Technology director emphasizes importance of fine-tuning intrusion detection systems

If you think wired systems are secure just because they’re wired, you may be kidding yourself, says Kelly Kanellakis.

Some industry watchers warn wireless local-area networks are less secure because they send data over radio frequencies. But Kanellakis, the Toronto-based director of technology

for the office of the chief technology officer at Enterasys Networks Inc., says there’s a misconception that wireline systems provide very good security.

Kanellakis, who managed both the Secure Harbor architecture development group and the RoamAbout wireless business for Rochester, N.H.-based Enterasys, cut his teeth in the networking industry 20 years ago when he helped install the first local-area network at North York Hydro (now part of Toronto’s electrical utility). He joined Cabletron (now Enterasys) in 1991.

He recently spoke with C&N about the need for a “”holistic approach”” to security, the development of security standards for 802.11-based wireless LANs and the issues involved in roaming from 802.11 networks to carrier data networks.

C&N: The Secure Harbor architecture tries to address the threat from employees. Can you compare the threat posed by employees now, compared to a couple of years ago?

KK: The type of threat really hasn’t changed. I think the damage that could potentially be caused is higher now, and that’s only because the systems now are more sophisticated and people have started putting a lot more valuable assets into their computer systems. Even if they did exactly the same thing two and a half years ago that they did today, the damage two and a half years ago was potentially less than the damage would be today.

C&N: An issue with intrusion detection is dealing with false positives. Do you see this as an issue in terms of taking up a lot of the time for IT staff and possibly terminating sessions that are in fact authorized?

KK: The false positive issue is fairly large in intrusion detection systems. There are two issues that are part of that. The first issue is that you’ve got to spend the time to have the intrusion detection system tuned down to the point where you eliminate most of the false positives. You never want to eliminate all of them, because if you do, chances are you’re letting some things get through. The second thing is you want to have trained IT staff, so they understand the difference between a false positive and a real attack. That’s a matter of training the IT staff, as well as potentially giving them additional tools that allow them to do correlation and more intelligent tools that look not just at the intrusion detection but at the routers, the switches, the firewalls. This is the concept around Secure Harbor. You want to basically bring all the systems together holistically and be able to say, ‘My IDS saw this attack. What did the firewall report? Was there anything suspicious on the switch? Did the router report anything suspicious?’


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.