Click here to receive your FREE subscription to Campus Technology
Opinion
The (Campus) Empire Strikes Back
7/1/2008
Foiling Cybercriminals. Targeted anti-malware, anti-botnet protection will help detect and stop today's sophisticated stealth malware attacks; emerging technologies go so far as to combine on-premise anti-botnet security with global botnet discovery and analysis, to deliver a comprehensive solution.
STARTING POINT: Ingenuity and Prevention
When we consider the state of the net, the threat landscape, and unsystematic user practices, it's easy to feel like maintaining security across an academic network is a losing battle. However, by thinking outside the box and focusing on prevention, university IT departments can protect data and resources and stay ahead of today's malicious cybercriminals.
Creativity is key in preserving the delicate balance between academic freedom and network control. IT must continually look for ways to keep the users and their data safe while also allowing them to be as productive as possible. Because productivity loss represents the greatest impact of malware intrusion, universities should focus their efforts on prevention. Targeted anti-malware, anti-botnet protection will help detect and stop today's sophisticated stealth malware attacks; emerging technologies go so far as to combine on-premise anti-botnet security with global botnet discovery and analysis, to deliver a comprehensive solution. When evaluating anti-malware, anti-botnet solutions to complement existing security controls, there are several requirements network managers should keep in mind; these reflect the unique characteristics of the academic network:
Network-based solutions ease IT/user burdens. Network-based rather than agent-based solutions provide several benefits for academic network security. First, they can be deployed, provisioned, and maintained without involving or relying on end users, thereby eliminating most client support issues. Second, they provide centralized management and monitoring capabilities. Both of these benefits help reduce strain on IT personnel. Third, they support and account for the growing wireless, mobile, and remote user communities. Network-based solutions have proven effective in other areas of the IT infrastructure as well. For example, Aruba Networks and Cisco Systems provide network- based wireless networking solutions with centralized management and easy deployment across the network.
Accurate, automated containment/quarantining. Automation is another critical component for university IT security. Frankly, network managers should begin to automate as many monitoring and containment policies as feasible. Automated containment and quarantining together constitute an effective preventive measure that, once fully vetted, requires little IT resources. Automated forensics (as opposed to manual forensics tools) such as Wireshark and NetScout are a particularly important weapon, what with the current strains of stealth malware; using forensics, network managers can identify the activities conducted by malware, once it enters the system. For example, if a computer has been botted, forensics can provide information about which command and control (C&C) server it is calling back to, what protocols are being used, what activities are being conducted, etc. Additionally, automated forensics and monitoring tools such as virtual-machine (VM) replay technologies can be used to correlate information from multiple platforms and systems into something that's useful, filtering out false alerts and false positives, and freeing IT from manually surveying activity across the network. This comprehensive information helps identify future or related malware by characteristics other than signature.
Recommended Reading
- Get Users on Board
- Greening IT
- It's a Zinch
- Meeting up Virtually
- Online Tutorials to the Rescue
Now's the time to use online tutorials to streamline professional development and help desk management.
- Retention Rx
