Frequent patches, user violations all play a role in poor network security

Companies that use several different types of network security devices are often doing the same task several different times, according to an executive at one network security firm.

Christopher Klaus, founder and chief technology officer of Atlanta-based Internet Security Systems (ISS) Inc.,

said some organizations use firewalls, anti-virus, intrusion detection or prevention systems and spam filtering tools to examine and analyze packets. Each device opens and analyzes the packet, decides whether to block it or allow it through, re-assembles it, routes the packet and then logs the result.

“”It creates a lot of complexity and a lot of repetition,”” Klaus said last month at the Canadian launch of the ISS Proventia-M products. “”With all this complexity, we’re finding a lot of organizations still aren’t protected, even after you put it through the firewall, and put anti-virus in place.””

The Proventia-M includes firewall, virtual private networking, intrusion detection and anti-virus features. Next year, Klaus said, ISS will add content filtering and anti-spam.

Klaus predicted vendors will release more products that combine several security features into one, because customers will save money in the long term.

One of the major security problems for businesses is the time it takes to install patches on their systems, he said. ISS did a cost analysis and estimated an organization with 1,000 servers could spend nearly US$19 million per year on installing patches.

The estimate was based on four hours per patch, five times per month at US$80 per hour.

“”We ran this past Fortune 1000 (companies) who said it’s actually a conservative estimate,”” Klaus said.

He added many network managers do not get a chance to install patches before hackers launch attacks, taking advantage of software security vulnerabilities.

That view was echoed by Parveen Jain, president and general manager of Network Associates Inc.’s Santa Clara, Calif.-based McAfee network security technologies group.

Jain was in Toronto the same day for the launch of Network Associates’ end node security road map. The strategy includes software designed to secure clients and servers against attacks. Its first product, Entercept Desktop Edition, is shipping this month and designed to protect against buffer overflows, worms and other security breaches.

A third security vendor, Symantec Corp., held a roundtable in Toronto the same day. One speaker said errors in user judgement are often to blame for security breaches.

“”We see our biggest challenge right now as educating users,”” said David Klein, network analyst for the Toronto Catholic District School Board.

Security technology only has a limited impact if students aren’t aware of the potential risks — even basic provisions like not giving out personal information online.

Klein, who is responsible for network management at 200 different school board sites with 110,000 users, said his department encourages students and teachers alike to think of security as part of the broader education process.

His clients include 10,000 staff and 100,000 students, or what he described as “”100,000 potential little hackers.””

The wrongdoing comes from a lack of security knowledge more often than not, said Klein. “”One of the potential threats is a curious and inquisitive student,”” who may want to download content from the Internet without considering the consequences for the network.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.