Westell WSTL Message Board

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Westell WSTL

WSTL 5.900

-4.4%

12:23 PM EST

Public Reply Prvt Reply Mark as Last Read File

Previous 10 Next 10 Previous Next

To: Mad Bomber who wrote (20593)	9/30/2000 8:55:04 PM
From: Rich Wolf	Read Replies (1) of 21342

Interesting article at Merrill Lynch about DSL rollouts and security issues: askmerrill.com Experts Push For Broadband Security Sep. 29, 2000 (InternetWeek - CMP via COMTEX) -- Security experts are counseling enterprise managers to take special precautions as DSL and cable-modem connectivity soar in popularity. Among the suggestions: Turn off services not being used; implement-and enforce-strict access rules and policies; use the network address translation (NAT) protocol; hire firms specializing in broadband security; implement sophisticated password systems and embed robust security capabilities early in application development. Overall, they say the vital ingredient to protecting networks is vigilance. The reason for the concern is that broadband connections are a sitting duck to mischief makers. "There's added vulnerability associated with an always-on connection because you've got a statically defined IP address," said Steph Marr, a security expert and vice president of Predictive Systems Inc., a New York networking company. "You aren't coming in through dial-up, so you aren't getting a new IP address every time. You've got an end point with a defined, publicly routable address. You've painted the bull's-eye on your network; now it's a question of anyone wanting to shoot at you." Businesses and consumers are signing up for broadband services to speed their access to company networks and the Internet. Indeed, projections suggest that as many as 20 million people could be broadband-access customers within three or four years. After a slow start, the pace of DSL uptake is accelerating. The number of subscribers in the United States will grow from around 300,000 last year to roughly 3.3 million in 2002 and 7 million in 2004, according to The Yankee Group. There are now about 2.3 million cable modems deployed in the United States and 3 million in North America, according to market watcher Kinetic Research. The firm forecasts that there will be 15.9 million cable modems deployed in North America by the end of 2003. Although it is essentially a residential play, a significant number of those modems will be used some of the time by telecommuters accessing corporate LANs. DSL is proving to be a big hit not just among small businesses but also with large businesses that use it as a link to remote offices or as an Internet-access technology. It's taking always-on network access to the hinterlands of the American business landscape. But DSL's greatest appeal is to small and midsize businesses that don't have, or need, complex and expensive private networks or super high-speed network connections. Many of these companies, though, are discovering that these services, which strip away the built-in anonymity of dial-up access, pose immense security challenges. But there are defenses. Shakespeare and Co., a New York-based bookseller, had been using an ISDN supplied by its local telephone company, Bell Atlantic (now Verizon Communications), and was unhappy with the service. It switched to a DSL-based virtual private network at the first opportunity. "Our ISDN performance was sporadic," said Bill Spath, co-owner of Shakespeare. He says the phone company assigned Shakespeare's network ID number to another company. "Many times we had no service, and it took Bell Atlantic weeks to figure out the problem." That was unacceptable. "The network is critical to us," Spath said. "We run all our sales reports off a single computer at our main site, so when we had the opportunity to switch to a DSL virtual private network, we did." Shakespeare hired Public Access Network Corp., a New York network services firm known as Panix, to install and manage its DSL connections. Panix installed R7100 SDSL routers from Netopia Inc. as the basic building blocks of a single-pair DSL (SDSL) VPN. The routers were equipped with built-in firewalls to provide the first line of defense against hackers. Through their routers, users could also set up NAT, a method of spoofing hackers by using a published IP address on the Internet and a different one internally. A hacker who tries to compromise the system through the published IP address will come up empty. Shakespeare opted for firewalls and a relatively closed system with a limited area of exposure to the outside world. Even Shakespeare's choice of mail-server hard-ware-a Macintosh-had security in mind. Security experts say that Macs are less open and tougher to crack than PCs that run the Windows operating system. The mail server also faces inward-it serves only the company's employees. "As long as you configure it correctly, a firewall provides a lot of protection. We aren't offering any exotic services like FTP," said Bill Kurland, a co-owner of Shakespeare. "We're only getting mail and Internet access from the outside, so it's tough to break in." Services that use FTP, SMTP and protocols such as NetBIOS can be areas of vulnerability for com-panies of any size. With the emergence of services-laden operating systems such as Windows NT and 2000, many companies find themselves open to compromise. "Services are usually what gets exploited by hackers. The default out-of-the-box install for Windows NT and 2000 offers too many services to be considered safe," said Todd Waskelis, vice president of managed security services for NetSec, a computer-security firm in Herndon, Va. "Services such as NetBIOS-where another machine can easily connect to your machine and retrieve information such as user names-need to be adjusted. Keeping too many services open makes you vulnerable." The solution, Waskelis says, is to turn off the services that aren't in use and configure the system to resist attempts to exploit services that are. And technology managers should institute rules and policies on all machines to restrict access in and out of certain ports on the machines. The process is called "locking down" the network, and it requires not only a intimate knowledge of the potential vulnerabilities of the network but also a good working knowledge of the operating system and IP. For small companies, that may require the hiring of outside experts such as NetSec and Panix. For large companies, it may require the hiring or the training of an in-house expert. Security is a moving target, so what passes as locked-down security today could be an open invitation to a hacker tomorrow. "Renaming accounts using a password schema that's very difficult to crack is another good defense mechanism. Firewalls are only as good as the person implementing them," said Waskelis. "You have to stay on top of everything. There are a lot of devices and software you can load on your machine, but it can't be a 'fire-and-forget' kind of mentality." It's the always-on vulnerabil-ity of DSL that prompted 107-year-old brokerage firm Scott & Stringfellow Inc. to bring a security expert, Predictive Systems, into the earliest planning stages of its recent Web effort. For reasons of privacy and control, the company decided to host its own Web site; many companies outsource that function. Unlike Shakespeare, which closed its system as much as possible, the brokerage has an open, distributed system because many of its brokers work remotely. "We felt that we could deepen the adviser-client relationships through the Web," said Rob Brown, senior vice president of business development at Scott & Stringfellow. "But we felt that we should keep full control of the platform because of the nature of our business and the requirements of our clients." The brokers access the distributed Scott & Stringfellow network using DSL and cable modems. That, Brown said, provides a highway for hackers to try to access the company's resources. "With dial-up, there isn't that overarching broadband vulnerability. You're on and off the network; you aren't sitting out there creating an attraction for hackers," said Predictive Systems' Marr. "Broadband is also efficient and cost-effective, and companies employ it to protect themselves." To protect itself, Scott & Stringfellow used standard measures such as firewalls and authentication. But the company also battle-hardened its network from the application level. Predictive Systems worked with the company that wrote the Web application for Scott & Stringfellow from the development stage. "We worked side by side with the application developer so the application didn't have to be rewritten to accommodate security changes we suggested," said Art Spring, director of Predictive's banking division. "That cut the development time because there was a very strong element of security in the application." Predictive worked to ensure that authentication was built into the application. In many cases, public key infrastructure can be skittish and misfire on client machines if the client, the application and the operating system aren't built to accommodate it. A misfiring authentication system can be an open invitation to hackers. Not every company needs to look outside for expertise. That's especially true for Comtelligence LLC in Garden Grove, Calif., a small firm that sells-and uses-DSL services. "We're a technology company, but we're also a typical small business," said Don Reese, Comtelligence's manager of technical services. "For us, DSL made more sense than anything else because of the economics. We didn't have $1,200 a month to spend on a T1 line. We got enhanced DSL for $300 a month, and it's comparable to T1 on the download." Comtelligence has two locations it needs to protect: its corporate offices and its computing and communications facilities at a data center owned by Qwest Communications International Inc. "We have a router installed with basic firewall technology. We've closed a lot of the ports that can make us vulnerable, and we limit the traffic entering our building," Reese said. "We're using the same principles and policies at our Qwest center." Reese believes that most companies that use DSL can be adequately protected by a router-based firewall. But for companies with large, highly available and highly vulnerable systems, he would recommend a more complex firewall. "The basic trick is to know what ports to keep open and which to close. It takes a good working knowledge of how IP works. There are 65, 000 ports available under IP, and each has some designated functionality," Reese said. "Hackers will try to attack through some unattended port or some broken security policy. Companies that had a window of exposure must now lock things down." These tactics will become commonplace in the next few years as millions of businesses and consumers use DSL, but they require extra work and attention from network managers. The good news: There are programs and procedures to ward off the bad guys. The bad news: Network security is a moving target. Attack programs change, but because computers are connected around-the-clock, attacks can come at any time from anywhere. "Service providers don't tell you the whole story," Marr said. "The best defense against attacks is a well-educated user." InformationWeek. internetwk.com By: CASSIMIR MEDFORD Copyright 2000 CMP Media Inc.

Report TOU Violation

Share This Post

Public Reply Prvt Reply Mark as Last Read File

Previous 10 Next 10 Previous Next