Would you notice if you were being penetrated?
- 27 May, 1998 13:52
Probably. But if the penetration was computer-based, would you notice? When your customer's office is burgled, it's fairly obvious when you arrive that things are a tad more untidy than usual. You've both been done.
Network burglars don't leave cupboard doors open and sock drawers tumbled on the floor. They just sneak in, get what they want and slink off into the ether. And if they like what your customers have, they'll be back several times to continue their plunder of their corporate assets.
Citadel Security Management Systems now has available a range of products and services to detect and lock out these network thieves. Its SAFEsuite tool set includes the Web Security Scanner, Firewall Scanner, Intranet Scanner and System Security Scanner. All these tools are available for purchase, or you can retain Citadel to run the tests for your customers using their own copies of the software.
"Firewalls are an important component of network security and many organisations assume they are safe because they have one," said Alison Muir, Citadel's northern region manager. "When setting up a firewall with multiple rules for packet filters and proxies for different services, it is easy to misconfigure something, leaving huge holes for determined attackers. Firewall Scanner finds misconfigurations and reports them as vulnerabilities," she said.
The now ubiquitous Web server is another area presenting opportunities for network thieves to attack and enter a company. Frequently, even if the Web server is nice and secure, other services have been added to the server which may never have been made safe, or perhaps cannot be made safe by their design.
Web Security Scanner runs its scans against everything that is loaded onto the Web server, not just the Web code.
"An unsecured Web site can be compromised by an attacker, allowing access to the network and valuable customer related information", said Muir.
"User names, passwords and credit card numbers are just a few of the sensitive information types commonly stored on Web servers. You can run Web Security Scanner to identify the weak points, or you can wait until you've been penetrated. I know which I'd prefer."
SAFEsuite is available now for Windows NT and most Unix variants.
Phone: (02) 9211 3412