Error 404--Not Found

Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

Search and DocFinder
 
Search help/advanced search
 

Vendor Product Showcase



News NetFlash: Daily News Internat'l News This Week in NW The Edge Features Research Buyer's Guides Reviews Technology Primers Vendor Profiles Forums Columnists Knowledgebase Help Desk Dr. Intranet Gearhead Careers Free Newsletters Subscription Center Seminars/Events Reprints/Links White Papers Partner with Us Site Map Contact Us Home


Error 404--Not Found

Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.








The Signature Series
absurd buzzword contest


Send to colleague

By Ellen Messmer
Network World, 09/27/99

Does anybody need to be told again about marauding hackers using automated scripting tools to pound on a network until they break in like barbarians sacking Rome? Of course not. The question is, what's the best way to stop these modern-day vandals. By most accounts, intrusion-detection software is the answer.

Vendors claim these security tools prevent or detect unauthorized use of networks and host files, whether the breach comes from inside or out. While the tools are immature, expensive and far from invincible, security professionals say they remain valuable because they provide a front line of defense.

"Intrusion detection does the same thing as network management on a different level," says Rhonda MacLean, chief information security director at the Bank of America. "It provides intelligence to co-relate information to give you alerts about attacks."

Intrusion Detection

Intrusion detection is not meant to be the be-all and end-all security solution. Rather, it is a smart addition to an overall security strategy that would include other elements, such as antivirus software.

Intrusion detection provides components that allow for vulnerability assessment and network monitoring, among other functions, MacLean says. "But you have to put the components in perspective in terms of total security. There is no magic bullet," she adds, noting that Bank of America uses several types of intrusion-detection products, including the RealSecure scanning and network-monitoring tools from Internet Security Systems (ISS).

The question is, how well do these and other intrusion-detection products work?

Certainly using intrusion detection is far better than not monitoring for attacks at all. Then again, intrusion detection hardly qualifies as super armor.

Vendors of first-generation, software-based systems have each taken their own technical approach to intrusion detection. The resulting products are complex, and always changing their "attack signatures" need to be updated frequently so that new threats can be spotted.

Intrusion-detection products tend to spew out massive amounts of information without doing enough to make that data intelligible to the all-too-human net manager. For instance, the alerts generated are seldom well-integrated into larger enterprise network management systems. So even if a threat is detected, triggering an automated response to the threat is difficult, at best.

Hopes are high, though, that intrusion-detection products will not just report trouble but also automate responses to threats by instructing network devices how to behave when security problems erupt. Some progress has been made: ISS, Network Associates, Network-1 Security Solutions and Axent Technologies have products that perform intrusion detection in some way with particular vendor

gear. ISS products can block the ports on a Check Point Software firewall. Network Associates and Network-1 can reconfigure their firewall offerings through an intrusion-detection alert.

This response function could become far more sophisticated. For instance, it may eventually become possible to lure hackers with decoy servers, then collect enough data to track and prosecute offenders. Some early forms of this type of security are available in products such as ManHunt, a decoy Web server offered by Recourse Technologies (NW, Aug. 9, page 31).

The Internet Engineering Task Force has begun work in the area, but as yet has not formulated standards for intrusion detection, much less intrusion response. "Intrusion detection is at the beginning, about where antivirus was a few years ago," MacLean says.

Intrusion-detection software for host systems or network monitoring can be pricey, at times costing thousands of dollars per server. So most organizations only deploy the software at network points that give them most worry, perhaps behind a firewall or on servers storing mission-critical or sensitive data.

A young market

Intrusion-detection products can be roughly divided into two main categories. The first is the vulnerability assessment tool that scans for security holes on the network or host machine. The second category relates to products that look for attempts at unauthorized use of a host system or network.

The latter category uses agents that can spot trouble based on the attack signatures they recognize. More sophisticated versions of host- or network-based agents are starting to recognize suspicious activity patterns - anomalies that use something more like artificial intelligence, rather than a specific attack signature, to spot questionable activity.

Like most immature markets, intrusion detection is dominated by small, independent software vendors. For example, Axent and ISS lead the host- and network-based tool markets, respectively, reports International Data Corp. (IDC), a research firm in Framingham, Mass.

Other players include Cisco, with NetRanger; Computer Associates, with SessionWall-3; and Network Associates, with CyberCop Scanner.

But as the stakes raise, so does the market's attractiveness to bigger players. In 1998, the security industry sold $91 million in vulnerability assessment tools and $45.3 million worth of intrusion-detection software, IDC says. But the firm projects strong growth, forecasting a $262 million market this year for vulnerability assessment and intrusion-detection sales combined. That market will grow to almost $1 billion by 2003.

Analysts are cheered by the fact that small, independent players are driving the technology instead of, say, Microsoft.

"You have to have an independent vendor doing this. If you didn't it, would be like the fox guarding the henhouse," says Ted Julian, who recently left his position as research analyst with Forrester Research to become a start-up advisor with Battery Ventures, a venture capital firm in Wellesley, Mass.

"Microsoft and Cisco have no credibility with users in this market," says Jim Hurley, an analyst for security topics at Aberdeen Group, a market research firm in Boston. "Users tell us that."

Nonetheless, Axent and ISS could easily face an upset in the future. IBM is one of the few industry giants with credibility in this area, Hurley says. The company has been quietly working on an intrusion-detection product called Haxor, but has yet to announce a ship date.

Likewise, Cisco has been making gains with NetRanger, which it came by through its purchase of security firm WheelGroup. But if Cisco fails in this market, it's "just a rounding error," Julian insists.

And there's no reason to predict failure. Cisco is forging ahead to add intrusion detection to its firewalls, routers and switches, and this may presage the trend in integrating security features directly into operating systems or applications.

In the meantime, corporations are discovering they have another option. Rather than buying intrusion-detection products, they can lease a service. GTE Internetworking and MCI WorldCom Advanced Net-works offer scanning services on a subscription basis.

All of which gives the intrusion-detection market an ever-growing aura of validity and makes it a viable option for a security manager's arsenal today. With the number of hacker exploits increasing on practically a daily basis, intrusion-detection tools let you see the evil. Despite the drawbacks of their youth, that's a valuable contribution.

Related links

Contact Senior Editor Ellen Messmer

Other recent articles by Messmer

Intrusion detection: a matter of taste
When it comes to choosing a method for detecting intrusions, you've got a choice between host- and network-based systems. We provide an overview and links to product info. Buzz Issue, 9/27/99.

Network World Security Alert
Daily bulletins and news about network security, viruses, hackers, etc., from Network World, the IDG News Service and key security and application vendors.

Start-up's 'decoy' server helps track down hackers
Start-up Recourse Technologieswill release software, dubbed ManHunt, that can record would-be hackers' activities and trace intruders back across the Internet. Network World, 8/9/99.

Intrusion-detection tools to stop hackers cold
Product categories include host-based monitoring and network-based scanners. Network World, 2/15/99.

Scanning for weak links in server security
Review: BindView's Network Security Suite is a World Class watchdog. Network World, 8/30/99.

Defending against cyberattack
In the midst of Year 2000 chaos, key power grids across the country go dark, telecommunications and data networks crash, and emergency services are crippled. Network World, 8/23/99.

ISS upgrades intrusion-detection product suite
Network World, 8/16/99.

Send this article to a colleague

Recipient's name:

Recipient's e-mail:
Your name:

Your e-mail:
Comments:


Feedback

Tell us your thoughts on this article or the issues raised in it. We'll cc: the author and editors on all comments.

Comments:

Name:
E-mail address:

Can we post your comments in an online forum on the topic?
Yes No

What did you think of this article?
Very useful Somewhat useful Not at all useful

Would you want to see:
More articles on this topic
Fewer articles on this topic

Thank you! When you click Submit, you'll be taken back to this article.

Back to the Buzz home page
absurd buzzword competition
Hear our columnists discuss the buzzrelated linksmore stories

  SLAs

  ASPs

  Intrusion detection

  XML

  Directories

  VPN

  Access services

  Policy-based switching

  Convergence

  More Buzz

  Buzz Control

  Y2K

Feedback
Tell us your thoughts on this article or the issues it raises.

Today's News

ICANN board approves reform agenda

House committee subpoenas WorldCom executives

KPMG Consulting to hire Andersen IT staff, not unit

Xerox accounting troubles may total $6 billion

Analysis: Ciena/ONI deal done


All of today's news

Compendium

A good .plan
Plus: Porn credit-card site hacked.

nutter

Prioritizing voice over data in VoIP
Nutter helps a user make sure voice gets priority on a Cisco net.

Research

E-comm Innovator of the Year Award
Know someone with a groundbreaking e-commerce project? Nominate him or her for our annual award.

The Signature Series


  Copyright, 1995-2001 Network World, Inc. All rights reserved.