Architecture, vendors at fault, says MS architect

Vendors are at fault for not allowing IT departments to monitor their own networks and for trying to sell unnecessary technology to make profit. This has contributed to security problems within companies.

This is according to Fred Baumhardt, Microsoft security technology architect, speaking at the ITWeb Security Summit in Bryanston this morning.

"The IT world has not been architecturally changed for the last 20 years, and IT as an industry has an architectural problem."

Baumhardt said it was a major problem that 20-year-old architecture was expected to sustain newer technologies such as mobile technologies and SMTP protocol, which he described as fundamentally flawed.

"Our networks are open," he warned. "Most security technologies offered are reactive rather than proactive."

Baumhardt also pointed a finger at vendors, noting that security is a business, and vendors often try to manufacture a need to sell a solution.

He said vendors like Microsoft, Sun and Oracle have not allowed users to monitor what is going on in their networks 24x7, contributing to security problems. "We are running blind," he said, referring to IT departments` inability to monitor their own networks.

The problem with the IT world today is that we are not attending to the root causes of what`s hurting. "The security industry is like a bunch of Band Aid vendors trying to treat a cancer patient," he said.

He also noted that faster networks mean faster spread of infection.

Discussing Microsoft`s own security, Baumhardt said it has 'de-perimeterised` its networks for better security.

"We at Microsoft have 'de-perimeterised` our network, everything is DMZs [demilitarised zones or perimeter network areas between an organisation`s internal network and an external network]."

He said virtual private networks have, along with wireless networking, essentially caused the disappearance of the traditional concept of a network perimeter.

"Traditional packet-filtering firewalls block only network ports and computer addresses, but most modern attacks occur at the application layer - thus invalidating many defences."

Baumhardt said external threats are far from the only security problems in companies, citing as an example employees bringing laptops into the organisation with whatever they have downloaded from the Internet at home.

Organisations cannot focus only on perimeter control, he noted. "It would be like SA tripling border controls but scrapping the police force."

According to Baumhardt, some of the major network security threats are posed by poor network security equipment, legacy architecture and thinking; high privilege among users; poor management and an understaffed IT department; and poor monitoring of the network.

Related stories:
Disruptive tech drives security
Mitnick warns of 'holes in human firewall`