Sify Enterprise Solutions :: Extensity Newsletter

The recent spread of the SQL Slammer Worm in computer networks throughout the world, has once again underscored the criticality of network security. The worm attack brought down the networks of several companies leading to loss of productivity and revenues totalling millions of dollars. The event triggered a crisis for a lot of Indian companies as well, and has raised serious questions about the extent to which they have secured their IT networks.

Significantly, the incident brings to fore a most important lesson which is, that network security is more than just having a firewall and deploying some antivirus software. In order to ensure you are adequately protected from external attacks, Sify Enterprise Security Services recommends two fundamental things that you do immediately:

1) Periodically conduct Vulnerability Audits of your IT infrastructure in order to identify vulnerabilities and ways and means of patching them.

2) Deploy Intrusion Detection Systems to keep track of network activity and alert you in case of attacks so that you can take appropriate action.

Should you need expert assistance, Sify Enterprise Security Services can conduct vulnerability audits for you and help you secure your IT infrastructure in an ongoing manner.

Generally there are three techniques that can be used seperately or in combination to improve network QoS

Controlling the networking environment: You have to provide a controlled networking environment in which the capacity can be pre-planned and adequate performance can be assumed.
Using management tools: You can use management tools to configure the network nodes, monitor performance, and manage capacity. Traffic can be prioritized by location, by protocol, or by application type. This allows real-time traffic to be given precedence over non-critical traffic.
Adding control protocols and mechanisms: You can add control protocols and mechanisms that help avoid or alleviate the problems inherent in IP networks. Protocols like Real Time Protocol and Resources Reservation Protocol can provide greater assurances of controlled QoS within the network.

Intrusion Detection is the process of monitoring computers or networks for unauthorized entry points, suspicious activity, or unauthorized file modification. Intrusion Detection System (IDS) is becoming an important part of network security. These systems complement firewalls and are used to detect attempted network attacks (such as a Denial of Service attack), and misuse of network resources.

IDS can alert the administrator about such intrusions and it also has mechanisms / processes for reacting to such intrusions and protecting the targeted system. IDS tools thus form an integral part of a thorough and complete security system. However, IDS by itself cannot guarantee complete security. IDS can greatly enhance security when backed by a security policy and when used in conjunction with vulnerability assessments, data encryption, user authentication, access control and fire walls.

There are two types of IDS : host-based and network-based. Each has its own method of monitoring and securing data, and each has its pros and cons. Briefly, a host-based IDS examines data held on individual computers that serve as hosts; a network-based IDS examines data exchanged between computers, i.e. data in transit.