On the road to prevention

Even though it happened late in the year, 2004 will probably be remembered as the year that Microsoft’s Internet Explorer slipped. Mozilla’s Firefox browser finally reached release status in early November, and by early December had made a noticeable dent in IE’s market share. The main driver for Firefox’s success is not necessarily its innovative features, but rather the lack of easily exploitable security holes. It seems that the serious flaws in Microsoft’s browser finally led many users to decide it’s time for a change. 

In addition to more critical security issues in IE last year, Microsoft also brought us Windows XP SP2 (Service Pack 2). Hailed from Redmond as a security blanket for XP, it was soon clear it was also an application killer, rendering hundreds of applications unusable following installation. Microsoft subsequently removed SP2 from its automatic update service, but continues to remind users to install SP2 whenever they visit the Windows Update site. All this trouble and fuss for a service pack that many admins believe merely treated some symptoms but didn’t address the real problems.

On the Linux front, the release of the v2.6 kernel brought some significant changes in core-level security. The official inclusion of the SELinux (Security Enhanced Linux) code base into the v2.6 kernel introduced much-needed granularity to controlling privilege elevation on Linux systems.

A few layers below these events, Cisco and Microsoft were not-so-quietly planning a joint effort to combat viruses, worms, and intruders, announcing that they were working to bring toge-ther Cisco’s NAC (Network Admission Control) and Microsoft’s NAP (Network Access Protection) technologies to provide for simplified system patching, policy adherence, and problem resolution before potentially destructive systems are permitted normal network access. Although nothing is likely to be released for at least a year, it’s a step in the right direction -- if you’re a Microsoft and Cisco shop.

Across all the layers, a shift was definitely felt in the intrusion detection space. In 2004, IPS products found their footing, and IDS vendors saw the writing on the wall, and began incorporating inline blocking capabilities into their products. It’s always been nice to know when abnormal events have occurred on your network, but the capability to prevent them from doing any harm is the ultimate goal.

Network managers received plenty of encouragement to block threats in 2004, a year in which several security breaches affected millions of innocent people. The October break-in at the University of California, Berkeley netted a cracker roughly 1.4 million names and Social Security numbers. Utah State University unwittingly exposed 7,000 Social Security numbers and names of students, faculty, and staff on its Web site for an extended length of time, correcting the problem in October. Universities weren’t the only targets, of course. In March, Equifax announced that criminals posing as credit issuers illegally accessed the credit files of 1,400 Canadians.