Seeing as how e-mail servers across the planet were once again throttled last week by some mud-brained misanthrope’s idea of a giggle, I figured it might be a good time to discuss the viability of a dedicated security manager even in medium-size networks.
Before the bottom fell out of the IT market, pundits like me were touting security administrators and even chief security officers as positions ranking right up there with CIO and CTO. But in the mad rush to satisfy corporate bean counters after the Great Web Depression, many companies (my clients at least) eliminated dedicated security positions early on, opting instead to make security a part of core network administration. The trouble with that approach is that security is a multi-faceted problem requiring not only full-time attention, but often more than one discipline of expertise.
Consider the last few months: We had trouble from the record industry claiming bloody vengeance on any person or organization caught pilfering copyrighted songs via file sharing applications like the annoyingly-spelled Kazaa; there was some industry buzz around SNMP (Simple Network Management Protocol) security vulnerabilities; Cisco reported a dangerous problem with its routers facing the Internet, requiring a quick code upgrade; Microsoft reported its usual half dozen or so "suddenly discovered" Windows 2000 and Windows XP vulnerabilities; and then, blaster and sobig reared their pointless, ugly heads.
Now if you’re a network administrator tasked with keeping the usual Ethernet nightmares to a minimum, simply tracking the aforementioned issues, to say nothing of preventing them, would prove troublesome. More to the point, security isn’t just evolving for four-eyed sociopaths and anti-virus companies. New tools and security strategies are being developed, and tracking these is just as much a part of a security specialist’s job as are direct threats to the system.
A couple of useful examples in this department might start with BrowseControl 1.4 , recently released from a United Kingdom-based company called Codework. This version adds an Application Blocking feature that lets companies build a “black list” of applications that users will no longer be able to launch from their PCs. Using BrowseControl, administrators can quickly and easily block users from running dangerous, time-wasting or badly spelled applications such as Kazaa, instant-messaging programs or specific games. BrowseControl does its job well by using the software’s internal Windows name, so power users who decide to re-name their .exe files to scam BrowseControl won’t make it.
Or there’s the recent Microsoft Knowledgebase article written addressing the proper steps to secure its SNMP service. SNMP is often a critical part of a network management scheme, yet all its overhead messages are sent in clear text. Trap these in a sniffer, and it’s pretty simple to pick out detailed information about the network. In its paper, Microsoft gives step by step instructions on how to create an IPSec SNMP security policy based on filters.