Issue dated -11th October 2004

-

Previous Issues
CURRENT ISSUE
KEANE INSIGHT - BFSI
CASE STUDIES
COLUMNS
TECH FORUM

THE C# COLUMN
BETWEEN THE BYTES
TECHNOLOGY
SPECIALS <NEW>
Symantec Report
Security Headquarters
JobsDB
MINDPRINTS
HMA BANKBIZ
EC SERVICES
ARCHIVES/SEARCH
IT APPOINTMENTS
Openings At Jobstreet.com
WRITE TO US
SUBSCRIBE/RENEW
CUSTOMER SERVICE
ADVERTISE
ABOUT US
 Network Sites
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Pharma Pulse
  Exp. Healthcare Mgmt.
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express

 
Front Page > Case Studies > Story Print this Page|  Email this page

IDS helps HCL Comnet exceed customer expectations

The company's IDS helps it deliver a network free of DoS, worms and data corruption

According to SWAPAN JOHRI,
HCL has implemented firewall, IDS and anti-virus solutions on its network

HCL Comnet is a wholly owned subsidiary of HCL Technologies whose area of business spans across satellite communications to e-security and network intelligence to remote management of networks.
For a company that manages mission-critical IT networks and security and enterprise applications for top enterprises, the need for securing its own network is a pre-requisite. In early 1999, HCL Comnet evolved its first security policy-based upon the BS 7799 framework. According to Swapan Johri, Global Practice director and Division head for e-secure at HCL Comnet, as part of this policy the company implemented firewall, IDS and anti-virus solutions on the company's network.

Ode to IDS

The need for an IDS solution arose from the fact that the concept and technology of the firewall alone was not sufficient to ward off attacks. According to Johri, a firewall is basically a means of doing authentication and stateful inspection. However, there can be situations that are beyond its inspection capabilities. For instance, the firewall cannot figure out when IP masking takes place. Another possibility is that malicious content could enter using a recognised IP address.
These issues were of prime concern, considering that it has several applications that are centralised at its Noida head office. Further, the Internet is distributed centrally from the HO. In such a scenario everyone comes to the central system, whatever happens at the HO affects all other locations. "If someone gets in through the Internet with malicious intent we might land up either losing data or face a DoS attack or just have an integrity issue." This prompted the company to go in for technology that would help it figure out whether incoming data was admissible. While viruses can be detected by an anti-virus solution, a comprehensive check of content was required. Apart from stateful inspection of the headers, the only option was to go for an IDS.
The reason an IDS solution was its was its competitive advantage and the key aspect favouring ISS at that time was its large signature database, almost four times larger than its nearest competitor. This is the most important attribute of an IDS solution. The second reason for choosing ISS was that it was one of the few IDS solutions that could inter-operate with the firewall. The solution had the capability to tell the firewall that it had committed a mistake, after which the firewall automatically dropped that particular connection.

Rolling out

In early 1999, HCL Comnet deplo yed a network-based IDS (NIDS) solution from ISS in approximately 25 days (including bench time). HCL Comnet itself implemented the solution. One of the most critical factors for the company during the implementation period was identifying critical network segments for deploying the NIDS. Wherever there was a connection point, the company put an IDS on top of it.
Also, within the IDS it decided to go for a combination of both stealth mode and normal mode.
The company also defined its IDS operating policy in terms of what kind of traffic to cover, how it would talk to the firewall and so forth. To deal with false alarms that may set off in case of traffic surges, the company installed alarm filters on the NIDS. The ratio of actual to false alarms is almost 1:10,000 today.
The IDS essentially inspects all inbound and outbound network activity at HCL Comnet and identifies suspicious patterns that may indicate a network or system attack.

A second layer of protection

Towards the end of 1999, the company felt the need to implement a host-based IDS (HIDS) as well. It had put up critical applications and data on its servers, which were centralised, making a HIDS solution a necessity. Presently, the company has a combination of both NIDS and HIDS solutions. Through NIDS individual packets flowing through the network are analysed and malicious packets that are overlooked by the firewall are detected. The HIDS helps the company examine activity on each individual host (server).
For the company, all individual network segments, which emanate from the Internet gateway onwards, are now NIDS-protected. The tally of HIDS has grown from three to four initially to 26 today. Presently, all the critical servers at Comnet-the database servers, application servers, mail servers-have a host-based IDS.
The IDS solution at HCL Comnet has also scaled up in terms of its signature database. with around 1,400 signatures in the database. In addition to this, the company has also added anomaly detection to its system (in addition to its signature detection). Comnet has judiciously leveraged both for effective detection.
Deploying IDS has helped the company meet its service level agreements with customers in terms of high network availability and data integrity. IDS is only one of the tools in HCL Comnet's
security set-up, but it is nevertheless an essential one.

<Back to top>


© Copyright 2003: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.