Test your network security

The only thing more painful than finding holes in your network is finding out about them on the evening news. Large networks are hard for administrators to secure and easy for hackers to compromise.

Problem: Your company's network has more connections than you can count, leaving some doors wide open to attack.

Solution: Use network security scanning to find out where your weaknesses are before someone else does.

The only thing more painful than finding holes in your network is finding out about them on the evening news. Large networks are hard for administrators to secure and easy for hackers to compromise. Discover your weak spots before you're attacked by using managed security monitoring and scanning services.

Post a sentry

Surveillance is the cornerstone of any good security system. On your network, that means a real-time monitoring service, like the one provided by Counterpane Internet Security. For fees starting at about US$12,000 per month, Counterpane keeps a watchful eye on all your network activity, logging all access and looking for anything unusual.

While no security service is infallible, Counterpane's systems and security experts can detect odd behavior, such as hackers tunneling through your network, and block access at a moment's notice to keep ne'er-do-wells at bay. At first blush, US$144,000 a year may seem an exorbitant amount to spend to ward off an otherwise imperceptible threat, but - as computer e-tailer Egghead.com's December break-in demonstrated - a single hack can cost a company millions of dollars. By keeping an eye on who's using your systems, you can keep damages to a minimum.

A monitoring service is a must-have for keeping watch over your systems' behavior, though to be really secure you should patch up weak spots before break-ins occur. But you can't fix problems you don't know about.

Even the best and brightest system administrators can't possibly keep track of every computer on the network. With new machines added and removed daily, and more users than an abacus can count, vulnerabilities are inevitable. Fortunately, there's a way to discover your weaknesses before your enemies do.

A security scanning service queries all the systems on your network, looking for vulnerabilities that hackers could exploit. One of the best such services is Foundstone's FoundScan (starting at US$45,000 per year), which uses a technique called footprinting to create a comprehensive map of your network¬óincluding machines your IT team may not even know about. FoundScan works by probing the ports on all the machines within a given range of IP addresses. Because the range of IP addresses your company uses is a known value, deploying the service on your network takes only a few minutes.

Once it has your IP range, FoundScan goes to work pinging all of your addresses in turn. As it finds computers on your network, it sets about probing their ports to find out which networking services are running, and it attempts to connect to your network. When the test is complete, Foundstone sends you a report of the scan.

If FoundScan finds a weakness and accesses your network, so can a hacker. So it's vital that you review your reports thoroughly. Included within each report is a map of all systems found on the network with a list of their services and weaknesses and advice to help you patch things up. For instance, if the report lists a computer running NetBIOS, just click the word NetBIOS to find a description of this service's weaknesses and a quick remedy to your problem (which usually involves disabling it).

There is little reason to leave network services running unless they are necessary to your business. If you don't use FTP to transfer files back and forth, disable it. Just as you wouldn't leave your front door open when you're not at home, you should seal all unused entrances to your network - once you know where they are.

Safe and Sound
Being in the Internet security business, Terry Ryan understands the seriousness of hacker-related threats. "We provide the software that server administrators and ISPs can use to protect their e-business investments from hacking," says Ryan, IT director for Entercept Security Technologies. "We have an acute awareness of the threats and vulnerabilities that are out there, and [Foundstone's] FoundScan enables us to keep tabs on our own secure environment."

While initially it might seem odd that one security company turns to another for service, Ryan sees no contradiction. "Even though these guys know what's going on," he says, "the ability to focus on the real problems and not get tied down with doing their own scans and analysis lets them focus their talents where it is most effective." Before signing up with Foundstone, Entercept typically assigned four people to scan its network for vulnerabilities. Now, using FoundScan, those people concentrate on "deeper issues" of network security, like keeping track of trends.

FoundScan doesn't just free up workers. "What we've found is that there's some expertise there that's unique, and it's something that even our top-notch experts can't reproduce," says Ryan. Yet, though the service uses complex means to get results, the reports are simple enough for any experienced user to read and understand. Ryan estimates that while FoundScan costs as much annually as having one security expert on the payroll, the service saves his company as much as US$100,000 per year. "It boggles my mind to see [FoundScan] accomplish what would otherwise take days or longer, in a matter of minutes."