Jamming the hackers, Security system takes countermeasures against suspected network break-ins

Hackers, computer criminals and "cyberloafers" who have abused data networks and have gone largely unnoticed in the past may soon find that they're being watched.

A new system from StorageTek Network Systems Group and the WheelGroup Corp. allows networks to detect attacks as they happen and respond to them with appropriate electronic countermeasures, terminating the attacks before they can cause serious damage.

The system combines the high-speed filtering capabilities of StorageTek's NetSentry filtering product with WheelGroup's NetRanger intrusion detection monitoring software.

Managers determine which patterns of activity should be deemed suspicious and activate the NetSentry system to monitor for those patterns. "If you have a project in development, you might ask the system to scan incoming transmissions for [a particular] word," said Scott Olson, product manager for the WheelGroup. "The system can scan for key words, or key words in conjunction with other words.

When one of these patterns is detected, NetRanger launches an immediate countermeasure without disabling any network firewalls.

"When there's a match for a pattern, the system orders the switch - either a Nortel Passport switch or a StorageTek BorderGuard - to reconfigure itself on the fly," said Olson. "That blocks out that one connection, but it leaves the rest of the switch's connections intact, so you don't inadvertently hurt your switch performance. It's like catching a speeding car - there's no reason to shut down the entire freeway.

At the same time, an alarm is sent through an encrypted link to the network operations center, providing managers with a centralized monitoring capability over their network's probes.

While this might not seem important considering the automatic countermeasure capability of the system, most carriers are oblivious to the number and effects of security violations on their networks. A recent study by International Data Corp. that analyzed attempts at infiltrating 2000 networks across the country found that half were successful - and less than 5% were even detected.

"The problem for the carriers is that they just don't know how bad the situation is," said Olson. "The NetRanger can generate hard data and provide trend analysis and metrics to measure the effectiveness of the network's security posture.

The system is also bidirectional, allowing it to monitor what's going out as well as what's coming in. While the traditional image of a security violator is a computer nerd trying to hack his way in, most security violations take place from the inside.

"It may be a case of industrial espionage, where someone is e-mailing secret data out, or a case where someone is accessing a Web site that's inappropriate for business hours," Olson said. "Either way, the system detects and prevents these transmissions from being completed.

The system's real-time capability also enables network operators to save money in recovery costs after a break-in. "The recovery cost is directly proportional to the amount of time an intruder has access to your network," said Olson. "NetRanger allows networks to recover instantly instead of within hours or days. That alone provides an immediate return on investment for many of our customers.

Those customers include "several major international telcos and a very large wireless carrier," none of which could be identified "for obvious security reasons," Olson said. The system has also been sold to the Department of Defense to shore up its networks.

PREMIUM SERVICES PREVAIL Premiere Technologies Inc. has unveiled a network-based service that integrates the functionality of telephones, computers and other communications devices. The Orchestrate service, which includes universal messaging, screen-based messaging, conference calling and e-mail over the phone, will be managed and maintained on Premiere's own proprietary network-based platform and marketed to carriers.

QUINTUS LEAP FOR AMERITECH Ameritech's Small Business and Consumer Services units will use Quintus Corp.'s CustomerQ for their help desks. The Quintus solution will support the operation of an Ameritech-developed system of networked PCs handling change management, problem tracking and defect tracking.