5,000,000 articles - not found on any other search engine.

Content provided in partnership with
Thomson / Gale

Find similar results using these terms Related Searches
click to hide
Find featured articles in these publications Featured Titles for
Computers & Technology

click to hide
Hot New Articles by Topic
click to view
Top Articles Ever by Topic
click to view
Enterprise networks remain vulnerable - Trends
Communications News,  June, 2003  
Save a personal copy of this article and quickly find it again with Get started now. (It's free.)

Network-based attacks--excluding worm and blended-threat activity--have declined by 6%, according to a recent security report from Symantec. While good news for IT security staff scrambling to protect their corporate networks, the small drop represents only two hairs off of a big bear.

Symantec analyzed more than 30 TB of data on network-based attack activity, vulnerability discovery and malicious code. Proving that cyber attacks remain a real threat to enterprises, the report points out that, on average, companies still experienced 30 attacks per company per week. This number is 20% higher than the rate recorded during the same six-month period in 2001.

"Any company that does not provide a regular focus on security will likely be compromised," says Jeffrey Guilfoyle, vice president of systems and security for Solutionary in Omaha, Neb.

Of specific concern to Guilfoyle is the increasingly advanced methods used by even the most inexperienced hackers. Symantec's security report echoed similar concern over the relative ease with which attackers are able to exploit new vulnerabilities. Symantec documented 2,524 new vulnerabilities in 2002, representing an increase of 81.5% over 2001. According to the report, approximately 60% of all new vulnerabilities could be easily exploited either because the vulnerability did not require the use of exploit code or because the required exploit code was widely available.

"A network is only as secure as its weakest link," says Guilfoyle. "Even the most sophisticated organizations are still regularly compromised."

Guilfoyle suggests that companies establish a cross-functional enterprise security committee to oversee all aspects of security, including the creation, updating and execution of a comprehensive security policy. He also makes the following recommendations regarding five often-missed weaknesses:

Misconfigured firewalls. A firewall is an absolute requirement for any business with a connection to the Internet, but it is only as effective as its configuration, which should be customized around the network profile. Companies should be as explicit (and restrictive) as possible as to what data can come in or go out and then simply block everything else. In no case should companies use a firewall's default settings, and firewall rules should be periodically reviewed and assessed.

Business partner connections. The traffic on internal connections that provide information sharing with vendors and partners needs to be treated as untrusted, the same as a general Internet connection. Relying on a router is often not sufficient. Additional measures like encrypted VPN tunnels, firewalls and intrusion-detection systems can greatly reduce the risk of these types of connections.

Server and application "holes." Almost 95% of server, operating system and application vulnerabilities are the result of known software holes. Companies should implement a regular schedule of software patching, and identify staff in the network and IT groups who will be responsible for the regular implementation of the constant stream of patches distributed by IT vendors, and verify that the patches are applied in a timely manner.

Home and remote-office VPN users. Few home users or remote offices adhere to the same security standards present at a corporate location, and often deploy insecure wireless networks. Organizations should enforce security standards for off-premises machines, limit network access from VPN users and institute strict password policies.

External e-mail systems. Employees checking e-mail from third-party e-mail providers, such as Yahoo, AOL and MSN, can unwittingly unleash viruses, Trojans and worms. Companies should implement policies that limit employee access to external e-mail systems, and utilize technological solutions to enforce this policy. Additionally, companies should keep updated antivirus software at each desktop.

For more information from Solutionary:

COPYRIGHT 2003 Nelson Publishing
COPYRIGHT 2003 Gale Group

Web Results Related to "jeffrey guilfoyle solutionary" About
  • - Companies sharpen tech tools to counter scams
    ... Jeffrey Guilfoyle, a vice president at security company Solutionary, said that while technology offers a quick fix, "from a longer-term perspective, education of the user base is really the only way ...
  • -
    ... Internet connections between computers are like telephone conversations, explained Jeffrey Guilfoyle, senior security expert at Solutionary Inc. If someone intercepts a call, they could potentially ...
View additional related Web sites »