NETWORK WORLD NEWSLETTER: ANDREAS M. ANTONOPOULOS ON THE DATA CENTER 11/02/04 Today's focus: Host-based security controls
Dear [EMAIL PROTECTED], In this issue: * Security moves to individual hosts * Links related to Data Center * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Force10 Networks Is Gigabit Ethernet Density Important to You? The Force10 Networks TeraScale E-Series leads the industry with up to 672 line-rate Gigabit Ethernet ports or up to 56 line-rate 10 Gigabit Ethernet ports in a single massively resilient, fully redundant chassis. For more information on the industry leading family of switch/routers, visit http://www.fattail.com/redir/redirect.asp?CID=85880 _______________________________________________________________ WHAT ARE YOU DOING TO GET AHEAD? An IT recruiter outlines the actions you should take to advance your career. Learn how you can gather the enduring respect of colleagues, clients and business associates without coming off as pompous or self-serving. Click here to find out what you need to do to get ahead: http://www.fattail.com/redir/redirect.asp?CID=86095 _______________________________________________________________ Today's focus: Host-based security controls By Andreas M. Antonopoulos One of the most costly and time-consuming enterprise security tasks is patch management. Estimates of the cost of patch management vary - with some saying organizations spend millions of dollars per year - but it's indisputable that IT executives have to audit hundreds or even thousands of desktops and servers to discover which are un-patched and apply the appropriate patches. Without thorough testing, patches may cause unanticipated software conflicts and errors. And while this effort is ongoing, new patches are released almost daily. No wonder IT executives seek alternative approaches! A contributing challenge is the fact that an organization's security is no longer clearly defined. With laptops coming and going, it's easy for a virus or worm to enter behind a firewall and wreak havoc from within. As the perimeter has eroded, IT executives have built a new perimeter around every desktop and server in their networks. Using host-based security products such as personal firewalls and desktop intrusion prevention systems (IPS), IT managers can provide a "personal" perimeter that protects each host. The advantages of moving the perimeter to the host are significant. Host-based firewalls and IPSs can protect the host from unknown exploits (known as zero-day exploits) even if the host is vulnerable to the exploit and un-patched. Furthermore, host-based firewalls can block unauthorized outgoing traffic from the host. This means that even if a host is infected by malware, it cannot spread the infection to the rest of the infrastructure. Host-based protection therefore creates the ultimate compartmentalization within the network, protecting each host from its neighbors and vice versa. Some of the technologies that can be deployed for host-based protection include: * Anti-virus - the most common host-based protection, anti-virus ��is already deployed on most systems in enterprises. All ��participants in a recent Nemertes benchmark report using at ��least some anti-virus software - and most deploy it at multiple ��levels (on the desktop, on the server and at the gateway). * Personal network firewalls - a firewall can block incoming and ��outgoing traffic, stopping malware from propagating from system ��to system. * Personal application firewalls - application firewalls can ��control which software packages on a host are allowed to use the ��network, which ports they can use and whether they can receive ��connections from other hosts. * Operating system protection - monitoring and controlling ��access to files, the registry, system calls and DLLs can protect ��the host from Trojans, key-loggers and viruses even after these ��have compromised part of the OS. * Host-based IPS - combining behavioral analysis and signature ��filters, host-based IPS combines the best features of ��anti-virus, network firewalls and application firewalls in one ��package. Host-based protection offers the opportunity to escape the firefighting of patch management, allowing IT executives to focus only on the most important patches. Without host-based protection, a single infected system can wreak havoc on the enterprise's infrastructure. For many IT executives, malware is a recurring nightmare that keeps reappearing every time an unpatched host appears anywhere on the network. This all-or-nothing state of security, where a single weak link can re-create a wave of malware infections, is a constant drain on resources. By applying host-based protection, each host becomes a "bastion" within the network, and security breaches from malware are contained. RELATED EDITORIAL LINKS Cisco Security Agent http://www.cisco.com/en/US/products/sw/secursw/ps5057/ McAfee Host-IPS http://www.nwfusion.com/nldatacenter800 ISS RealSecure http://www.nwfusion.com/nldatacenter801 _______________________________________________________________ To contact: Andreas M. Antonopoulos Andreas M. Antonopoulos is principal research analyst at Nemertes Research. He can be reached at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ This newsletter is sponsored by Force10 Networks Is Gigabit Ethernet Density Important to You? The Force10 Networks TeraScale E-Series leads the industry with up to 672 line-rate Gigabit Ethernet ports or up to 56 line-rate 10 Gigabit Ethernet ports in a single massively resilient, fully redundant chassis. For more information on the industry leading family of switch/routers, visit http://www.fattail.com/redir/redirect.asp?CID=85879 _______________________________________________________________ ARCHIVE LINKS Archive of the Data Center newsletter: http://www.nwfusion.com/newsletters/datacenter/index.html Data Center research center: http://www.nwfusion.com/topics/datacenter.html _______________________________________________________________ FEATURED READER RESOURCE NW CLEAR CHOICE TESTS The Network World Lab Alliance is a coalition of industry experts, network integration consultants, independent test labs and universities who conduct single-product reviews and head-to-head comparative tests in real enterprise network settings. Find out which products get the "thumbs-up" in categories such as web front-end devices, WLAN security, anti-spam and more at: <http://www.nwfusion.com/reviews/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here : http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
