August 2005 — The Final Word
Print this articleClick here to receive your FREE subscription to T.H.E. Journal
Road Warriors on Trojan Horses
Manufacturers are introducing new features to old standbys. IP firewalls are augmented with internal firewalls, which can cordon off parts of the network occupied by infected machines. Wireless network gateways are outfitted with device- scanning capabilities, and antivirus software is distributed faster and more easily.
Interestingly enough, while most universities and colleges have deployed some, if not all, of these products, most still experience a high incidence of network breaches that lead to costly cleanup efforts. The situation is perilously unbalanced: The user community possesses the ability to control the level of risk, yet it d'es not bear the responsibility for security breaches. At the same time, network administrators have little control over user computers, but bear the responsibility for eliminating security risks and cleaning up after attacks.
“Not only is protecting the security perimeter difficult when every legitimate mobile useris the perimeter, but mending individual devices on the edge becomes a highly laborintensive and expensive task. Simply stopping a virus or worm actually escalates the cost of support.”
However, the addition of a “host integrity” approach may alleviate this imbalance. Host integrity solutions possess the following two characteristics:
- An ability to enforce the updates of specified patches and antivirus definitions on user machines.
- A mechanism that allows the support desk to delegate to the users the task of fixing infected or vulnerable machines.
These two capabilities allow networks to run healthier machines. But many users disregard administrator requests to upload critical security patches or new definition files, or often fail to turn on antivirus software. Thus, some kind of enforcement and delivery mechanism on the host is necessary to complement and strengthen existing security products by removing or decreasing this element of human error. A solution with the following characteristics effectively takes security policy compliance out of the hands of the users and puts it back into the hands of the network administrators:
- they can identify machines that are infected or possess vulnerabilities
- they can deny network access to users until the latest antivirus files and patches are applied
- if required by the administrator, they can automatically initiate the downloading of the specified files and fixes.
This approach yields several benefits:
First, infected computers never enter the network; therefore, cannot spread malicious payload to other computers. Second, computers with the latest security updates for their operating system are less vulnerable to viruses and worms. Third, organizations can enjoy the full benefits of antivirus software with the assurance that the client components are operational, properly configured, and current. Finally, should an attack succeed in penetrating the defenses, fixes are easily distributed to afflicted computers so that network downtime is minimized.
Conclusion
As security boundaries continue to blur, rendering irrelevant the terms “outside” and “inside,” institutes of education must find security solutions that complement existing perimeter defenses.
