GOVERNMENT TECHNOLOGY/Computing rules for network security

Over the last few years, local governments have developed rules to protect their computers from Internet threats like viruses, worms, Trojan horses and hackers. However, new rules are needed to protect against a type of threat that combines the characteristics of worms and hackers, and exploits known vulnerabilities in common software. Developed during the last year, those “blended threats” have spread under the names of Nimda, Code Red and, more recently, Klez.

Blended threats propagate by multiple methods. They can:

• scan the Internet searching for vulnerable servers to attack,

• infect visitors to a compromised Web site, or

• send unauthorized e-mail from tainted servers with a worm as an attachment.

• Additionally, the threats can access computer systems from multiple points. They can:

• inject malicious code into .exe files on a system,

• raise the privilege level of user accounts to allow unauthorized access to secure files, and

• add harmful code to HTML files.

• Because blended threats are multi-faceted in their operating methods and effects, they require more than one computer security solution. For example, Nimda affected networks that were already using anti-virus software but did not have firewall protection. Further, only certain types of firewalls were equipped to fend off Nimda.

  As Internet-borne dangers evolve, so should the strategies for protecting against them. Local governments should protect their computers with integrated security solutions that cover all parts of a computer network and respond to blended threats on the network gateway, servers and desktops.

  Integrated security solutions combine multiple technologies with policy compliance; customer management, service and support; and advanced research for complete network protection. By adopting a comprehensive, holistic strategy to address computer security, local governments may be able to reduce costs, enhance performance and reduce the risk of computer damage.

  Integrated security technologies might include:

• Firewalls

  They control all network traffic by screening the information entering and leaving a network to help ensure that no unauthorized access occurs.

• Intrusion detection software

  It detects unauthorized access to the network, and it provides alerts and reports that can be analyzed by IT personnel for patterns and planning.

• Content filtering software

  It identifies and eliminates unwanted traffic on the network.

• Virtual private networks

  They secure connections beyond a local government’s network perimeter, allowing organizations to communicate across the Internet safely.

• Vulnerability management software

  It uncovers security gaps and suggests improvements. The software detects problem areas like the need for updated security patches for common software and weak password management.

• Virus protection software

  It protects against viruses, worms and Trojan horses.

• When used in combination, security technologies offer comprehensive protection and help simplify troubleshooting tasks. Integrated security solutions offer the best protection for computer assets and reduce the risk that damage will interrupt a local government’s daily business. They allow IT personnel to focus on other strategic initiatives while maximizing the productivity of the IT departments.

  The author is director of state and local government and academic programs for Cupertino, Calif.-based Symantec.