Layering security slows networks
- By William Jackson
- Oct 18, 2001
Your mother probably told you to dress in layers for protection from the winter cold. It was good advice then, and it still is for those who must protect a network against malicious code.
A case in point is the Nimda worm. It seeks vulnerable Microsoft Internet Information Server installations, infects Web sites and spreads to unprotected browsers.
Keeping out worms and viruses calls for what the Defense Department terms defense in depth. There is always a lag between the propagation of malicious new code and the arrival of signature updates from antivirus vendors. Even afterward, you still need to keep an eye on alternate avenues of infection because users inadvertently give viruses so much help.
'We received the ILOVEYOU virus from an employee who opened his Hotmail account,' said Paris Trudeau of Surf Control Inc. of Scotts Valley, Calif.
ILOVEYOU shut down the company's network for half a day, said Trudeau, product manager for the company's SuperScout products. Ironically, SuperScout E-Mail Filter and Web Filter provide some of the protection needed against such threats.
Firewalls can block dangerous executable files, backstopping antivirus programs. E-mail filters make policy more flexible, letting some persons or departments send and receive certain file types but blocking them elsewhere. Web filtering can close the HTML door to unwanted code and visitors.
But there is a price for so many layers of protection. When you went out to play in the snow as a child, you felt clumsy moving around in multiple layers of clothes. Layers have the same effect on networks. A well-protected network runs more slowly.
Keystone Systems Inc. of San Mateo, Calif., which provides Web performance management services, noted Nimda's first effects on Internet performance two days after the spread began to decelerate.
Although backbone networks were not infected, latency on the Keynote Business 40 site performance index grew from an average 2.46 seconds on the morning of Sept. 19 to 3.07 seconds the next day.
The delay came from increased antivirus scanning and tightening of firewalls.
Bill Jones, Keystone's senior director of public services, called the effect 'similar to shoveling out after a snowstorm.'
Playing in mittens might not be as much fun, but it sure beats frostbite.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.