Buzzword Babylon IV: Still More Baffling IT Security Terms ExplainedMay 16, 2014 by Daniel Humphries
Throughout this series on baffling IT security buzzwords, we’ve called upon experts with a knack for speaking in plain English to help us define terms that can be mystifying to non-tech business owners and executives.
After all, as the great Russian author Fyodor Dostoevsky once said, “Much unhappiness has come into the world because of bewilderment and things left unsaid.” And Dostoevsky knew a thing or two about unhappiness.
In the case of IT security, confusion over these terms can result in tremendous amounts of money flushed down the drain as a result of making the wrong technological choices—or worse, money wasted rectifying the consequences of a catastrophic security breach. Nobody needs either of those headaches, which is why we’re here to help.
- Vulnerability Scanning
- Security Information and Event Management (SIEM)
- Virtual Private Network (VPN)
1. Vulnerability Scanning
Raj Goel, founder and CTO, Brainlink International: Every computer, router, firewall, database, server and so forth has bugs, or holes in it. A vulnerability scan pokes and prods—the same way your doctor pokes and prods you during your annual physical—to determine what problems it can find with a system, network or company.
Whereas your doctor pokes and asks, “Does that hurt?” a vulnerability scanner asks, “Can I steal data when I do that?” or “Can I get you to crash when I poke here?” or “Did you leave the back door unlocked again?”
Jason Herbst, security analyst at The Nerdery: Vulnerability refers to a weakness in software or hardware that could be used by an attacker to gain access to that system. Vulnerability scanning refers to any number of ways to look for vulnerabilities. There are plenty of tools available that do this; you can also look manually.
The end result is a list of vulnerabilities discovered. Good guys use this as a list of things to fix, while bad guys use this as a list of options to give them access to a computer.
Anyone interested in security, business and home users alike, needs vulnerability scanning. In general, home users are more vulnerable than business users because of the openness of their home computers.
For businesses, vulnerability scanning becomes more important the larger an organization gets, because as it grows they become more valuable as targets for attackers. However, smaller businesses won’t have the elasticity that larger organizations have, which means that when they’re attacked, they’re likely to suffer more.
Duane Kuroda, senior threat researcher at NetCitadel: Vulnerability scanning is where automated tools run tests against servers to look for open ports, default passwords, outdated and/or unpatched software responses, etc.
For example, there are new vulnerability scans for the Heartbleed flaw. They check for the version of OpenSSL (the widely used technology featuring the bug), and some also perform a telltale query that will expose the flaw. The analogy is someone checking your house for unlocked front doors, keys on the doorsill, under the doormat or hidden in a fake rock.
2. Security Information and Event Management (SIEM)
Raj Goel: Simply put, everything electronic generates logging and telemetry data. A Windows desktop generates thousands of events per minute, and a large network can generate billions of events per hour. That’s a lot of data, and no sane human being can sift through all those haystacks looking for needles.
A SIEM (a fancy name for a database with some pre-built and custom scripts and fancy graphics), sucks in all that data, summarizes it and helps engineers make sense of it all.
Ryan Tappis, director of MBL Technologies: Pretend you’re a homeowner trying to protect your house (network) from burglars. Think of all the protection devices you have—you might have an alarm system, motion activated lights and surveillance cameras.
If a motion activated light is triggered by a dog running by, the SIEM will be smart enough to realize it’s not a burglar. But, if a surveillance camera sees someone suspicious who then triggers the motion activated lights and sets off the internal house alarm, the SIEM will piece all that information together and say, “WE’RE BEING ROBBED!”
SIEMS are needed most by larger companies with more data and more to lose from a data breach. Cost is also a consideration, as these systems do tend to be pricey.
Ricardo Capuno, technical marketing engineer at Check Point: SIEM uses all the little bits of information from many sources, such as computers, routers and firewalls, and groups them into something a human can easily read. This is called an event. Important events alert the organization that changes need to be made to fix the issue, such as configuration changes to firewalls, computers or routers. These changes need to be tracked and documented. In other words, the event must be managed.
Duane Kuroda: SIEM is an appliance or software package that collects system logs and system events from several devices in search of anomalies. For example, a SIEM can read firewall logs, intrusion detection system logs, web server logs, file access logs and more.
In addition to the core logs the SIEMs collect, they can also aggregate events such as failed login attempts and malware event alerts. If it sounds complicated, that’s because it can be: getting a SIEM to work often means months of integration, custom coding and a lot of monitoring.
A useful analogy is an airport where checked luggage from 30 different airlines passes through one detector or scanner. The detector will beep if it thinks it found an explosive device in a suitcase. But like the detector, a SIEM might also beep if it sees chocolate, because SIEMs sometimes report false alarms.
3. Virtual Private Network (VPN)
Jason Herbst: VPN refers to the ability to have computers that are not on the same physical network be part of the same logical network. It allows people to access resources remotely, as if they were physically in the office.
This is important for any organization with traveling employees. If there are resources that are only accessible from inside the office and there are remote workers, there needs to be a way for them to access those resources securely.
Duane Kuroda: VPN usually refers to an encrypted point-to-point link that connects two networks. For example, many firms use a VPN to grant staff access to the corporate network from home. Once connected by the encrypted link, the home user “appears” to be on the corporate network and can access corporate servers that are blocked to users that aren’t on this network.
An analogy would be to look at it as a private tunnel. Your parents won¹t let your girlfriend into your house even though she lives next door. However, if you dig a tunnel from her basement to yours, she can come and go to your house, eat your food, etc., just as if she lived there.
Raj Goel: Think of the Internet as the US Postal Service. Ordinarily, most Internet traffic resembles a postcard. As long as the destination address on it is correct (we’ll ignore postage charges), the system will deliver it. The problem with postcards is, one, anyone can grab that postcard and read it (and lots of systems do), and two, you never really know where your postcard is at any time.
A VPN is like sending postcards via FedEx: it costs more and requires you to have special VPN software, but all of your postcards get put inside a secure, sealed box before shipping. No one (or very few people) can peek inside that box to read your message, it’s more secure.
You can also track your package so you know where it is at all times. With a VPN, the VPN controllers can confirm that all packages arrived properly, tamper-free, in the correct order, and so forth.
For ordinary uses, such as everyday Web surfing or watching Netflix or Hulu, “postcards” are fine. A VPN is recommended for accessing corporate emails, discussing anything sensitive, such as corporate mergers, acquisitions or lawsuits, or if you’re sharing or transmitting sensitive or privileged files. In short: use a VPN for work, and a non-VPN for play.
And so our epic quest through the world of IT security buzzwords comes to a close. Thanks once more to all the experts who helped us add a little clarity to this confusing topic in every installment of this series. We hope you found the explanations as illuminating and educational as we did.
Meet Our Experts
Raj Goel, CTO and founder of Brainlink International, Inc. is an author, entrepreneur, public speaker and expert in cyber security and privacy law. He’s committed to educating individuals and organizations about online safety and how to protect their most important assets: people and data. Goel’s advice helps individuals, companies and conglomerates navigate their way through the world’s ever-changing technology and increasingly complex IT compliance laws.
Jason Herbst is a security analyst at The Nerdery, an interactive production company. He has worn many hats during his 10-plus years of IT security experience, which includes general IT, web security, network security and compliance. Herbst has also worked as a forensic analyst, security analyst and data collections specialist, and holds CompTia Security+, OSCP, CHFI, GSEC and CISSP certifications.
Duane Kuroda is a senior threat researcher (and wearer of many hats) at network security firm NetCitadel, where he looks at the breadth and depth of threats that impact the company’s customers. Prior to that, he worked for Check Point Software Technologies as part of the Threat Emulation Sandboxing Technology team. Kuroda also worked with nSolutions, a company involved in cloud and data center compliance technologies, and had a stint as a senior analyst at Gartner Inc.
Ryan Tappis is a director at MBL Technologies, a cybersecurity consulting firm that works with clients in the public and private sector. Ryan has over 12 years of cybersecurity consulting experience for both commercial and federal clients and specializes in cyber security compliance, risk management and security program development. He holds a master’s degree in computer systems management as well as CISSP, CISM and CRISC certifications.
Ricardo Capuno is a technical marketing engineer at Check Point Software Technologies. Growing up in Silicon Valley, he has more than 20 years of experience in security, professional services and IT administration for companies that focus on software development, hardware manufacturing and consulting services. Ricardo has held various high tech positions at HP, Johnson Controls, Pacific Bell, RedCannon Security, Chiron Corporation and Kaiser Permanente.