Viruses, worms, denial of service attacks, intrusions, hacks and maliciousnesses various all threaten the Internet-connected server farm. Defense against such diverse threats involves all aspects of system security and incorporates software that goes far beyond the traditional capabilities of antivirus software and enters the realm I am calling "anti-mal".
In this series, I will be taking a look at the role of products designed to inspect the traffic that has to come in through the gates because it looks like part of the system's expected traffic. These products include anti-virus, anti-spam, anti-spyware and web content filtering products -- collectively "anti-malware".
These products complement a tiered approach to network security, effectively combating malware at each layer.
Products for use in defense on the perimeter include appliances as well as software products. Some of the appliances incorporate firewall, anti-virus, anti-spam and content filtering technologies in one box. Some are dedicated to a specific task and some offer various combinations. Companies such as Sonicwall, Network Associates (Mcaffee), Symantec, Ositis, Panda and many others have offerings in this category.
On the software side there are offerings designed to be run either in a server dedicated to a specific perimeter defense task or one in use as a gateway, such as the edge incoming email server. Vendors in this category include Network Associates, Trend, Symantec, Panda, Sophos (and Activestate, recently acquired by Sophos) and many others.
The second tier includes the servers that support the enterprise infrastructure, including all database, file and print servers, intranet, extranet and internet web servers and all departmental or workgroup servers.
Software to provide defenses in the infrastructure servers is also offered by the vendors of the perimeter software products. In this category there are also products specialized for handling data moving in particular groupware servers and other such specialized needs.
The third tier is the desktop, the workstation at which the end user sits. Not to be forgotten in this third tier is that every departmental user, programmer or system support person is an end user with some form of desktop, as is every remote desktop, dial-in or VPN connected user and many PDA and portable device users.
This level includes a multitude of offerings. The question of how to keep anti-mal software up to date raises management issues at the server level, but can become a serious problem when the possible number and diversity of third tier devices is considered. The major software vendors in the anti-mal business also have management tools to address this problem. The third tier is also where the anti-spyware comes into play. Smaller vendors like PepiMK software and Panicware have interesting offerings to help here.
Also not to be forgotten is the significant role that can be played by such products as Citrix' Metaframe and Terminal Services (especially when enhanced with products like triCerat's Thor Technology) in providing a more secure desktop. These products, while they are usually looked at for other features and services they provide, can pay for themselves quite rapidly based solely on these security considerations.
The continuation of this series drills down into the details of these three tiers and takes a close look at vendors' offerings as they apply to each tier. Enterprise security depends on this defensive strategy and we must remember that security is not an objective to be achieved but is enhanced by the methods we apply and the diligence with which we monitor for weaknesses. We must at the very least match them.
Stay tuned as we roll up our sleeves and delve deeper into securing our systems, one layer at time.