History of Network Security
Since the inception of networked computers, security has been a concern. Before the 90s, networks were relatively uncommon and the general public was not made-up of heavy internet users. During these times, security was not as critical - however, with more and more sensitive information being placed on networks, it would grow in importance.
During the 70s and 80s, researchers with access to the "internet" enjoyed playing practical jokes on each other through the network. These jokes were harmless, but nonetheless, exposed flaws in the security of the ARPANET (forerunner to today's internet). The network, at this time, was small and many users knew each other in their professional careers - which limited the risk and threat.
There were several high profile violations of security during this time - including the popularization of the term "hacker" by the movie War Games - but few serious steps taken to limit the damage, other than Congressional Hearings and proposed legislation.
In the late-80s, use of the network began to grow quickly. With universities, government and military installations connecting, the need for security was growing. The first automated worm appeared on the ARPANET in 1988. The "Morris Worm", developed by a student at Cornell, could exploit the lack of intrusion prevention system and connect to another computer, use vulnerabilities to copy itself, and send itself to a new location. The self-replicating Morris Worm did much to expose the vulnerabilities of networked computers - using so many resources that infected computers were rendered inoperable, and spreading quickly throughout the network. At this point, influential leaders in the network decided to begin developing countermeasures against network threats.
Formation of CERT
The government agencies in charge of developing ARPANET worked with other users of the network to develop the Computer Emergency Response Team (CERT) - the first network security organization. Formed in 1988, CERT actively spread awareness of security protocols and researched ways to mitigate and altogether prevent breaches. As the internet population exploded and the commercial use restriction of ARPANET (now known simply as the Internet) was removed, networks became a highly appealing target for "hackers" around the world.
In the mid-90s, the number of potential threats had multiplied exponentially, necessitating the creation of anti-virus and firewall programs to protect computers. These mass-produced protections were necessary, as the number of threats and users had grown too large to handle with custom measures and teams.
Generally, the first firewall is credited to a researcher at a NASA center in California. After being attacked by a virus in 1988, they developed a virtual version of the "firewall" used in physical structures to prevent fires from spreading to other parts of a building or complex. Using routers to separate networks into smaller networks, the firewalls prevented an attack from infecting all the computers on a network at the same time. Over time, these firewalls have developed into highly sophisticated tools that monitor and prevent potentially malicious requests or traffic from reaching systems and networks. Firewalls now check requests and impose restrictions on data at multiple levels, including the web application level.
The other late-80s development in internet security was the anti-virus program. Numerous companies and programmers developed software that would "clean" infected computers after they contracted a virus. While many of the viruses in the late-80s period were not necessarily malicious, as time went on, anti-virus protection became a mandatory addition to any network that wanted to remain secure. The viruses of the 90s and beyond were more malicious in nature, designed to infiltrate and steal, destroy or otherwise disable networks.
How Radware Solutions Protect Networks
Radware solutions offer protection from these sorts of network intrusions, featuring a wide variety of attack mitigation capabilities including Network Behavioral Analysis (NBA), Denial of Service (DoS) protection, reputation engine and web application firewalls (WAF.)
If the past has taught us anything, it is that attacks will only continue to get more advanced over time. Continue learning about the evolution of network security with Part II.