Indonesian Political, Business & Finance News

Quarantine engine to defend enterprise network

| Source: ZATNI ARBI

Quarantine engine to defend enterprise network

Zatni Arbi, Contributor, zatni@cbn.net.id

One of the unwelcome repercussions of the escalating tension
between Indonesia and Malaysia has been the explosion of cyber
attacks. Hackers from the two neighboring countries have been
increasingly active in attacking each other's websites.

This is completely undesirable because hacking and defacing
websites will only deepen the resentment between the two
countries. Even if a hacker from one country succeeds in defacing
an official website of the other country, does that mean that the
war is won?

Unfortunately, that is exactly what has been happening lately,
despite calls from the more responsible members of the IT
community to put an end to it.

However, the cyberwar also puts in the spotlight the fact that
we are just as vulnerable in the cyberworld as we are at a busy
intersection in Jakarta when the traffic light is red.

While hacking and defacing happen mostly during a period of
animosity, more common security threats to our computing
resources include viruses, Trojan horses, worms and denial of
service (DoS) attacks. The targets vary tremendously.

Hackers may aim to create problems for the system
administrators of their perceived enemies. A disgruntled employee
may wish to take revenge by launching internal attacks on his
company's own data center.

Recently, Alcatel, a company that is more widely known for its
telecom products, showcased its latest network defense solution
for enterprise computing. Called Automated Quarantine Engine, it
focuses on preventing virus and worm attacks on enterprise
networks and works seamlessly with third-party intrusion
detection and prevention.

Prevention through containment

Perhaps not many people outside the IT industry realize that
the French company also provides equipment for business
enterprises, in addition to technology products for fixed and
mobile telecommunications.

One of the widely used network gears in its offerings is the
OmniSwitch, a series of intelligent network switches for
workgroups and enterprises. Other network gears include
OmniAccess for wireless local area networks (WLANs) and OmniVista
Network Management System.

Alcatel's new solution uses Sygate's host integrity,
protection, enforcement and remediation technology, along with
802.1x technology. It ensures that devices accessing the network
are secured by antivirus software with updated virus definitions,
a personal firewall, operating system service packs and patches.

To understand how the solution works, let us look at the
typical scenario for an unprotected network. When a user receives
a virus-infected e-mail message or accesses a virus-infected
media such as a floppy diskette, for example, his computer will
be infected.

The same virus will then spread to other parts of the network.
When the virus attack is finally detected by the network
administrator, he will try to identify the source of the virus
and try to isolate the user with the tools that are available to
him.

Unfortunately, by this time the infected area may have grown
to cover a major part of the network. Cleaning up each of the
computers on the network is a time-consuming task, despite the
availability of powerful tools.

In the meantime, the user, whose access to the network is
denied, may become very frustrated. He is likely to make a series
of attempts to access the network before calling the help desk.

Now, with Alcatel's CrystalSec framework, each time an attack
is detected, its Automated Quarantine Engine (AQE) will
automatically isolate the user and put him in a virtual
quarantine.

Here, the host integrity software will check the user's
specific activity and determine whether it is a real attack or
simply an unusual but benign activity. If a virus infection is
confirmed, a remediation will be performed. If it turns out that
the user was simply executing an activity that did not conform to
the established policies but constituted no threat, then the
policies may be modified slightly and the user can be released
from AQE back to the network.

The strength of the AQE, as explained by Alcatel, lies in the
fact that no human intervention will be required. Also, the
OmniSwitch will require no additional hardware or software.

Proactive or Reactive?

In our business enterprises, investment in security measures
may not receive the priority they should. There are reasons for
this, budget constraints may be chief among them. Security
solutions are not cheap and they have to be constantly updated to
keep up with emerging security threats.

The second reason may be our general propensity to be reactive
rather than proactive.

However, when the health of our computing resources determines
the health of our business, this attitude toward security will
have to change.

View JSON | Print