Making money from network security David Strom CMP Xchange Emerging Techs October 2002
Issues Network penetrations continue to climb in number, sophistication, and complexity Proliferation of spam and viruses Risk of infection rises as everything is connected Remote teleworkers and wireless networks bring their own complexities
Wireless network issues More than half of wireless networks operate with no security whatsoever “War driving” is now a popular sport WEP isn’t even that good a protocol Mostly outside of control of IT/integrator
Wireless solutions How do you know if wLANs are running? NetStumbler and AirMagnet can help! Best to make use of appliances like BlueSocket, ReefEdge, Vernier, others Need a separate firewall for wireless users to separate from main corp. net
Remote teleworker isses Your corp. net now reaches into people’s homes Your net is only as secure as your weakest link VPNs are essential to protect corp. net Yet another opportunity for resellers!
Teleworker solutions Understand how remote users are connecting to internal nets Simplify, simplify, simplify Don’t poke holes in firewalls just because users ask you -- HAVE A PLAN! Think big and deploy for the long haul
Bright spots on the security horizon Biometrics -- just beginning to take off (IBM Thinkpad and NetVista line) Anti-virus screening almost a given now VPNs and secured access to internal nets Web applications monitoring shows promise
Places of despair Secure -- still not happening Key servers and PKI -- not much better Secure database access via the web -- not really happening yet filtering software pretty grim
Panel Brian Cohen, SPIdynamics Luis Claret, Rainbow Technologies Alonzo Ellis, Imperito Networks Chris Fleck, Omnicluster Technologies
Questions for the panel Has anti-virus screening become a commodity? Is there such as thing as a secure Web server? What penetrations can resellers stop quickly? Can corporations who have firewalls operate them effectively? How can resellers find the most profitable areas for providing better security for their clients? How large a corp. to use enterprise-based anti- virus solutions? How can a VAR sell customers additional security beyond just firewalls?