Security in 2004: beyond guarding the gate


20 Jan 2004

IT security is having to go beyond merely protecting the perimeter of the network, as businesses brace themselves against the threat of worms and assorted malware. That’s the view of Niall Moynihan, technical director EMEA with Check Point Software Technologies.

Firewalls, though still a very necessary part of any security infrastructure, are primarily concerned with ‘guarding the gate’, but the nature of many recent security threats means that security systems must have a wider focus, reaching down to the desktop.

The market has evolved to a point where nearly everyone now – especially in large enterprises – has a firewall, says Moynihan. For the time being however, he optimistically doesn’t foresee a falloff in firewall sales, but single products alone will no longer be sufficient to secure IT infrastructures. “There will be more of a focus on security solutions,” he asserts.

The reason for this is that downtime, not hacking will be one of the important issues for the coming year, Moynihan predicts. As computer worms became more prevalent, burying their way into organisations, security providers face the challenge of getting ahead of these viruses and their variants.

Ttraditional security systems are commonly located at the gateways to a company’s network, which will stop many unwanted visitors from coming in. But the network and the way users get access to it, it itself undergoing changes, hence the need for solutions rather than single-purpose products. “A firewall is required because it protects your network and that will always have to be there, but how most of the worms are attacking is that they haven’t come in through the firewall. They were brought in by individuals within the company whose laptops have been infected,” says Moynihan.

Such users bypass all of the usual perimeter security checks because they are considered ‘friendly’. According to Moynihan, this is happening all the time. It’s likely to continue as more organisations move away from having users with fixed desktops to greater amounts of mobile computing and hot-desking.

The proposed solution is similar to how the foot and mouth outbreak was handled: those suspected of being infected can be quarantined, minimising the chances of the ‘sickness’ becoming widespread. “You will be able to put software in so that if one part of the network is taken down, we can confine it there and fix it, so it doesn’t run through the entire network which is what’s happening at the moment,” he says.

We can also expect to see products designed to stop worms before they spread. According to Moynihan, many worms have similar characteristics and some of the most high profile attacks in 2003 came from variants on the same malicious code. Stop one, so the thinking goes, and you can stop many.

Another trend will see more encryption of data being sent between desktops. “Security has to go to the desktop: it’s not just about protecting the network any more, it’s about protecting individual machines,” says Moynihan.

Please visit our sponsors: CheckPoint : Entropy