Network Security: Finding Holes and Keeping Others Out
For chapters 6 and 15

There are two categories of security problems with computer networks: external threats and internal threats. Security software is available to identify security weaknesses and detect intruders. However, there is no single product that can perform all security functions. As a result, the network security software industry is divided into three areas:

• external threat auditing software,
• internal threat auditing software, and
• intrusion detection software.

External and internal threat auditing software are designed to find the holes in a network that may allow unauthorized people in. Intrusion detection software is designed to watch over the network once the holes are eliminated.

Network-based scanners are designed to scan for external threats to a network. The software application "probes" the network with bad or unauthorized data. The goal is to gain unauthorized access to the network, get a particular device on the network to fail, or get the entire network to fail outright. Any problems or security threats are outlined in a report generated by the software that is then used by the network administrator to correct the problems. Some of the widely-used network-based scanners include

• Internet Security Systems Inc.'s Internet Scanner,
• Netect Inc.'s HackerShield, and
• Network Associates Inc.'s CyberCop Scanner.

While network-based scanners scan for external threats, host-based scanners are designed to scan for internal threats to a network. They "probe" the network internally, searching for such things as weak passwords, missing security, or vulnerable applications. Here too, the software generates a report outlining the threats and problems. The network administrator uses this report to fix any problems with the network's security. Examples of two widely used host-based scanners are Axent Technologies Inc.'s Enterprise Security Manager and Internet Security Systems Inc.'s System Scanner.

Intrusion detection software can be installed to keep watch for any unauthorized people on the network. When an intruder is detected, the software notifies the network administrator who is then responsible for improving the network safeguards. Many of the same companies that produce some of the scanning software mentioned above also produce the major intrusion detection software. Check out Internet Security Systems' web site at http://www.iss.net/ for detailed product information on their products and for general security news.

it's important that a company purchase, install, and utilize the proper software in the proper manner. However, one of the real problems is that there are not enough qualified personnel to do just that. There is a severe shortage of skilled workers with the knowledge, ability, and training to manage a secure network, especially for very large organizations. A secondary problem is that much of the software is not very easy to use. So, the solution rests with the academic world to provide the proper training and with the product vendors to make their software easier to use.

Points to Ponder:

1. With all of this safeguarding, protection, fear, and lack of control over computer networks, are they really worth the time, effort, and money?
2. Of the two categories of network security threats, which seems more dangerous -- external or internal? Why? Where do you believe the majority (in numbers) of threats occur? Where do you believe the most serious threats occur?