Evolution and Network Security

22.11.06

Enterprises today exist in a classic Predator/Prey environment. The prey is the enterprise network and the information it contains. The predators are the hackers trying to gain unauthorised access to resources within the network or interfering with corporate assets for some ulterior purpose. These purposes can be as prosaic as using facilities and services for free (VoIP toll-fraud, use of broadband access, use of network disk storage etc.) through to using zombie PCs in DDoS attacks or as Spam beacons.

Juniper Networks has recently celebrated its 10th anniversary and in that time we have witnessed a significant acceleration of predatory threat development, which has kept pace with the changes to the technological and legislative frameworks that enterprises operate within. Enterprises themselves have evolved, changing their business practices by adopting new network technologies and protocols as they move from being static in nature to being responsive, with an ultimate aspiration of becoming a real-time enterprise, with fully “webified” applications. This evolution then leads to opportunities to exploit these new applications for negative purposes. The cycle of adoption, threat development and adaptive countermeasures have kept pace with each other in a classic pain/response model. Keeping abreast of these changes and the deployment of effective yet flexible countermeasures is a continuous challenge for our network security managers.

Security changes include the blooming of viruses, worms, trojans blended threats and the resulting increase in payload-based content security to combat them. In tandem we have experienced the evolution of firewalls from simple ‘passport control’ to new Deep Inspection versions that look more deeply into the protocol and application messaging in order to detect attacks aimed at the applications themselves. We have also encountered more challenging protocols that are sensitive to jitter and latency and therefore are more of a challenge to secure (security always has a cost, having to balance efficacy against performance deterioration.)

Not only is the application and network ecosystem becoming more complex, the notion of location complication and the dynamic nature of network boundaries has further compounded the security issue. Once again, the liberation of workers from headquarters buildings out into the wider world is driven by enterprises needing to become more responsive and real-time by altering business processes and working practices. In a world of near-ubiquitous broadband access and mobile computing we find that both users and their means to access networks outside the control and monitoring of the IT department have grown significantly. This “anywhere connectivity” in turn represents an interesting ‘seam’ that malicious agents can exploit to their own advantage: by introducing malware to a laptop while it is in a relatively exposed/loosely coupled state they can gain access to the corporate LAN and its valuable assets when the machine is reconnected at the next corporate touch-down.

This is where Access Control has an important part to play in securing our enterprises, but once again we must seek out the right genetic material in such a solution if it is to be truly effective. Technology that is open, based on trusted technology and deliverable over existing infrastructure, while incorporating the best of port-based and overlay control are some of the key attributes of such a solution.


Is Today’s Network Environment Easier to Secure?
So with all this evolutionary change going on, have things got any easier for our networking and security professionals? The answer is both yes and no. Yes, we have many more tools, but the downside of the pick-and-mix strategy for security is the proliferation of management control and even the philosophical differences in how security is incorporated into software and/or appliances. The alternative is almost equally unpalatable, where a single vendor promises hugely intelligent networks at the expense of deploying a mono-culture, thus holding back both the ability to be agile and also removing the vital defence-in-depth component and offering up a single point of attack focus. No, there are too many compromises, too much intrusive security, un-enforceable policies for harder-to-manage applications. And last but not least, our users haven’t got any less careless as time goes by!

So what’s the next step along this evolutionary journey? Certainly more intelligence is needed, and probably, more importantly, increased transparency for users. Security has to become much simpler to apply, while continuing to be highly effective. End-users are not the people who should be responsible for making decisions about how to secure their own network access properly. Who is better placed to understand the complex interactions between risk attitude at any given point in a network; users, or the professionals responsible for the development, maintenance and application of security and networking policy? This isn’t about controlling users but allowing them to concentrate on what is really important to their employers – whilst ensuring that the network is protected. To continue the ‘evolution’ theme we have to make sure that we have the right ‘genetics’ in place that empower organisations to be agile and make those mutative adaptations that keep us one step ahead of the malefactors.

It is important for vendors to take a leading role in helping enterprises to formulate and deliver responsive and agile security policies that support their business goals. So, openness and adherence to standards are important. We must strive to make sure that the fundamental values of security, (predictable performance, quality of service, ease of management etc.) are baked-in to our solutions to enable the adoption of new and innovative applications that will help to shape the business processes of the future. We must also provide flexible yet robust systems that are capable of operating in diverse environments and having the right genetic makeup which allows intelligent and seamless optimization of their unique features and benefits. Enterprises therefore must do their due diligence thoroughly when assessing the welter of technological promises from a large number of vendors and, by relying on trusted partners, analysts, and integrators, make strategic investment in their infrastructure rather than piecemeal application of non-integrated or un-integratable technologies.

Dr Anton Grashion – Security Strategist EMEA, Juniper Networks