| Protecting
Against Threats to Enterprise Network Security
By
Harold C. Gellis
Life
has been revolutionized by computer networks and the Internet.
Vital sectors of the economy depend upon networks and the
Internet for their existence. The financial, health, and
government sectors, for example, all rely on networks for
their daily operations. Banks transfer money electronically
through the banking system’s Automated Clearing House
Network. Medicare uses an electronic system for patients’
billings. And the Teachers’ Retirement System of New
York and the Social Security Administration make pension
payments electronically into pensioners’ bank accounts.
The Internet also plays an indispensable role in the economy.
Witness the explosion in electronic commerce between individuals,
businesses, and other organizations. Companies like Amazon,
eBay, and other online stores are representative of this
new model.
The
proliferation of wireless and mobile devices, cellphones,
wireless modems, and pagers has created a mobile society
consisting of millions of telecommuters, field workers,
traveling sales personnel, and home-office workers. Users
can connect to their office networks from hotels, airports,
and other remote locations, as well as from home.
The
very features of connectivity and accessibility that make
networks and the Internet so indispensable to contemporary
society, however, create dangerous and unforeseen consequences.
Dangers
to the Enterprise
Security
threats to an enterprise are much higher because of network
interconnectivity and mobility. Cisco Systems, a leading
provider of security services, maintains that remote users
accessing corporate networks are more exposed than ever
to attack from the outside. A personal computer on a network
is a common point of attack. A user’s laptop can also
become infected through a remote Internet connection, and
then infect the entire network. Some security threats include
viruses, worms, Trojan horses, and denial-of-service attacks.
Viruses
consist of computer code that secretly reproduce on other
computers and perform destructive acts such as deleting
files and clogging network performance. Worms are destructive
programs, usually hidden in e-mail attachments, that shut
down computers and networks. Trojan horses are unauthorized
computer instructions hidden in a legitimate program that
perform secret or damaging activities. Denial-of-service
attacks overload an Internet service provider’s e-mail
server with hundreds of e-mail messages per second, causing
it to shut down, or causing a network or web server to crash.
Last
August, Blaster, a worm, shut down 120,000 systems in three
minutes and eventually shut down businesses around the world.
Slammer, another worm, spread worldwide in 11 minutes and
infected 55 million hosts per second. According to Cisco,
the cost of viruses and worms is approximately $13 billion
a year.
Another
insidious threat to an enterprise is hacking. Most businesses
are susceptible to attack from both outside hackers and
internal personnel. Unauthorized users can break into an
organization’s network to steal information or create
damage. Hackers often target business and financial institutions
possessing information that can be further exploited. The
names, addresses, credit information, and Social Security
numbers of a company’s employees or customers can
be stolen by hackers in order to rob bank accounts, obtain
false credit cards, or perpetrate other fraudulent acts.
Hackers, especially terrorists and rogue governments, also
target military, government, and financial networks and
can create political and economic havoc. Internal hackers
might be disgruntled employees that delete corporate files.
The proliferation of these illegal and dangerous activities
has become a matter of grave concern for industry and government
alike.
Protecting
the Enterprise
An
enterprise’s network, information systems, databases,
and processes are essential for the enterprise’s survival
and must be protected from both internal and external threats.
Remote users connecting to the enterprise’s network
from outside the enterprise must be protected, as well.
The
protective measures an enterprise implements make up what
the AICPA defines as information security. Information security
consists of the following security measures: antivirus protection;
firewalls; intrusion detection systems; and password management.
Firewalls
protect a network from outside hackers and other malicious
attacks from the Internet. Through the use of firewalls,
inbound Internet traffic can be monitored for any unauthorized
web server attempting to access the organization’s
network, to either download or upload data. Firewalls can
limit Internet access to specific, approved websites. Personal
firewalls can prevent a hacker from capturing a remote user’s
logon name or password to get into the user’s organization.
Intrusion
detection systems can determine if an organization is under
attack or if unauthorized activity is occurring. Network-based
systems monitor all activity on the network itself. Host-based
systems, on the other hand, monitor a specific server or
computer, and can determine if a hacker is attempting to
access files or surreptitiously use the computer.
Password
management includes mandating passwords with a combination
of uppercase and lowercase letters and numbers that are
connected to the user’s name. Passwords should preferably
not even be a word, because programs exist that can automatically
try millions of combinations to crack a password.
Dangers
to the Individual
Today,
more and more personal information is being stored in digital
format, in a variety of electronic databases and repositories.
The IRS, for example, is in the process of converting the
tax filing process to electronic format.
Individuals
surfing the Internet are also compromising their privacy.
A web browser such as Internet Explorer or Netscape stores
the websites a user has accessed, thereby creating an electronic
trail detailing the user’s surfing habits. In addition,
the server of a visited website creates log files containing
detailed information about every single request the server
receives, including where the request comes from and which
web pages the user visits. Cookies might be stored on the
user’s computer, providing specific information to
the website about the person who accessed the site. Individual
profiles of Internet surfers, including confidential information,
can also be created when completing online forms or posting
information.
Even
more insidious threats to the individual’s privacy
exist in the form of web bugs, spyware, and stealth monitoring
programs. Web bugs document the websites and pages a user
visits and the frequency of these visits. Spyware and stealth
monitoring programs secretly track the user’s Internet
usage and computer use. Some of these programs can capture
the user’s keystrokes, such as passwords or credit
card data, and send the information across the Internet
to an unauthorized site.
Protecting
the Individual
Various
security software programs, consisting of a suite of applications,
exist to protect the personal computer user against viruses,
worms, Trojans, and hostile attacks such as hacking. These
suites also provide e-mail protection against spam and unsolicited
e-mails that clog up the user’s electronic mailbox.
Two popular suites are McAfee Internet Security 2004 and
Norton Internet Security 2004. In order for these suites
to be effective, they must provide ongoing protection against
new viruses and worms and other electronic threats. The
suites must be constantly updated, and must provide control
over communications over the Internet.
Harold
C. Gellis, CPA, is associate professor of accounting
and information technology at York College of the City University
of New York. |