organizations.

That brings us to the second point. Defense becomes exponentially more difficult when you're guarding multiple fronts. Most large enterprises have numerous firewalls, VPNs, remote-user authentication devices, IDS sensors, antivirus gateways and desktop software packages, and traffic shapers, making even something as seemingly simple as blocking a port or an IP address vastly complex. An attacker needs to find only one hole, and he or she is in.

For the past several years, we've called for a shift from perimeter to asset-based security. We began making that case in 2001 ("No Desktop Is an Island,") and strengthened it in 2003 ("Secure to the Core,").

Perimeter-based security fails because there is no longer a clearly defined perimeter. Wireless networks, remote users, encrypted communications, Web services, corporate spies, disgruntled employees, bribed administrators and socially engineered victims have seen to that.

  • 1