Security is the demon that torments IT professionals everywhere. Malicious hackers lurk under their beds. E-mail viruses float through cyberspace just itching to infect their systems.
For network administrators struggling to get by with small IT staffs and even smaller budgets, keeping their networks safe is a gargantuan task, but one that many see themselves as accomplishing. In a recent survey of 996 networking professionals by SearchNetworking.com, 45% of respondents agreed with the statement: "My company has significantly improved its network security this year."
That doesn't mean networking professionals aren't losing sleep over the security issue. In the Networking Report Card survey, 34% of respondents listed security as one of their two most difficult networking-related challenges.
In the current economic climate, organizations are making due with the resources they have, said Gerry Gebel, an analyst with the Burton Group in Midvale, Utah. "With budgets flat or slightly lower, security planners have had to prioritize projects and perhaps delay implementing some newer technology," he said.
Gebel said that in the past year, many companies have put an emphasis on business continuity issues and "perimeter-type defenses" such as virus scanning and intrusion detection.
That's a direction being eyed by New York state's court system. A host-based intrusion-detection system is at the top of the security wish list of one IT professional who works there.
Tim Cronin, senior computer applications programmer for New York's Unified Court System in Troy, N.Y., said that between viruses and worms, "we are getting hundreds of infected e-mails a day." To make matters worse, the court system is hit with a double-whammy: a two-person staff to provide security for 10,000 individual IT systems and hundreds of servers across the state, as well as a severely pared-down budget because of the September 11 terrorist attacks.
For Ted Frohling, network security is all about educating the user. Frohling, a principal network systems analyst for a large university in southern Arizona that he did not want to name, said you can have a great security system in place, "but the end user is still in control."
"If they continue to do dumb things like failing to keep up on patches [and] blindly opening attachments, all the other precautions are for naught," he said.
All of the blame can't be placed on users, however. Thierry Jacobson, a Brussels-based network consultant for Cable & Wireless plc. of London, said hackers -- and the tools of their trade -- are getting smarter. Jacobson describes today's breed of hackers as "creative and dynamic."
And hackers are not only good at exposing gaping security lapses; they're also becoming more proficient at finding backdoors left only slight ajar. That's why Vy Tran, a network infrastructure manager at the London-based accounting firm Mazars, puts a strong security emphasis on eliminating all of a hacker's possible routes in and out of the network -- including dial-up modems.
With all of the technology available today, it's easy for IT professionals to lose sight of the fact that security decisions they make have a ripple effect across the enterprise, said J. Jeffrey Nudler, an analyst with Boulder, Colo.-based Enterprise Management Associates.
Nudler said that because of the expense of security tools and the slim budgets for IT, it's unlikely that most companies can improve their network security efforts without a financial "detriment" to another part of the business.
And worse, Nudler said, too many companies are spending money on security "gizmos" that may not be right for them in the first place.
"Personal firewalls, centralized virus quarantines, biometric IDs and many too-numerous-to-name 'gizmos' all in a small -- or not so small -- way work to retard effectiveness of IT processes," he said.