Wednesday, June 20, 2007

"To see what is in front of one's nose needs a constant struggle." George Orwell .
If you think your data is important and a corporate asset, defending your network is as important as the security of your storage.

However the firewall folks and anti spam folks don't seem to be working with the data storage encryption folks, I wonder why that is? Instead of creating a secure unified network and storage infrastructure we seem to be creating environments made up of a hodgepodge of different solutions that have not been tested together. Every company tries to put together a solution based on marketing information and sales presentations that neglect to mention that each vendor has their own security patches that you have to purchase and update regularly. Every implementation ends up unique because no two networks have the same releases of software on all of their defensive hardware and software. And no one has ever tested all of the releases in your situation before.

The DoD is increasing its budget and still they admit they are insecure....

The U.S. Department of Defense has noted the increasing number of hackers trying, and succeeding, to get into military networks. This sort of thing has been going on since the 1980s, when a gang of West German hackers, hired by the Soviet secret police (KGB) were caught inside Department of Defense networks, stealing classified data. But in the last few years, the hacker activity has accelerated. Currently, Department of Defense networks get probed six million times a day. Since last year there has been a 46 percent increase in attacks on Department of Defense web sites. There has been 28 percent more email based attacks. These are increasingly targeted at specific types of military users, or even individuals. There were more than twice as many attempts to insert viruses, worms and Trojan horse software on military systems. The attackers are looking for information, or secret control of, or at least access, to military systems. Some of the attacks have been massive and well organized. There have been at least four of these major attacks in the last year, hitting targets like the National Defense University, the Naval War College and Fort Hood. Each of these cost $20-30 million to clean up after.

What can a business do to defend itself? What business has the budget of the Defense department? Network Security, Data Security, with limited resources you are vulnerable to atttack, and with almost unlimited resources the DoD is still vulnerable to attack. So what vulnerability do you try to solve today with your available resources?

No comments: