Lockdown your servers

I don’t know how people responsible for network security sleep at night.  If I were responsible for protecting my organization’s IT assets from virus attacks, intrusions, sabotage and the like, I’d never get any sleep.

Just the other day I saw that a new variant of the old Bugbear worm is on the loose (see link below).  The new strain can be very damaging to your network.  Spread through e-mail, Bugbear exploits weaknesses in Outlook, Outlook Express and Internet Explorer.  This virus has the power to disable antivirus software and firewall programs, and leaves behind executable software that spy on your network activities.  It can also open a port to give a hacker access to your system.

The defense that most companies will use against this problem is to install a patch from Microsoft and update their antivirus signatures.  However, this might be too little, too late.  What if the worm slipped into your network before you even heard about it?

That’s the exact concern that BBX Technologies (http://www.bbxtechnologies.com) addresses.  Calling itself a pioneer in malware- (malicious software) prevention software, BBX has developed technology that inoculates Windows desktops and servers against viruses, worms, Trojan horses, spyware, mobile malicious code, unauthorized software installs and modifications, software tunneling and other forms of malware.  With software from BBX on your network, the Bugbear worm and others like it shouldn’t be able to gain a foothold on your system.

I recently had the opportunity to chat with BBX executives Jim Kollegger, CEO, and John Michener, chief scientist, who take a new perspective on network security.  “Chasing malware is a losing battle,” says Kollegger.  He notes that the Slammer virus reached 50 million computers within 10 minutes, virtually crashing the Internet.  Defensive measures came too late to prevent this problem of massive proportions.

“We take a proactive approach to security,” says Kollegger.  “Rather than try to identify every threat by name, we chose to view threats from a higher level and focus on executable applications.  By preventing the introduction of unauthorized executables, we prevent malware intrusions.”  With this strategy, you can protect your servers and the end nodes without having to update the computer every minute.

BBX premiered its technology at IDG’s DEMO 2003 Conference last February.  Called ImmuneEngine, the technology locks down servers, desktops and laptops by creating an independent operating layer around the Windows operating system.  ImmuneEngine detects and deletes unauthorized executables before they have a chance to launch.  With almost daily reports of new security holes in the various versions of Windows, a tool like ImmuneEngine becomes a vital complement to your other security tools like firewalls and intrusion detection systems.

Bob Terry, founder, chairman and CTO of BBX explains how the technology works:

“ImmuneEngine monitors all operations of the Windows kernel, including the memory stack, mouse activity and keyboard activity. The software monitors user activity and kernel-level application activity while applications execute. It monitors all file creation input/output operations performed by the operating system and extends a defensive shield around the entire Windows environment to protect system files and the registry.

“When ImmuneEngine detects the writing of an unauthorized executable, it automatically deletes the unauthorized file.  If an unauthorized executable is launched, or if an existing executable starts misbehaving and violating security policy, ImmuneEngine gently pushes it off the program stack without crashing the system.  If protected systems files have been damaged or if protected portions of the registry have been modified, ImmuneEngine restores protected files and registry segments to their original pre-intrusion state, and generates a detailed forensic report for the network administrator. An additional feature of ImmuneEngine, ExtendShield, offers this class of protection to static data on Web servers.”

The founding partners of BBX all have strong roots in government and military security.  It’s not surprising, then, that the company’s technology has been tested and endorsed by the National Security Agency for sale to the U.S. government, where it has been installed in several agencies.

Michener explains: “In his February 2003 statement to Congress, FBI director Robert Meuller testified that cyberattacks are a very serious and growing threat to security. One of the biggest areas of vulnerability is at the PC level, where malicious software can be installed without the owner’s knowledge.”  This can happen as the user opens an e-mail message or browses a Web site.  The ImmuneEngine technology is meant to prevent the harm before it even starts.

Network security threats and vulnerabilities are growing as we grow more dependent on the Internet and as we deploy increasingly complex software programs and applications.  If you want to rest easier at night knowing you’ve protected your network to the best of your abilities, you’ll look at this option to lock down your servers and nodes.

Linda Musthaler is vice president of Currid & Company.  You can write to her at mailto:Linda.Musthaler@currid.com