- Email: [email protected]
Pessimism in cyberspace is alive and well
Computers & Security, Vol. 18, No. 2
revealed
where
emphasized
the
virus
was
discovered,
Trend
that the virus was not yet in the wild.
Security Research Alliance Begins Four networking
giants Cisco Systems Inc., Lucent Associates Inc. and Sun Inc., Network
Technologies Microsystems Inc. - have allied to collaborate on network security research, a move which also could help them
attract VARs, said industry
Alliance to share
technology development; move products that result
from team research into the commercial realm; and to work together to generate funding for projects. Less esoteric concerns also are drivers, said analysts. “The name of the game here is [the] channel”, said Larry Dietz, director of information security strategies at CurrentAnalysis,
Sterling,Va.
Security
concerns
when
the larger picture
of cur-
Terry
Benzel,
vice
president
for
advanced
security
research at Network Associates, Santa Clara, Calif. “No one company will have the strength and the vision to address those problems.” Partnering will enable vendors to tap a wealth research, executives said. “There’s a great deal
watchers.
Charter members of the Security Research (SRA) recently outlined the group’s goals: information about security to attempt to more quickly
competitive
rent and future threats to network security is examined, SRA members said. “The magnitude of the information security problems facing us is huge”, said
vendors
such
as Axent Technologies Inc., Secure Computing Inc. and Security Dynamics Technologies Inc., as well as Network Associates are “trying to go mainstream and get as many of their products out as soon as possible. [VARs] who install the stuff are prime prospects”, Dietz said. The founding four companies “are all infrastructure folks-particularly Lucent, Cisco and Sun-and they are much more likely to be present in an organization than any [particular] security products”, Dietz said. “The main reason people get into alliances is so their products will work together”, he added. “If respective vendors’ products were more tightly integrated as a result of the alliance, the companies’ market clout would pique VARs’ interest”, said Mike Marsilio, director of enterprise consulting at reseller Bay Data Consultants, Norcross, Ga.
of of
research that has been conducted within vendor-specific channels, and the government also conducts its own research”, said Kevin Ziese, manager of network security research at Cisco, San Jose, Calif. “But that doesn’t help the entire field move forward as a whole.” Likewise, “[Lucent] has a huge stake in the future of communications network security”, said Mike Reiter, head of the secure systems research department at Bell Labs’ information sciences research center in Murray Hill, N.J. Bell Labs is the research & development arm of Lucent. Network Associates compiled the original list of companies to join the association, said Reiter, and others are expected to join in the future. Participants have branches dedicated to security research, which focus on developing future technologies. SRA will hold its first symposium in Los Angeles just prior to Spring Internet World, slated for April 12-16 in Los Angeles.
Pessimism in Cyberspace and Well
is Alive
It is an old maxim that a chain is only as strong as its weakest link. This assumption has long guided the understanding of computer and network security. But this and a number of long-held assumptions are challenged by a recent publication issued at the behest of the US government.
The panoply of threats to network security is the main reason for the group’s formation, said SRA members. (Go to www.crn.com/onlineplus for related story: Technologic to equip VARs with free
the results of another one of its panels looking into various aspects of our changing technical world.
network
This
security
scan
service.)
It is easy to shelve
The National
recent
Research
NRC
Council
volume,
(NRC)
“Trust
in
has published
Cyberspace”
95
Security Vie ws/Dr. Bill Hancock
(ISBN O-309-06558-5), committee that started committee
was appointed
is the result of a 14-member meeting in June 1996. The by the NKC
in response
to
a request from the Defense Advanced Research Agency and the National Security Agency.The study was designed, in the words of the report, “to assess the nature of information systems trustworthiness and the prospects for technology that will increase trustworthiness.” For the fiscally challenged, the NRC has also put this report on the World Wide www.nap.edu/reading room/books/trust/.
Web
at
The report notes: “It is easy to build a system that is less trustworthy than its least trustworthy component. The challenge is to do better: to build systems that are more trustworthy than even their most trustworthy components.“The report then provides some general guidelines on ways to amplify system reliability and security.There are a number of chapters in this report, such as “Trustworthy Systems from Untrustworthy Components”mentioned above, that are valuable in their own right. But the mission of NRC committees is to provide
becoming
of
Numerous
intrusion
increasing
commercial
detection
importance.
systems
have
been
developed to meet the needs of this market although some have become more dominant
and, than
others, no single standard exists. Different select different vendors and, since incidents
sites will are often
distributed over multiple sites, it is likely that different aspects of a single incident will be visible to different systems. Clearly, it would be advantageous for these diverse intrusion detection systems to be able to share data on attacks in progress. A new
Intrusion
Detection
working
group
is being
established in the Security Area of the IETF to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and the management systems which have to interact with them.The outputs of the working group will be:
specific recommendations for government action, especially in the area of government-fimded research.
1. A requirements document, which describes the high-level functional requirements for communication between intrusion detection systems and the requirements for communication between intru-
The committee investigated not only the effects of malicious attacks by people who want to disrupt net-
sion detection systems and with management systems. It will include the rationale for the requirements and contain scenarios to illustrate those
work operations, but also the effects of accidental misconfigurations of network components and the impact of environmental factors such as fibretropic backhoes. The
conclusions
and research
recommendations
2.
New IETF Task Force on Intrusion Detection Security incidents are becoming more common and more serious, and intrusion detection systems are
A common
intrusion
will describe ments.
sec-
tion of the report does not present all that reassuring a picture. The current national network infrastructure, comprising the public telephone network and the Internet, is not well-positioned for security and reliability The report points out a number of vulnerable areas and makes several specific recommendations for research that would help to enable the creation of more secure and reliable networks in the future.
96
requirements.
3.
language
data formats
specification,
which
that satisfy the require-
A framework document, which will identify existing protocols which can best be used for communication between intrusion detection systems, and describe how the devised data formats relate to them.
The current goal is to submit the Requirements document as an Internet-Draft by April 1999 with the target of achieving RFC status by August 1999. The Framework and Language documents will be submitted
as Internet-Drafts
achieving December
RFC 1999.
status
in August for
both
with
the
aim
documents
of by
revealed
where
emphasized
the
virus
was
discovered,
Trend
that the virus was not yet in the wild.
Security Research Alliance Begins Four networking
giants Cisco Systems Inc., Lucent Associates Inc. and Sun Inc., Network
Technologies Microsystems Inc. - have allied to collaborate on network security research, a move which also could help them
attract VARs, said industry
Alliance to share
technology development; move products that result
from team research into the commercial realm; and to work together to generate funding for projects. Less esoteric concerns also are drivers, said analysts. “The name of the game here is [the] channel”, said Larry Dietz, director of information security strategies at CurrentAnalysis,
Sterling,Va.
Security
concerns
when
the larger picture
of cur-
Terry
Benzel,
vice
president
for
advanced
security
research at Network Associates, Santa Clara, Calif. “No one company will have the strength and the vision to address those problems.” Partnering will enable vendors to tap a wealth research, executives said. “There’s a great deal
watchers.
Charter members of the Security Research (SRA) recently outlined the group’s goals: information about security to attempt to more quickly
competitive
rent and future threats to network security is examined, SRA members said. “The magnitude of the information security problems facing us is huge”, said
vendors
such
as Axent Technologies Inc., Secure Computing Inc. and Security Dynamics Technologies Inc., as well as Network Associates are “trying to go mainstream and get as many of their products out as soon as possible. [VARs] who install the stuff are prime prospects”, Dietz said. The founding four companies “are all infrastructure folks-particularly Lucent, Cisco and Sun-and they are much more likely to be present in an organization than any [particular] security products”, Dietz said. “The main reason people get into alliances is so their products will work together”, he added. “If respective vendors’ products were more tightly integrated as a result of the alliance, the companies’ market clout would pique VARs’ interest”, said Mike Marsilio, director of enterprise consulting at reseller Bay Data Consultants, Norcross, Ga.
of of
research that has been conducted within vendor-specific channels, and the government also conducts its own research”, said Kevin Ziese, manager of network security research at Cisco, San Jose, Calif. “But that doesn’t help the entire field move forward as a whole.” Likewise, “[Lucent] has a huge stake in the future of communications network security”, said Mike Reiter, head of the secure systems research department at Bell Labs’ information sciences research center in Murray Hill, N.J. Bell Labs is the research & development arm of Lucent. Network Associates compiled the original list of companies to join the association, said Reiter, and others are expected to join in the future. Participants have branches dedicated to security research, which focus on developing future technologies. SRA will hold its first symposium in Los Angeles just prior to Spring Internet World, slated for April 12-16 in Los Angeles.
Pessimism in Cyberspace and Well
is Alive
It is an old maxim that a chain is only as strong as its weakest link. This assumption has long guided the understanding of computer and network security. But this and a number of long-held assumptions are challenged by a recent publication issued at the behest of the US government.
The panoply of threats to network security is the main reason for the group’s formation, said SRA members. (Go to www.crn.com/onlineplus for related story: Technologic to equip VARs with free
the results of another one of its panels looking into various aspects of our changing technical world.
network
This
security
scan
service.)
It is easy to shelve
The National
recent
Research
NRC
Council
volume,
(NRC)
“Trust
in
has published
Cyberspace”
95
Security Vie ws/Dr. Bill Hancock
(ISBN O-309-06558-5), committee that started committee
was appointed
is the result of a 14-member meeting in June 1996. The by the NKC
in response
to
a request from the Defense Advanced Research Agency and the National Security Agency.The study was designed, in the words of the report, “to assess the nature of information systems trustworthiness and the prospects for technology that will increase trustworthiness.” For the fiscally challenged, the NRC has also put this report on the World Wide www.nap.edu/reading room/books/trust/.
Web
at
The report notes: “It is easy to build a system that is less trustworthy than its least trustworthy component. The challenge is to do better: to build systems that are more trustworthy than even their most trustworthy components.“The report then provides some general guidelines on ways to amplify system reliability and security.There are a number of chapters in this report, such as “Trustworthy Systems from Untrustworthy Components”mentioned above, that are valuable in their own right. But the mission of NRC committees is to provide
becoming
of
Numerous
intrusion
increasing
commercial
detection
importance.
systems
have
been
developed to meet the needs of this market although some have become more dominant
and, than
others, no single standard exists. Different select different vendors and, since incidents
sites will are often
distributed over multiple sites, it is likely that different aspects of a single incident will be visible to different systems. Clearly, it would be advantageous for these diverse intrusion detection systems to be able to share data on attacks in progress. A new
Intrusion
Detection
working
group
is being
established in the Security Area of the IETF to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and the management systems which have to interact with them.The outputs of the working group will be:
specific recommendations for government action, especially in the area of government-fimded research.
1. A requirements document, which describes the high-level functional requirements for communication between intrusion detection systems and the requirements for communication between intru-
The committee investigated not only the effects of malicious attacks by people who want to disrupt net-
sion detection systems and with management systems. It will include the rationale for the requirements and contain scenarios to illustrate those
work operations, but also the effects of accidental misconfigurations of network components and the impact of environmental factors such as fibretropic backhoes. The
conclusions
and research
recommendations
2.
New IETF Task Force on Intrusion Detection Security incidents are becoming more common and more serious, and intrusion detection systems are
A common
intrusion
will describe ments.
sec-
tion of the report does not present all that reassuring a picture. The current national network infrastructure, comprising the public telephone network and the Internet, is not well-positioned for security and reliability The report points out a number of vulnerable areas and makes several specific recommendations for research that would help to enable the creation of more secure and reliable networks in the future.
96
requirements.
3.
language
data formats
specification,
which
that satisfy the require-
A framework document, which will identify existing protocols which can best be used for communication between intrusion detection systems, and describe how the devised data formats relate to them.
The current goal is to submit the Requirements document as an Internet-Draft by April 1999 with the target of achieving RFC status by August 1999. The Framework and Language documents will be submitted
as Internet-Drafts
achieving December
RFC 1999.
status
in August for
both
with
the
aim
documents
of by