Categories Internet & Networks

By Nate Lawson and John Garris

Every day, we read about the relative insecurity of the Internet, revealed by numerous reports of vulnerability and attacks. Is this all hype, or is there substance behind the headlines? One optimistic view claims that by deploying a sound combination of firewalls and other security technologies, companies can use the Internet with complete safety.

In fact, this belief can be very misleading. In most cases, simply deploying technology isn't enough to ensure secure systems properly. In this article, we outline two scenarios illustrating security holes that can develop despite well-intentioned attempts to utilize security technologies. At the end of the article, we discuss an approach to preventing unexpected security holes and building effective security practices.

Nate Lawson and John Garris are leaders at Scient, an eBusiness Systems Innovation firm. The authors thank Brandon Eisenmann for helpful discussions and Bob Keyes for his continuing work with DNS problems.

Next: Spoofing the DNS Server

Published as Enterprise Computing in the 5/25/99 issue of PC Magazine.

Related Links
• Denial-of-Service Attacks -- PC Tech
• Internet Security Standards -- PC Tech
• Internet Security: Disarming the Net -- PC Labs Reviews
• Network Antivirus: Defend Your Network -- PC Labs Reviews
• Network Manager -- ZD Products
• Network Administrator Courses -- ZDU