Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Apple tops the $100B+ tech club
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
Microsoft details Windows 8 for ARM devices
Blogger exposes major Google Wallet security flaw
Web app lets enterprise set security, sharing for Google Apps users
Cloudscaling to offer OpenStack private cloud platform
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
Resume Makeover: How an Information Security Professional Can Target CSO Jobs
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
/

'Net attacks to plague small and midsize firms

Today's breaking news
Send to a friendFeedback

By DAVID LEGARD
Network World, 10/16/00

Small and midsize companies are likely targets for Internet attacks, and many will suffer a successful attack between now and 2003, according to a report released last week by Stamford, Conn., market research firm Gartner Group.

The report said more than half of the firms that manage their network security and use the 'Net for more than e-mail will be hit. It also said more than 60% of targeted firms will be unaware of the attacks, which are likely to include Web site hacking and the spread of viruses.

Small and midsize firms are especially vulnerable to malicious attacks because they usually do not have personnel with security experience. As a result, part-time employees or personnel with less than top-notch qualifications often manage key corporate servers, Gartner said.

Moreover, small and midsize firms often use regional ISPs that provide unknown levels of security, which puts them at a greater risk of an attack.

Gartner recommends four steps to strengthen network security:

Security checkups: Small and midsize firms connected to the Internet should consider contracting with a security firm to conduct an audit and risk assessment of their networks. The effort should include an internal network security audit and an external penetration test. That should take place whenever a small and midsize company makes major changes to its Web site or firewall, and at a minimum of once per year.

Firewall configuration: Ensuring that a proper firewall is installed is crucial. These firms should focus on firewall appliances that provide a base level of security without requiring detailed security knowledge. Small and midsize firms should request quotes for managed firewall and intrusion detection services from ISPs. Those types of services usually cost less than the equivalent salary of a half-time firewall administrator.

Boundary services: Scanning incoming e-mail for viruses is crucial. Small and midsize companies can use desktop or server-side antiviral protection. The companies should take immediate action to disallow relay and halt the entry of spam into their environments.

Consolidated remote access with strong authentication: Small and midsize firm that provide dial-up access to e-mail and other corporate systems should eliminate desktop modems and use consolidated modem pools and remote access servers. They should require the use of hardware tokens to authenticate remote users.

Legard is a correspondent with IDG News Service's Singapore bureau.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.