New tools repair holes and help keep hackers out of agency servers
There are new tools that reside in your network and analyze packet information, looking
for changes in normal activity. They compare source and destination addresses, looking for
discrepancies, and they interpret syntax commands to find lines that don't follow rules.
RealSecure from Internet Security Systems Inc. of Atlanta has become one of the most
popular network monitoring packages since its debut last fall.
RealSecure is sold as a Unix and Microsoft Windows NT intranet security package,
designed to look for internal abuses that don't come through the firewall. But it also can
monitor traffic coming in your Internet gateway. It can alert an administrator when an
irregularity is detected, and it can shut down a problem connection.
The downside? No program has a complete database of known attacks, because hackers
are so endlessly creative. Also, if you have a segmented network, you'll need a copy of
RealSecure for each segment-list price, $4,995.
Internet Security Systems also sells the Internet Scanner Safesuite of tools to scan
various pieces of your network for known security holes and suggest corrective
See the company's World Wide Web site at http://www.iss.net/ for more details.
Tools like Internet Scanner and Satan investigate your settings for Telnet, File
Transfer Protocol, Simple Mail Transfer Protocol, Web, trivial FTP, Network File System
and Network Information Service, to see whether you configured them securely.
Read more about Satan at http://ciac.llnl.gov/ciac/notes/Notes07.shtml,
and download it from ftp://ftp.kulnet.kuleuven.ac.be.
IBM Corp. has an AIX operating system patch to protect against the
ping of death as well as another data flood called Syn. Information on the patch appears
Shawn P. McCarthy is a computer journalist, webmaster and Internet
programmer for GCN's parent, Cahners Publishing Co. E-mail him at [email protected].