Cybersecurity Technology

 
Previous chapters have already covered firewalls. Firewalls are the first line of defense for the
security administrator, but they should not be considered complete security solutions in and
of themselves. Closely related to firewalls and sometimes included in the category are proxy
servers, which are devices where information requested from a database is actually launched
onto the network or where applications are executed on client software remote from the main
server. Proxy servers protect vital information and programs from direct access by outside
parties, and they limit damage to nonvital facilities in the face of a network attack. In other
words, they serve as buffers.
Diagnostic software detects the presence of malicious code and unusual activity within
the network. Antivirus scans form a subcategory within this grouping, though they are not the
only such products to which such nomenclature applies. Diagnostic software may be roughly
divided into two primary divisions: software used in security audits to determine the overall
vulnerability of the network and software used routinely to detect anomalies. In both cases, the
developer must continually update the software for it to remain effective.
Some such software has the ability not only to determine the nature of an attack or intrusion
but to find its point of origin—in other words, to follow the hacker back to a home base
even across multiple networks. Such software must also be updated more or less continuously,
since skilled hackers are always finding new ways to disguise their activities and identities.
Security professionals often use encryption software to render vital data unreadable to
hackers. Modern encryption methods are highly effective, and encoded material can only be
decrypted by intruders who have access to massively parallel computing systems running for
weeks at a time. Encryption techniques today use rounds, which are successive reencryptions
that can number in the millions and make the encrypted data seem more and more random
and meaningless. Essentially, there is no way to decrypt such messages by clever insights.
Instead the intruder has to try out all possible codes one by one with a specialized decryption
program. With enough computing speed, almost any machine code can be cracked, but such
speed is not available to a lone hacker with a Pentium processor.
Business records, customer profiles, and billing information should be routinely
encrypted and should never be presented where they can be intercepted in decrypted form.
Encryption is also advisable in VPNs.
To sound a cautionary note, if grid computing services (see Chapter 3) become generally
available in the future, then hackers will have a formidable weapon for decrypting formerly
secure information, and at that point the encryption industry will have to come up with new approaches. But currently, encryption remains a powerful preventive tool for the security
administrator.
Finally, within the arsenal of defensive procedures, some software engines are designed
not only to detect malicious code but also to prevent its effects by restoring network data to its
state just prior to the detection of suspicious activity. Such software is a fairly new development,
and it may not be entirely effective against all conceivable attacks.
Authentication is sometimes considered a part of security and sometimes just a part of
routine network operations. In a wireless network authentication, the process by which network
users demonstrate that they are who they purport to be is especially important because
the physical layer of the network is essentially open. Authentication today is normally performed
in specialized servers, most of which now run Radius software.