Two stories within the last week illustrate serious trouble with intrusion prevention systems. The first was the problems with Cisco routers which I blogged about. The router's intrusion prevention system was open to attack from criminals.
Then, on Monday of this week, it was reported and confirmed that a widely used open source intrusion detection software "Snort" was hackable as well.
Both of these incidents indicate the many attack vectors that criminals have to attack an enterprise. These types of attacks are very serious in that they are the very frontline of the enterprise firewall. If this is penetrable unknown to the enterprise, the front door is essentially either somewhat or wide open depending on the hole that is created.
What could be more proof that enterprises must deploy multiple levels of identity authentication within the enterprise? Like the castle defenders of old, it was realized that eventually attackers would find ways to overcome the moats, drawbridges and the first outer walls. This lead to the implementation of inner walls, twisting staircases that were hard to attack, etc.
You need to have multiple layers of identity authentication getting stronger and stronger as the user drills closer towards high risk data and applications. Then assume that this too will be breached.
Use transaction software to protect your crown jewels and as a last resort, filter all outgoing traffic through your firewall looking for sensitive information. Otherwise you may be telling your workers, customers and shareholders some bad news.