Inside The Network Intrusion-Prevention Hype
Focus On The Endpoint
By Mike Fratto Courtesy of Network Computing

The closer you place security tools to vulnerable systems, the safer your data. The data that is valued by attackers resides on your network-attached desktops and servers, so you need to protect the applications that hold that data--or are gateways to it--just as you protect underlying operating systems.

These are two distinct and difficult tasks, but instead of slavishly girding your network perimeter, adopt the mind-set that you'll design with a focus on protecting assets and denying malfeasants access to where those assets reside. Here are two best practices to start you on the road to enlightenment:


• Harden the underlying OS by removing unnecessary services and applications. The remaining services should be run on nonprivileged accounts whenever possible. Removing services takes away attackers' access methods. Removing applications hobbles attackers, temporarily at least, if they do gain access to a server because tools may not be immediately available, and potentially vulnerable programs are not accessible for local-privilege escalation attacks. Oh, and keep current on patches.


HIP (host intrusion-prevention) products may help in hardening an OS. HIP products work by passing all system-level calls for resources, like file access, to an ACL (access-control list). Based on the ACL, the request is passed or blocked. Check out HIP Check.


• Consider customized installations. When installing products, try to enforce secure installation practices. When administrative accounts are created within applications, for example, ensure that the passwords are complex even if the product doesn't enforce it. Try to understand what changes are made to the underlying system, and limit the features to those you need. Don't take default installation options.

SP