Protecting Against Threats to Enterprise Network Security

By Harold C. Gellis

Life has been revolutionized by computer networks and the Internet. Vital sectors of the economy depend upon networks and the Internet for their existence. The financial, health, and government sectors, for example, all rely on networks for their daily operations. Banks transfer money electronically through the banking system’s Automated Clearing House Network. Medicare uses an electronic system for patients’ billings. And the Teachers’ Retirement System of New York and the Social Security Administration make pension payments electronically into pensioners’ bank accounts. The Internet also plays an indispensable role in the economy. Witness the explosion in electronic commerce between individuals, businesses, and other organizations. Companies like Amazon, eBay, and other online stores are representative of this new model.

The proliferation of wireless and mobile devices, cellphones, wireless modems, and pagers has created a mobile society consisting of millions of telecommuters, field workers, traveling sales personnel, and home-office workers. Users can connect to their office networks from hotels, airports, and other remote locations, as well as from home.

The very features of connectivity and accessibility that make networks and the Internet so indispensable to contemporary society, however, create dangerous and unforeseen consequences.

Dangers to the Enterprise

Security threats to an enterprise are much higher because of network interconnectivity and mobility. Cisco Systems, a leading provider of security services, maintains that remote users accessing corporate networks are more exposed than ever to attack from the outside. A personal computer on a network is a common point of attack. A user’s laptop can also become infected through a remote Internet connection, and then infect the entire network. Some security threats include viruses, worms, Trojan horses, and denial-of-service attacks.

Viruses consist of computer code that secretly reproduce on other computers and perform destructive acts such as deleting files and clogging network performance. Worms are destructive programs, usually hidden in e-mail attachments, that shut down computers and networks. Trojan horses are unauthorized computer instructions hidden in a legitimate program that perform secret or damaging activities. Denial-of-service attacks overload an Internet service provider’s e-mail server with hundreds of e-mail messages per second, causing it to shut down, or causing a network or web server to crash.

Last August, Blaster, a worm, shut down 120,000 systems in three minutes and eventually shut down businesses around the world. Slammer, another worm, spread worldwide in 11 minutes and infected 55 million hosts per second. According to Cisco, the cost of viruses and worms is approximately $13 billion a year.

Another insidious threat to an enterprise is hacking. Most businesses are susceptible to attack from both outside hackers and internal personnel. Unauthorized users can break into an organization’s network to steal information or create damage. Hackers often target business and financial institutions possessing information that can be further exploited. The names, addresses, credit information, and Social Security numbers of a company’s employees or customers can be stolen by hackers in order to rob bank accounts, obtain false credit cards, or perpetrate other fraudulent acts. Hackers, especially terrorists and rogue governments, also target military, government, and financial networks and can create political and economic havoc. Internal hackers might be disgruntled employees that delete corporate files. The proliferation of these illegal and dangerous activities has become a matter of grave concern for industry and government alike.

Protecting the Enterprise

An enterprise’s network, information systems, databases, and processes are essential for the enterprise’s survival and must be protected from both internal and external threats. Remote users connecting to the enterprise’s network from outside the enterprise must be protected, as well.

The protective measures an enterprise implements make up what the AICPA defines as information security. Information security consists of the following security measures: antivirus protection; firewalls; intrusion detection systems; and password management.

Firewalls protect a network from outside hackers and other malicious attacks from the Internet. Through the use of firewalls, inbound Internet traffic can be monitored for any unauthorized web server attempting to access the organization’s network, to either download or upload data. Firewalls can limit Internet access to specific, approved websites. Personal firewalls can prevent a hacker from capturing a remote user’s logon name or password to get into the user’s organization.

Intrusion detection systems can determine if an organization is under attack or if unauthorized activity is occurring. Network-based systems monitor all activity on the network itself. Host-based systems, on the other hand, monitor a specific server or computer, and can determine if a hacker is attempting to access files or surreptitiously use the computer.

Password management includes mandating passwords with a combination of uppercase and lowercase letters and numbers that are connected to the user’s name. Passwords should preferably not even be a word, because programs exist that can automatically try millions of combinations to crack a password.

Dangers to the Individual

Today, more and more personal information is being stored in digital format, in a variety of electronic databases and repositories. The IRS, for example, is in the process of converting the tax filing process to electronic format.

Individuals surfing the Internet are also compromising their privacy. A web browser such as Internet Explorer or Netscape stores the websites a user has accessed, thereby creating an electronic trail detailing the user’s surfing habits. In addition, the server of a visited website creates log files containing detailed information about every single request the server receives, including where the request comes from and which web pages the user visits. Cookies might be stored on the user’s computer, providing specific information to the website about the person who accessed the site. Individual profiles of Internet surfers, including confidential information, can also be created when completing online forms or posting information.

Even more insidious threats to the individual’s privacy exist in the form of web bugs, spyware, and stealth monitoring programs. Web bugs document the websites and pages a user visits and the frequency of these visits. Spyware and stealth monitoring programs secretly track the user’s Internet usage and computer use. Some of these programs can capture the user’s keystrokes, such as passwords or credit card data, and send the information across the Internet to an unauthorized site.

Protecting the Individual

Various security software programs, consisting of a suite of applications, exist to protect the personal computer user against viruses, worms, Trojans, and hostile attacks such as hacking. These suites also provide e-mail protection against spam and unsolicited e-mails that clog up the user’s electronic mailbox. Two popular suites are McAfee Internet Security 2004 and Norton Internet Security 2004. In order for these suites to be effective, they must provide ongoing protection against new viruses and worms and other electronic threats. The suites must be constantly updated, and must provide control over communications over the Internet.

Harold C. Gellis, CPA, is associate professor of accounting and information technology at York College of the City University of New York.