Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, June 27, 2005

Gartner: Relax about overhyped security threats

Don’t believe the hype about some of the computer security threats emphasized in industry and the media, two Gartner Research analysts said today.

Lawrence Orans, a principal research analyst, and John Pescatore, vice president and research fellow, told attendees at the Gartner IT Security Summit in Washington, D.C., not to fear going ahead with projects that use voice over IP technology, Virtual Private Networks over the Internet and wireless hot spots.  The computer-security experts also advised their audience not to waste time or money on products they don’t need to meet federal regulations and protect against malware on mobile devices.

The men debunked five popular security myths:

* Eavesdropping risks makes VOIP telephony too insecure to use.  Industry and the media overhype the danger of eavesdropping because it is as easy to eavesdrop on voice packets in a network as on data packets, Orans said.  Companies that follow best practices to protect their data should have no trouble protecting their Internet telephony operations”.

* Malware on mobile devices will cause major business disruptions in the near future.  The hype about antivirus products to protect cell phones and PDAs has been around since 2001, Pescatore said.  But he said he predicted that viruses and other malware used against wireless mobile devices won’t cost more than antivirus protections against them until the end of 2007 at the earliest.  More Americans need to use smart phones and PDAs with always-on wireless capability, Pescatore said.  Additionally, mobile malware attacks won’t become a real threat until the users of these wireless items commonly send locally executed software”, he said. 
* Viruses will not destroy the Internet.  Named after Andy Warhol’s “15 minutes of fame” quip, a Warhol worm infects all vulnerable computers on the Internet within 15 minutes, Orans said.

* Compliance with government regulations equals security.  The increased federal regulation prompted by Sarbanes-Oxley and similar legislation does not automatically lead to more security.

* Wireless hot spots are unsafe.  The threat of “evil twins” setting up rogue access points to fool unsuspecting Internet users into thinking they are on real sites and then divulging confidential information is a red herring.

Posted on 06/27