Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Security /

More Detection, more! - Part III

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Winn Schwartau
Network World on Security, 05/05/99

Beyond the high profile, stock market crazy IP perimeter scanning approaches to intrusion detection that fills the press wires there are plenty of other ways to significantly increase the sensitivity of your network protection.

System/Network Diagnostics Large networks utilize an assortment of network monitoring tools already; it's part of the administrative job. When a network gets overloaded, from either extra-heavy traffic or a malfunction that causes bottlenecks, a network monitor detects that event. The administrator can then respond in whatever manner is appropriate.

However, these types of events are generally viewed as network management functions, not security problems. We should invite network performance and diagnostic monitors to complement other security focused detection methods in gathering a more complete picture of the network. Then, when the monitor detects some abnormal behavior, the detection mechanism should drive the reaction channel, so that security can assist in determining whether the event was an operational anomaly or an attack.

Monitoring tools are effective at identifying software at nodes in the network and are often used for copyright/license compliance. However, the same mechanisms are applicable for identification of miscreant software at the user's workstation. Likely, you don't want users to have IP sniffing software, steganographic tools, their own encryption software tools or any of a range of hacker tools. By sweeping across your internal networks periodically you can identify those software components that violate your corporate policy.

Winn Schwartau is a security maven, writer and speaker. His recent book "Time Based Security," creates a new paradigm for measuring and quantifying security in any network. His hit books include "Information Warfare" in all three editions. He owns www.infowar.com, the worlds' biggest site for security and information warfare. His team provides extensive security consulting on three continents. In addition, he is a popular, inventive and exciting speaker a boon to any event. Winn can be reached at winn@infowar.com or (727) 393-6600.

RELATED LINKS

Start-up puts hackers on BlackICE
Network World, 04/21/99

Network Associates ships intrusion detection and response tool
Network World, 04/07/99

Review: eNTrax Security Suite
Network World, 03/22/99

Sound the alarm!
Network World, 03/16/99

IP Security: Keeping your business private
Network World, 03/15/99

Implementing workflow
Network World, 11/9/98

Archive of Network World on Security newsletters


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.