Intervista a Zone Labs: sicurezza in Rete e firewall
Pubblichiamo qui di seguito l'intera nostra intervista proposta a Zone Labs in lingua inglese:
Q.1: Reading technical review and surfing on web sites, people is warned about new security threats. More and more articles explain how users and system administrator can prevent and solve these problems. Could you give to our readers an idea on how security is a big problem? Have you got some impressive statistics about?
A.1: Security is an ever-increasing problem for both businesses and the individual computer user. Computer Economics reported that the cost of viruses to the enterprise in 2001 was $13.2 billion. Computer Economics also reported that the total cost of the LoveBug virus (aka Love Letter) in 2000 was $8.75 billion and the cost of Nimda was $635 million. A report from the U.S.-based Internet Fraud Complaint Center (IFCC) found that last year's cybercrime incidents shot up to more than 49,000. This is up from 21,000 in 2000 and 10,000 in 1999.
Q.2: In your opinion, at what level security problem has to be considered?
A.2: Internet security has become top-of-mind with a much wider group of people than ever before. No longer the arcane focus of the IT department, effectively securing companies' digital assets and intellectual property is now a CXO- and Board-level concern. The continuing spate of security breaches drives home the seriousness of Internet security to every PC user - whether in the enterprise or in the home. We are all responsible for the security on the Internet. Security breaches come at a considerable costs to organizations (both in hard dollars and productivity losses). When the proper security is not in place, a breached company is at risk to also lose customers, reputation and brand value. For example, in the United States, security is mandated by the government - HIPAA and Gramm-Leach-Biley.
Q.3: Why a "consumer user" should install and use a personal firewall?
A.3: Hackers 'ping' blocks of known IP addresses to find an open port -in other words an unprotected doorway into the computer. Many customers have written to us to mention how many probes ZoneAlarm and ZoneAlarm Pro stopped, and the geographic diversity from whence the probes originated.
What many customers have told us is that they gained peace of mind -- they weren't hacked, they weren't broken into, they have one less thing to worry about. Unless you have a product like ZoneAlarm or Pro installed, you won't even know someonès been on your system and you won't know if something important (your online banking info, your copy of the marketing plan for your company or your patient records) has been carried off.
For the best security, we recommend a security product, like ZoneAlarm or ZoneAlarm Pro, used in conjunction with an updated virus checker. There are good hardware solutions, too, such as the network routers that Linksys (www.linksys.com) offers. The best precaution is to be proactive and to use strong defenses, 'layering' as necessary. Because malicious code can be 'planted' on a PC, we recommend that protection be installed on every PC.
Q.4: What are, in your opinion, the main mistakes made by users in firewall's configuration? How do your products can help on avoiding these mistakes?
A.4: Traditionally, firewalls require users to have in-depth knowledge of ports and protocols used by applications, network and communications software to be configured correctly. Unfortunately, this knowledge is beyond the grasp of the average user. Poorly configured firewalls give users the illusion of security - which is worse than no security at all.
ZoneAlarm, and then ZoneAlarm Pro, were among the first firewalls to let users configure the firewall simply by answering "Yes" or "No" to questions about an application's access to the Internet. Almost all consumers understand that their browser or email should get a "Yes" for permission to access the Internet, while an unknown .exe should get a "No". Zone Labs' firewalls configures itself based on the user's answers.
Q.5: What are the "killing features" that has been made ZoneAlarm so famous and so used?
A.5: Zone Labs' client-oriented products ZoneAlarm and ZoneAlarm Pro protect PCs from both known and unknown attacks with a combination of: a stealth firewall to barricade the PC from external attack; Program Control to manage which applications are connecting to the Internet; and MailSafe to identify and quarantine potentially harmful email attachments. Zone Labs' enterprise security solution, Integrity, is an endpoint security management platform that protects corporate data and productivity. The centrally administrated client/server network security solution includes the same multi-layered defenses as in our client products, as well as additional features like Cooperative Enforcement with other network security products.
Q.6: Microsoft has added into Windows XP a new firewall feature. What would you like to say to users who do not install a personal firewall, but they activate only the Windows XP built-in firewall?
A.6: Traditional firewall products, like the XP firewall, are designed simply to stop infiltration by outsiders. With today's threats, this type of protection is no longer adequate. All Zone Labs products provide superior protection to traditional firewalls. Both ZoneAlarm and ZoneAlarm Pro, the consumer and small business solutions from Zone Labs, include Program Control --the ability to filter outbound Internet connections-- as well as inbound connections. That means that you can be alerted if a Trojan horse, spyware, or other malicious code has slipped past your firewall (usually with an email attachment or due to a visit to a web site with malicious active content) and is trying to "call home." Program Control lets you know when this happens, so you can stop the transmission and remain in control of your PC connections.
In addition, both ZoneAlarm and ZoneAlarm Pro have MailSafe, which identifies and quarantines suspicious email attachments for you upon arrival. ZoneAlarm looks out for .vbs scripts, like the infamous LoveBug virus, and ZoneAlarm Pro looks out for 45 different file types.
Zone Labs Integrity, the enterprise security management platform from Zone Labs, goes further by protecting corporate data and productivity. The centrally administrated client/server network security solution includes the same multi-layered defenses as in ZoneAlarm Pro, as well as additional features like Cooperative Enforcement with other network security products.
Q.7: Nimda was one of the worm virus that caused many damages all over the world. The worm sends itself out by e-mail, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers. So Nimda was the first really dangerous worm virus infecting both local files and files on remote network shares. What can a network administrator do to protect against Nimda-like multifaceted threats?
A.7: The multifaceted threat that Nimda represents takes advantage of multiple network and Windows vulnerabilities. Nimdàs propagation vectors and payload exploit a series of *known* security holes in one
cleverly-executed package. The result is a huge network traffic jam, slowing down network responses. In fact, at Nimdàs peak, the entire Internet experienced a noticeable slowdown.
'Future-proofing' your network from such an unknown threat requires preventing infection in the first place - quarantining suspicious email; managing application version and patch levels to plug existing vulnerabilities network-wide; and blocking unknown applications from making further connections and, thus, propagating themselves.
This pro-active 'guilty until proven innocent' approach balances
productivity and protection and is a distinguishing haracteristic of Zone Labs' security solutions.
Q.8: Securing a network from such an unknown threat that, for example, works like Nimda, requires preventing infection in the first place. What are your suggestions about this key-point?
A.8: Prevention is *precisely* the point. Most profile-based products like antivirus and Intrusion Detection Systems (IDS) can only protect against *known* threats. Zone Labs products are able to protect against both known and unknown threats so we are able to stop new viruses before the antivirus and IDS products know they exist. True endpoint security requires three components - strong defenses on each endpoint or client PC; central management of policy; and enforcement of policy across the enterprise.
ZoneAlarm Pro offers advanced endpoint security, while Zone Labs Integrity enforces security policy across a corporation and ensures that only endpoint PCs running up-to-date versions of the company firewall and antivirus solution are allowed to connect, and remain connected to, the corporate network. This ensures that uniform corporate security standards are enforced as a prerequisite for connecting to the corporate network by any endpoint PC. Integrity enables companies to manage both endpoint firewall and anti-virus policies from a single location. Integrity also provides the ability to assign subnets to Zones so only authorized users can access particular parts of the network.
Q.9: Are, in your opinion, tools like MBSA (Microsoft Baseline Security Advisor), HFNetChk, Windows Update and Microsoft Personal Security Advisor enough in order to prevent threats like Nimda? What about *unknown* security holes?
A.9: The above items depend on measures that may or may not be sufficient or even interesting for individuals or organizations. Patches to software, especially in the enterprise environment may have affects ranging from catastrophic to mild. You must consider that major changes in desktop software may have cause compatibility or functional problems with critical enterprise applications. Therefore, large organizations are skeptical of automatic updates to software across their user-bases.
Q.10: What are ZoneLabs' solutions that helps users to prevent and solve
A.10: As an email attachment, Nimda infects users who merely read or preview the infected message in Microsoft Outlook and Outlook Express. They don't even need to open the infected attachment; the worm exploits a security vulnerability in Microsoft Explorer 5.01 and 5.5--the same vulnerability that the virus BadTrans exploits. This Explorer flaw allows an Outlook message attachment to execute itself automatically on a computer. Nimda exploits this same Explorer bug to automatically download and launch itself if a user happens to browse pages on an infected server. In March of 2001, Microsoft issued a patch to fix the vulnerability, but many companies and users still haven't installed the patch. This has an important ramification: Nimda can infect even educated users who know not to open suspicious attachments.
Using Zone Labs Integrity, an administrator can require users to upgrade vulnerable versions of their software. For example, the administrator can set and enforce a security policy that automatically routes all users of Internet Explorer 5.01 and 5.5 to a custom upgrade page that explains the situation and directs users through the upgrade process. At the individual PC itself, the Integrity Agent affords multilayered protection. It does this by providing three layers of proactive protection that antivirus programs can't: MailSafe, Application Control, and a desktop firewall.
MailSafe monitors all incoming e-mail on the user's computer and quarantines potentially dangerous attachments based on file type. Even without a specific virus profile, it catches Nimda in either of its two forms: .eml and .exe. MailSafe also protects against numerous additional file types, including .vbs, which many other viruses use. Application Control prevents rogue applications on the computer from accessing the Internet. In the case of Nimda, this prevents its built-in SMTP mail server from sending out infecting email. The desktop firewall keeps external threats from making an inbound connection to the computer. This keeps the hacker from connecting to the guest account, shares, or back doors that Nimda or Code Red II created. In addition to protecting the endpoint PC, this stops the crippling Denial-of-Service effect that accompanies Nimda.
Q.11: Looking at ZoneLabs' future: could you make us a short summary about
your future plans?
A.11: Zone Labs will continue to improve upon and add to our award-winning product line in both the consumer and enterprise space, as well as add new services. Our new AlertAdvisor service (announced on March 6, 2002) is only the beginning of the various services we plan to offer. In addition, over the next couple years our focus will be on international expansion. For example, last year we opened our first European office in Frankfurt and are currently in the process of localizing our products.