Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

Hackers' Preferred Entry Point Is Tough To Close


By George V. Hulme
InformationWeek
July 8, 2002 12:00 AM

One of the biggest headaches of security management is keeping up with the stream of patches that vendors publish to plug security holes in server operating systems. But the alternative is less appealing: leaving open hackers' favorite route to break into companies.

Almost half of U.S. companies say that known operating-system flaws were a primary means used in the past year to attack their systems, according to InformationWeek Research's Global Information Security Survey. That's up sharply from a third in 2001. So it's no surprise that improving operating-system security, cited by 63% of North American companies, is the highest tactical priority for the coming 12 months. What's unsettling is that security managers won't find a great answer to their problems.

More Software Insights

White Papers

Reports

Videos


Roger Smith spoke with the CEO of Engine Yard, Lance Walley, about their Ruby and Rails deployment platform. The company says its 15 on-demand business applications are just the starting point for customizing and building your own tools. Sun CEO Talks About The State of, and Future of the Java Development Platform
The company says its 15 on-demand business applications are just the starting point for customizing and building your own tools.
Companies want flexible operating systems that integrate easily with many applications, and the strongest security measures require trade-offs and a level of rigidity. Some of the choices include using open-source operating systems that many administrators consider more secure, deploying software that enhances the security of existing operating systems, or just continuing to find and patch vulnerabilities before the hackers exploit them.

Points Of Entry

A final option hasn't caught on beyond industry-specific uses such as governments and financial institutions. It requires scrapping the more popular operating systems for what are known as trusted, or hardened, operating systems. The notion dates to the early 1980s, when the Defense Department and intelligence agencies developed a set of standards aimed at creating impenetrable computing systems. The Trusted Computer System Evaluation Criteria standards, commonly known as the Orange Book, were made publicly available but never took off.

A few companies sell hardened operating systems, such as Argus Systems Group's PitBull LX for systems based on Linux, Solaris, and AIX; Hewlett-Packard's Virtualvault, a trusted version of HP-UX 11.0; Sun's Trusted 8 Operating Environment; and SGI's Trusted Irix for Unix. These replace the operating-system kernel with one that restricts which operations a user with root access can perform, so an intruder can access only a small part of the system.

Super security used to sport a super-sized price tag, but these systems have become more reasonable. Argus' PitBull LX starts at $3,000.

But most managers still come out like Brian Amirian, the hosting director of a major entertainment company that considered, but rejected, a hardened operating system because of higher management costs and incompatibility with custom applications.



Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.