@STAKE RESEARCH SUGGESTS INCREASED NETWORK SECURITY BENEFITS BOTTOM LINE Monday 15 October 2001 PDF Print Appropriate security can save companies thousands of pounds each year by improving network performance Leading digital security consultancy @stake (www.atstake.com), today released research showing that tailored network security can reduce the number of computers needed to process transactions, bringing significant cost savings to e-businesses and data centres. The research showed that a customised, secure computer network outperformed an unsecured network by as much as 3.28 per cent. @stake's laboratory tests, conducted on a typical network infrastructure used by various companies conducting transactions over the Internet, proved that increased security conferred additional benefits, such as higher throughput, capacity, and reduced maintenance costs. The research is the first in a series of @stake reports into how proper security can bring a positive return on investment. Results highlighted that taking simple steps to increase network security, such as disabling superfluous services and programs, stripping privileges and creating access lists all boosted the performance of the test network's Web server (See below for security tips to enhance network performance). Figures showed that the unsecured Web server processed requests at an average of 129.635 requests per second, or 4,088,177,244 per year. In comparison, after implementing simple security measures, including disabling superfluous services and programs, stripping privileges, disabling unnecessary modules on the Web server and turning off vulnerable services, the Web server's performance was boosted to an average of 133.885 requests per second or 4,222,210,500 per year - an increase of 3.28 per cent. Tom Scholtz, research analyst, META Group Inc, added, "What we have started to see in the last few months is companies investing in information security, not simply because of the added protection it affords their business, but because they are realising that fine tuning their IT infrastructure can actually save them money. While the key driver in the information security market is still protection, an increasingly important second motivation is the potential return on investment a secure IT infrastructure brings." Royal Hansen, practice director Europe, @stake, commented, "For too long, security products and services have been implemented in a one-size-fits all approach. Our research conclusively shows that implementing tailored security solutions can bring business efficiencies. With more and more corporate decision-makers having to justify their IT spend in terms of immediate return on investment, the results show that digital security should be viewed as an investment, rather than an expense. For example, a data centre running 1,000 servers could reduce the number of servers needed by 3 per cent, giving them a saving of around £42,000 ($60,000) per year." Hansen continued, "Although each network environment will be affected differently by implementing security measures, @stake's laboratory tests proved that a few, relatively inexpensive security measures may not only lessen the vulnerability of an organisation to attack, but can also reap rewards in terms of protecting revenues. If companies fail to understand which assets to protect, how to protect them, and design appropriate security yields they are not only more vulnerable to attack, but also missing out on bottom-line benefits." Performance gains were also recorded for a Web server secured using a firewall between the client computers and the Web server. The firewall reduced the number of transactions the Web server was able to handle. However, the Web server was still able to handle between 1.93 per cent to 2.93 per cent more transactions than the number of requests recorded for the original, unsecured Web server. The actual increase in the number of requests the Web server could handle was found to be dependent on the network configuration and level of security applied. The most secure and efficient network environment tested included replacing the generic kernel configuration on the firewall with a stripped-down and secured kernel. In addition, the controller rule set was modified to pass Web traffic in a stateless fashion. This secure posture resulted in a 2.93% efficiency increase, equating to an additional 119,897,244 requests over the unsecured network. @stake erected a network infrastructure, taking performance readings to establish a baseline rate of the number of requests the unsecured web server could handle, as between four and 60 client computers connected simultaneously. Security measures were then applied in steps, and new metrics were taken and compared with the baseline metrics. Security tips to enhance network performance Shut down unnecessary functions - changing the security profile of the Web servers from their stock configuration, so that all superfluous services and programs on the system are disabled in the system start-up scripts, makes the servers more efficient. The central processing unit (CPU) spends less time querying unused processes and larger slices of time to the remaining services. Turning off services on the Web servers not needed to fulfil business objectives should also mean that less time is wasted maintaining security patches for unused services. Strip privileges - apply standard host-hardening procedures, so that privileged programs not needed for the system's particular purpose are stripped of privileges. Disable unnecessary modules on the Web server - instead of running servers in their stock configuration, disable all unnecessary modules running in the servers by commenting them out of the configuration scripts and restarting the Web server. Create access lists - Web servers can be hardened through adding a router to the infrastructure. Configuring the router with access control lists to block malicious addresses and spoofing will also better manage traffic passing through the Web server. -ends- Notes to the editor Further details of @stake's research are contained in Secure Business Quarterly, Volume One, Issue Two, published 15 October 2001. For further information go to www.sbq.com. The efficiencies described above relate only to the test network environment. Implementing security measures may increase or decrease the number of requests a Web server can handle in different network environments. About @stake @stake works where business and technology intersect, because that is where security is most powerful. The firm integrates technical and business expertise to build security solutions that look beyond the network to the security of applications and data, and future business goals. @stake couples vertical industry expertise in three areas-- financial services, communication service providers and e-markets-- with pioneering research, to design and build strategic security solutions that enable the electronic business initiatives of its Global 2000 clients. Amidst other providers for whom security services are a way to sell products or drive the sale of broader service offerings, @stake stands out with its dedicated focus on security consulting services and the unmatched calibre of its people. @stake security consultants and research scientists built their expertise at premier organisations including the L0pht, Cerberus Information Security, DERA, the National Security Agency, Axent, BBN, Deloitte & Touche, Open Market and RSA. @stake matches its unparalleled security talent with equally strong vertical industry and business expertise drawn from Sapient, Cambridge Technology Partners, Arthur Andersen, Fleet, Fidelity, Exodus, Nortel and Interpath. For further information go to: http://www.atstake.com For further information or copies of @stake's report please contact: Brodeur Worldwide (UK enquiries) Matthew Ward firstname.lastname@example.org Tel:+44 (0) 1753 448875 Michael O'Connell email@example.com Tel:+44 (0) 1753 448861 @stake (US enquiries) Lona Therrien firstname.lastname@example.org Tel: +001 617.768.2703 ______________________________________________________________________ Click on the link below to see this news release as it appears on the Brodeur News Room website and obtain full contact details. http://www.brodeurnewsroom.com/asp/release.asp?rid=1794&cid=... ______________________________________________________________________ Click the link below to login and update your company and subject preferences, or personal details. http://www.brodeurnewsroom.com/asp/login.asp ______________________________________________________________________ Click on the link below to have your login details re-sent to you. http://www.brodeurnewsroom.com/asp/forgot.asp ______________________________________________________________________ This press release was distributed by ResponseSource Press Release Wire on behalf of Pleon in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.