Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesTop Security Threats

April 1995 / State Of The Art / Build A Firewall / Top Security Threats

A revealing look at what problems information security managers consider important--and what they're not doing about them

Russell Kay, Technical Editor

Half or more of those companies running mission-critical systems on LANs believe their security is unsatisfactory. That's one of the troubling conclusions contained in a 1994 year-end report by the auditing and management consulting firm of Ernst & Young. It surveyed 1271 information security managers to assess the current state of security practice.

The biggest problems cited are lack of resources--human (59 percent) and budget (55 percent). The biggest concerns are for network security and unauthorized external access (85 percent an d 83 percent, respectively). In response to a different question, 93 percent expressed concern about the unavailability of network service, followed by fear of interference with operations, and loss of message confidentiality or integrity. A full 83 percent were also concerned about their inability to identify network users. Over half the organizations reported actual losses or interruptions in the past two years.

Connectivity shows up as a significant fact of life. For organizations that have over 2500 employees, 55 percent say their networks are accessed by customers, 46 percent by suppliers, and 33 percent by both. Some 45 percent use the Internet or other public data networks and 88 percent use E-mail. And even internally, most LANs and departmental minis are connected to a central computing resource.

According to the Ernst & Young study, the bigger the system, the safer it's considered to be. Only 4 percent of MVS mainframe users believed software security was inadequate. For Unix machines, the figure rose to 22 percent. LANs were in the 14 percent to 19 percent range, with NetWare at the top.

Desktop machines were considered the least secure, with MS-DOS and Macintosh computers reported as 57 percent and 47 percent, respectively. Interestingly, Windows (including Windows NT) did better, at 37 percent, and OS/2 systems were down at 27 percent, almost on a par with the Unix boxes.

The Concern and the Reality

OK, so that's what security managers say they worry about. But what are they doing about it? Here's a rundown of the extent to which they're using control measures:

-- Antivirus software--91 percent

-- Dial-back or secure modems--54 percent

-- Firewalls--45 percent

-- File encryption--36 percent

-- PC hardware security devices--33 percent

-- Telecommunications encryption--22 percent

-- Message authentication coding--17 percent

The actual use of security has not kept pace with the change in computing, especially the s witch to interconnected networks. Let's face it, most of these controls have been around for a while; their use and importance are well understood, and the technology has been well developed. It doesn't take a rocket scientist to put them in place. We wonder what they're waiting for.

Up to the State Of The Art section contentsGo to previous article: Network Security Starts with Workable PolicyGo to next article: Firewalls For SaleSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network