NEW YORK-The disappearing boundaries between the Internet and internal corporate computer
networks pose a security threat that can undermine the business opportunities and efficiencies this new era of data
communications offers.
Half of the largest 563 American corporations using the Internet admitted to an attack on
their intranet that cost an average of $500,000, according to figures cited by Dane Atkinson, president of SenseNet.
Half of individual incidents of computer-related security losses reported by companies of all sizes cost more than $1
million.
New York-based SenseNet offers security suites of scalable, modular software designed to integrate with
the existing operations of a company.
Atkinson spoke at a recent seminar, sponsored by Strang Hayes Consulting
Inc., New York, entitled, “Bulletproofing Your Network: Safeguarding Data in the New
Millennium.”
Founded by Robert Strang, a former FBI and Drug Enforcement Administration agent, and Ann
Hayes, a former police officer and DEA agent, Strang Hayes is an international investigative management
firm.
SenseNet and Strang Hayes recently joined forces to provide “comprehensive security solutions for
corporate computer networks,” the companies announced at the seminar.
Their purpose is to guard corporate
networks “against unauthorized access and intrusion, attack and interception of confidential electronic
correspondence and data files.”
The joint effort will offer three basic types of services to companies in all
sectors. Under the basic audit function category, they will review corporate security policy and assess overall
vulnerability of an internal network and the individual threats to it. Additional audit functions can include network
intrusion detection, penetration testing and the security of electronic commerce systems.
“Hacking is a much
easier problem to prevent then to track, than to follow the trail back to the hacker,” Strang said.
Under the
solutions rubric, the firms offer services including development of a corporate security policy, installation and/or
reconfiguration of firewalls, reconfiguration of desktop computers and internal computer networks, intrusion tracking,
and disaster recovery.
“The problem with firewalls is that the points where data feeds enter are vulnerable
areas, and data should have a wrap around it, but only a few companies can do this,” Atkinson said.
“All
firewalls also need to be upgraded very frequently because of the speed at which hackers find the holes in them and
disseminate this information.”
As additional audit functions, SenseNet and Strang Hayes also offer installation
of systems that enable secure electronic mail communications and document transfer and storage.
The inherent
design of the Internet, originally developed for national defense purposes, included making it “nuclear
proof” against loss of all the contents of an individual message at one time, Atkinson said. The method employed
to achieve this goal is the break-up of data “into little wrapped text files, each knowing its beginning and
ending.”
Typically, these individual text files follow a single path and are reconfigured into one coherent
message shortly before their arrival at their intended destination.
“The vulnerable points are where they are
reassembled, and these points are closest to the company’s local area network,” Atkinson said.
Besides outside
intrusion, theft and damage to internal data often is the result of sabotage by a company’s own employees, he said. A
significant part of the problem is corporate laxity about how they manage those employees who have access to sensitive
data or systems.
Atkinson cited estimates that 45 percent of internal attacks on a corporate LAN and half of external
attacks cost companies more than $200,000 per incident.
