You can have very fast fiber optics and high-speed everything, however the bottleneck is going right into the back of the computers. Is it not?
Dan Vucinic, director, technical sales: That’s somewhat true. It goes to the idea that you’re only as strong as your weakest link, but as PCs and servers become more powerful, you want to make sure that your network can handle it and more. Once that request leaves your premise and it has to get to that end destination, you want to make sure it takes the fastest, most optimized route, and the performance of that network will bring back your data or app or whatever you’re using it for in an ideal manner.
I have heard “we are running out of v4 addresses for years”. Any hard stats on when?
D.V.: ARIN is the outfit that manages all the IP addresses globally. It stands for American Registry for Internet Numbers. And if you do go to their Web site there’s all kinds of wonderful statistics that will show you that and more. And what you’ll see clearly is that the number of requests that ARIN gets for IPv4 addresses, they cannot fulfill. They’re very scare, and they’re only allocating very incremental blocks of IPv4 to certain providers and so forth, and you have to show how you’re managing those. There’s very few IPv4 addresses going forward.
What is a basic scanner that can be used to scan the network for potential threats?
Carlos Henriques, security architect: There are some free scanners out there. Probably the first one I’d start with is Nessus. It is an open source tool. You can also purchase it if you’re an organization, and what that means is you get quicker updates on signatures, so that would probably be a first step. There are also some online services you can use to scan everything, but then you have to interpret what the results are, and that’s not for the faint of heart. And the reality is, if anyone’s done a penetration test, there are a lot of false positives, so the information you get back may not be true. Where things get more expensive is where you get an actual managed service to do the scan for you and interpret the data and basically prioritize what you should fix. Now, where life gets interesting is, you can have your simple network application test, or you can have what they call an application end test. They literally log into the application and try to subvert the controls, and of course that can be more expensive depending on how many and how big the applications are.
Testing can be expensive – no?
C.V.: It can be expensive, especially if you go to the application layer. But remember, if you’re in the application layer and your app is static, and you’re just serving up documents, that’s not really a big deal. However if it’s integrated and you’re doing financial transactions and you’re doing anything like Amazon, as an example — the more contextual, the more dynamic an application is, the more time it’s going to take, the more of a skill set you need, the more expensive it’s going to be. It’s about risk, right? The best practice typically when you put an application online or it’s an upgrade, you really should go an application penetration test. But again, the business needs to know the risk, and they need to know what those costs are.
Watch the entire Webinar on-demand for much more expert advice on how to protect your network.