Pessimism in cyberspace is alive and well

Pessimism in cyberspace is alive and well

Computers & Security, Vol. 18, No. 2 revealed where emphasized the virus was discovered, Trend that the virus was not yet in the wild. Secur...

203KB Sizes 5 Downloads 114 Views

Computers & Security, Vol. 18, No. 2

revealed

where

emphasized

the

virus

was

discovered,

Trend

that the virus was not yet in the wild.

Security Research Alliance Begins Four networking

giants Cisco Systems Inc., Lucent Associates Inc. and Sun Inc., Network

Technologies Microsystems Inc. - have allied to collaborate on network security research, a move which also could help them

attract VARs, said industry

Alliance to share

technology development; move products that result

from team research into the commercial realm; and to work together to generate funding for projects. Less esoteric concerns also are drivers, said analysts. “The name of the game here is [the] channel”, said Larry Dietz, director of information security strategies at CurrentAnalysis,

Sterling,Va.

Security

concerns

when

the larger picture

of cur-

Terry

Benzel,

vice

president

for

advanced

security

research at Network Associates, Santa Clara, Calif. “No one company will have the strength and the vision to address those problems.” Partnering will enable vendors to tap a wealth research, executives said. “There’s a great deal

watchers.

Charter members of the Security Research (SRA) recently outlined the group’s goals: information about security to attempt to more quickly

competitive

rent and future threats to network security is examined, SRA members said. “The magnitude of the information security problems facing us is huge”, said

vendors

such

as Axent Technologies Inc., Secure Computing Inc. and Security Dynamics Technologies Inc., as well as Network Associates are “trying to go mainstream and get as many of their products out as soon as possible. [VARs] who install the stuff are prime prospects”, Dietz said. The founding four companies “are all infrastructure folks-particularly Lucent, Cisco and Sun-and they are much more likely to be present in an organization than any [particular] security products”, Dietz said. “The main reason people get into alliances is so their products will work together”, he added. “If respective vendors’ products were more tightly integrated as a result of the alliance, the companies’ market clout would pique VARs’ interest”, said Mike Marsilio, director of enterprise consulting at reseller Bay Data Consultants, Norcross, Ga.

of of

research that has been conducted within vendor-specific channels, and the government also conducts its own research”, said Kevin Ziese, manager of network security research at Cisco, San Jose, Calif. “But that doesn’t help the entire field move forward as a whole.” Likewise, “[Lucent] has a huge stake in the future of communications network security”, said Mike Reiter, head of the secure systems research department at Bell Labs’ information sciences research center in Murray Hill, N.J. Bell Labs is the research & development arm of Lucent. Network Associates compiled the original list of companies to join the association, said Reiter, and others are expected to join in the future. Participants have branches dedicated to security research, which focus on developing future technologies. SRA will hold its first symposium in Los Angeles just prior to Spring Internet World, slated for April 12-16 in Los Angeles.

Pessimism in Cyberspace and Well

is Alive

It is an old maxim that a chain is only as strong as its weakest link. This assumption has long guided the understanding of computer and network security. But this and a number of long-held assumptions are challenged by a recent publication issued at the behest of the US government.

The panoply of threats to network security is the main reason for the group’s formation, said SRA members. (Go to www.crn.com/onlineplus for related story: Technologic to equip VARs with free

the results of another one of its panels looking into various aspects of our changing technical world.

network

This

security

scan

service.)

It is easy to shelve

The National

recent

Research

NRC

Council

volume,

(NRC)

“Trust

in

has published

Cyberspace”

95

Security Vie ws/Dr. Bill Hancock

(ISBN O-309-06558-5), committee that started committee

was appointed

is the result of a 14-member meeting in June 1996. The by the NKC

in response

to

a request from the Defense Advanced Research Agency and the National Security Agency.The study was designed, in the words of the report, “to assess the nature of information systems trustworthiness and the prospects for technology that will increase trustworthiness.” For the fiscally challenged, the NRC has also put this report on the World Wide www.nap.edu/reading room/books/trust/.

Web

at

The report notes: “It is easy to build a system that is less trustworthy than its least trustworthy component. The challenge is to do better: to build systems that are more trustworthy than even their most trustworthy components.“The report then provides some general guidelines on ways to amplify system reliability and security.There are a number of chapters in this report, such as “Trustworthy Systems from Untrustworthy Components”mentioned above, that are valuable in their own right. But the mission of NRC committees is to provide

becoming

of

Numerous

intrusion

increasing

commercial

detection

importance.

systems

have

been

developed to meet the needs of this market although some have become more dominant

and, than

others, no single standard exists. Different select different vendors and, since incidents

sites will are often

distributed over multiple sites, it is likely that different aspects of a single incident will be visible to different systems. Clearly, it would be advantageous for these diverse intrusion detection systems to be able to share data on attacks in progress. A new

Intrusion

Detection

working

group

is being

established in the Security Area of the IETF to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and the management systems which have to interact with them.The outputs of the working group will be:

specific recommendations for government action, especially in the area of government-fimded research.

1. A requirements document, which describes the high-level functional requirements for communication between intrusion detection systems and the requirements for communication between intru-

The committee investigated not only the effects of malicious attacks by people who want to disrupt net-

sion detection systems and with management systems. It will include the rationale for the requirements and contain scenarios to illustrate those

work operations, but also the effects of accidental misconfigurations of network components and the impact of environmental factors such as fibretropic backhoes. The

conclusions

and research

recommendations

2.

New IETF Task Force on Intrusion Detection Security incidents are becoming more common and more serious, and intrusion detection systems are

A common

intrusion

will describe ments.

sec-

tion of the report does not present all that reassuring a picture. The current national network infrastructure, comprising the public telephone network and the Internet, is not well-positioned for security and reliability The report points out a number of vulnerable areas and makes several specific recommendations for research that would help to enable the creation of more secure and reliable networks in the future.

96

requirements.

3.

language

data formats

specification,

which

that satisfy the require-

A framework document, which will identify existing protocols which can best be used for communication between intrusion detection systems, and describe how the devised data formats relate to them.

The current goal is to submit the Requirements document as an Internet-Draft by April 1999 with the target of achieving RFC status by August 1999. The Framework and Language documents will be submitted

as Internet-Drafts

achieving December

RFC 1999.

status

in August for

both

with

the

aim

documents

of by