A new service hopes to alleviate the concerns of organizations who attach
their internal network resources to the public Net.
The International Computer Security
Association will introduce a new offering next week that can test
network perimeters for holes and provide reports and advice on potential
vulnerabilities. Such services are likely to grow as more corporations add
a Web presence without an accompanying focus on potential network weak
points in firewalls, routing devices, or services, for example.
Underscoring the prevalence of Net-based holes, ICSA released the results
of an internal study of 200 organizations connected to the Net. The study found
that 99 percent were vulnerable to hacker attack. That number is now down
to around 97 percent, according to ICSA executives, due to adjustments made
in the aftermath of the initial findings.
The new service, called TruSecure, does a remote check of a company's IP
(Internet Protocol) perimeter, looking for undocumented systems, devices,
services, and addresses that are vulnerable to external attack. The company
then provides a report and offers consulting services as part of a five-step process to secure the network.
According to Pam Zemaitis, a program manager at ICSA, holes in a network are most often driven by basic security blunders. Those include use of old passwords, nonsecure
network services such as DNS (Domain Name Service), undocumented
network-attached devices, inadequate data back-up functions, and outdated
versions of network software.
The service is available now with fees starting at $39,995.