Monitoring and maintaining the security of routers, switches, and servers can be an enormous task. The frequency of new Common Vulnerabilities and Exposures and viruses continues to rise, with 4 out of 5 of attacks now perpetrated over Internet connections. According to a Computer Crime Survey conducted by the FBI and CSI, 82 percent of surveyed companies fell prey to viruses last year, while 56 percent encountered unauthorized use, and 42 percent came under Denial of Service (DoS) attack. Indeed, many organizations spent days recovering from Slammer, Blaster, SoBig, and Welchia worms in 2003, despite widespread use of anti-virus software.
In times like these, casual best-effort defense is not good enough. To stem the rising tide, ISPs must take proactive steps to find and eliminate their own vulnerabilities, and must be prepared to react quickly and effectively when compromise occurs. Large companies can afford to buy enterprise-class security products and services, but smaller organizations are often caught between the proverbial rock and hard place. The cost of clean-up often exceeds the cost of prevention, but when you're operating on a razor-thin budget, shelling out capital for security tools can be tough.
Fortunately, open source and shareware security tools can bridge the gap between need and budget. This article provides an overview of essential network and system security tools, what they do, and why you need them. Part 2 of this article will identify not just commercial products, but open source and shareware tools that budget-conscious ISPs can use to create their own security toolbox.
An Ounce of Prevention
Even with open source, you'll still be spending time compiling, installing, and learning to use each security tool. And time is money, so why should you spend money on attack prevention?
Service Disruption: For most ISPs, network and server downtime translates directly into dollars and cents. During any service outage, your help desk will be the first to feel the pain. During a prolonged outage, contractual Service Level Agreements (SLAs) may kick in to impose financial penalties, usually in the form of service credits.
Subscriber Good Will: Those credits don't come close to covering the actual cost of downtime. According to In-Stat/MDR, the average e-business loses $125,000 per hour while offline. In competitive markets, customer acquisition is expensive and retention is tough. You don't want to squander subscriber good will due to downtime. Nor do you want subscribers to question your ability to keep their on-line resources safe and secure.
Service Restoration: Resurrecting failed network devices and servers can be expensive, even if you maintain recent backups. According to Computer Economics, the worldwide cost of cleaning up the Slammer worm exceeded $1.25 billion. In August 2003, the Blaster-SoBig-Welchia tab topped $2.5 billion in just one month.
Legal Liability: Civil or criminal prosecution may occur less often, but this risk is no less real. Anti-SPAM and music piracy have garnered more attention recently, but ISPs can also be held liable for attacks against others launched from compromised resources and for disclosure of confidential data during a break-in. ISPs may also be required to assist government investigation into cyber-attacks, pursuant to the Patriot Act. This analysis [.pdf] by Clint N. Smith, MCI vice president and chief network counsel, highlights the legal risks to ISPs and the benefits of the Patriot Act.
Only a lawyer (and not this article) and tell you what the law obligates you to do.
The potential cost of security incidents varies by geographic location and customer base, and some risks can be reduced through other measures (e.g., redundant or hot-standby resources to reduce downtime, carefully-crafted contracts and acceptable use policies to redirect liability, insurance policies). Nevertheless, taking some common sense steps to secure your network and systems can make good business sense.
http://www.isp-planet.com/technology/2004/security_toolkit_intro.html
