2004: On the road to prevention

InfoWorld - Even though it happened late in the year, 2004 will probably be remembered as the year that Microsoft Corp.'s Internet Explorer slipped.
Mozilla's Firefox browser finally reached release status in early November, and by early December had made a noticeable dent in Internet Explorer's market share. The main driver for Firefox's success is not necessarily its innovative features, but rather the lack of easily exploitable security holes. It seems that the serious flaws in Microsoft's browser finally led many users to decide it's time for a change.
In addition to more critical security issues in Internet Explorer last year, Microsoft also brought us Windows XP SP2 (Service Pack 2). Hailed by the company as a security blanket for XP, it was soon clear that it was also an application killer, rendering hundreds of applications unusable following installation. Microsoft subsequently removed SP2 from its automatic update service, but continues to remind users to install SP2 whenever they visit the Windows Update site. All this trouble and fuss for a service pack that many administrators believe merely treated some symptoms but didn't address the real problems.
On the Linux front, the release of the v2.6 kernel brought some significant changes in core-level security. The official inclusion of the SELinux (Security Enhanced Linux) code base into the v2.6 kernel introduced much-needed granularity to controlling privilege elevation on Linux systems.
A few layers below these events, Cisco Systems Inc. and Microsoft were not so quietly planning a joint effort to combat viruses, worms and intruders, announcing that they were working to bring together Cisco's NAC (Network Admission Control) and Microsoft's NAP (Network Access Protection) technologies to provide for simplified system patching, policy adherence and problem resolution before potentially destructive systems are permitted normal network access. Although nothing is likely to be released for at least a year, it's a step in the right direction -- if you're a Microsoft and Cisco shop.
Across all the layers, a shift was definitely felt in the intrusion-detection market. In 2004, IPS products found their footing, and IDS vendors saw the writing on the wall and began incorporating in-line blocking capabilities in their products. It's always been nice to know when abnormal events have occurred on your network, but the capability to prevent them from doing any harm is the ultimate goal.

Network managers received plenty of encouragement to block threats in 2004, a year in which several security breaches affected millions of innocent people. The October break-in at the University of California, Berkeley, netted a cracker roughly

Reprinted with permission from

For more enterprise computing news, visit Infoworld.com
Story copyright 2006 InfoWorld Media Group, Inc. All rights reserved.