Despite Computer Security Advances, Hackers Appear to Be Keeping Pace
Wilson, William F., National Defense
The dark reaches of the information highway are dangerous places, and protecting information assets is fast becoming a billion dollar business.
It wasn't long ago that information security was a subject of interest only to government users. They talked about it because they had classified information to protect. Today, information security is important not only to government users, but also to commercial users. Where there were few applications, now there are literally hundreds of information security products available.
Although it is still a problem to find a system security solution, new international developments in the area of security product evaluation are helping both government and commercials users sift through the morass of information security products and choose those that can perform as advertised.
Safeguarding Proprietary Property
With ever increasing reliance on information processing in an interconnected world, it's not just information leakage that's of concern, it's personal and industry privacy, the safeguarding of patents, designs, copyrights, proprietary information, and other security issues that go beyond the use of classified information.
A computer, attached to the Internet, can be attacked by a teenager on the other side of the world. Hackers as well as novices can simply use attack scripts available on popular cracker bulletin boards to breach security.
Closely guarded military systems within the Pentagon have been under recent attack. The Internet may seem the most likely place for an attack to come, but cracker attacks can also be mounted via a data file. Modern applications have features that allow the association of executable code in the form of macros or applets with such data objects as memos, spreadsheets, and presentation charts. While providing great flexibility, these capabilities also provide a new avenue for attack.
Because of the vulnerability of information systems, manufacturers of firewalls and other products designed to protect assets are making information security a multi-million dollar business. Commercial encryption products are available from a variety of sources, as are intrusion detection equipment which notifies system administrators of potential attacks.
In 1997 there were more than 150 firewall products on the market. Although custom developments, and large scale security engineering are still required for systems with special security needs, this rapidly expanding inventory of standard products is helping provide solutions that allow an organization to lower the risks of cyber attack.
With all these products available to provide security for operational needs, it would appear that security problems are all but solved, but that is not the case.
Selecting Right Product
Choosing the right product that enforces the security properties of a specific organization is a challenge.
Other considerations include which ones impose unacceptable restrictions on productivity and capability, how can a potential user get a truly independent reading on whether the products perform as advertised, and how can varying products be integrated into a robust defense as opposed to a hodgepodge of pieces addressing parts of the problem while leaving gaping holes untouched. …