A new service hopes to alleviate the concerns of organizations who attach their internal network resources to the public Net.
The International Computer Security Association will introduce a new offering next week that can test network perimeters for holes and provide reports and advice on potential vulnerabilities. Such services are likely to grow as more corporations add a Web presence without an accompanying focus on potential network weak points in firewalls, routing devices, or services, for example.
Underscoring the prevalence of Net-based holes, ICSA released the results of an internal study of 200 organizations connected to the Net. The study found that 99 percent were vulnerable to hacker attack. That number is now down to around 97 percent, according to ICSA executives, due to adjustments made in the aftermath of the initial findings.
The new service, called TruSecure, does a remote check of a company's IP (Internet Protocol) perimeter, looking for undocumented systems, devices, services, and addresses that are vulnerable to external attack. The company then provides a report and offers consulting services as part of a five-step process to secure the network.
According to Pam Zemaitis, a program manager at ICSA, holes in a network are most often driven by basic security blunders. Those include use of old passwords, nonsecure network services such as DNS (Domain Name Service), undocumented network-attached devices, inadequate data back-up functions, and outdated versions of network software.
The service is available now with fees starting at $39,995.
Comments From: Aleph One (aleph1@dfw.net)
[Aleph1: For those of you know aware, the ICSA used to be called NCSA, and although it same says it is an association it is far from it. It is a money making enterprise. The NCSA is better know for its useless firewall and web site certifications. Now they have a new product, they will scan your network with something like Ballista or ISS and charge you $40,000! What are these people smoking?]