RealNews

Port-Blocking Isn't Enough For Security

As a result of the recent onslaught of Internet-based virus attacks and their effect on many companies’ operations, some organizations responded defensively by shutting down TCP ports that were vulnerable. Unfortunately, many quickly learned that other essential business applications relied on these same ports and that they had, unknowingly, shut down critical business applications. The problem highlights the need for enterprises to understand the functional behavior of existing networked business applications and specifically to inventory their port usage. The Blaster worm took advantage of the underlying behavior of networked applications to enable its rapid spread. Many other viruses and worms rely on similar vectors of infection. This behavior is based on the underlying common protocol used by all Internet applications as well as those running on most modern corporate networks. This protocol, TCP/IP, transmits data by encapsulating it in an electronic envelope. The envelope bears an address that networks and computers use to route and process it. Just as regular mail addresses can be broken down into functional parts (e.g., street number, street, city and state) so can the TCP/IP address. One of these address components is known as the TCP port. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.