Service targets network security

A new service hopes to alleviate the concerns of organizations who attach their internal network resources to the public Net.

The International Computer Security Association will introduce a new offering next week that can test network perimeters for holes and provide reports and advice on potential vulnerabilities. Such services are likely to grow as more corporations add a Web presence without an accompanying focus on potential network weak points in firewalls, routing devices, or services, for example.

Underscoring the prevalence of Net-based holes, ICSA released the results of an internal study of 200 organizations connected to the Net. The study found that 99 percent were vulnerable to hacker attack. That number is now down to around 97 percent, according to ICSA executives, due to adjustments made in the aftermath of the initial findings.

The new service, called TruSecure, does a remote check of a company's IP (Internet Protocol) perimeter, looking for undocumented systems, devices, services, and addresses that are vulnerable to external attack. The company then provides a report and offers consulting services as part of a five-step process to secure the network.

According to Pam Zemaitis, a program manager at ICSA, holes in a network are most often driven by basic security blunders. Those include use of old passwords, nonsecure network services such as DNS (Domain Name Service), undocumented network-attached devices, inadequate data back-up functions, and outdated versions of network software.

The service is available now with fees starting at $39,995.