Compared with previous estimates, costs associated with cleaning up after a virus or worm attack have increased by more than 400 per cent over the past 12 months, to
Firms fight 500 internet attacks a month
Research commissioned by application switching provider Radware found that 70 per cent of the 50 small businesses it monitored experienced more than 1,500 attacks over a two-week period in August – largely because of the outbreak of the SoBig virus.
And with web-based distributed applications becoming more pervasive, the majority of security threats facing corporations will be at the application level across port 80, the research warned.
More info: [url=http://www.vnunet.com/News/1151137]http://www.vnunet.com/News/1151137[/url]
Defending_Against_Insider_Infections
The recent spate of viruses has exposed the dangers of providing network rights to laptops that operate both on and off the network.
– Security organizations must employ both technology and policy to protect network resources.
– User management aggregation (identity management, provisioning) will mature rapidly (2004).
– Security event management consoles (collecting intrusion detection system, firewall, and host events) will remain out of the mainstream until 2005.
– Security configuration consoles (central distribution points for firewall, personal firewall, and eventually server configurations/policies) are the least mature, with viable integrated products appearing in 2006/07.
Numerous META Group clients are reporting virus infections that traverse well-designed perimeter defenses in the briefcases of consultants and other roaming users.
Corporate laptop users should be protected with standard antivirus (AV) software, personal firewalls, and regular security patch management. But what about end users not under the IT management umbrella?
Most organizations have a small army of consultants, outsourcers, business partners, customers, and other visitors that require network access in some form.
Even organizations with a federated corporate or security structure must validate security compliance (e.g., patch levels, AV update level, security software installed, security process such as AV and firewalls running) on affiliate PCs before granting network rights.
Best-practice security organizations are employing both written policy and technical means to ensure their network is safe from these roaming “Typhoid Marys.”
Before any technical solutions are deployed, IT organizations (ITOs) must first establish a clear policy and ensure that security compliance and acceptable usage education are embedded in the process.
Computing facilities provided for non-contracted visitors should include instructions on how to use, help desk contact info, and brief security/acceptable-usage guidelines. For contract visitors, security policy compliance should be a contractual obligation with clear penalties for non-compliance. Shifting liability to the outsourcers/contractors creates an incentive for their ITO to prevent problems. However, embedding security compliance in business contracts will require consultation with the business and legal departments and may not be possible to append existing contracts.
The ITO must perform random audits to ensure compliance before a security incident, particularly if no automated compliance technology is deployed.
The first step organizations should take is to identify and classify all non-corporate-managed users based on the trust level of network resources they require and the duration of that access.
Creating a “guest network” that is isolated from the corporate network. If the type and number of internal applications needed by guests are predictable, ITOs can route users outside the organization on the guest network and back into a secure portal (i.e., Citrix, Sybase) that includes host integrity/policy checking prior to providing access. On-site outsourcers/contractors are the easiest to manage.
Another best practice is to reformat the hard drive and install a new image on loaner PC before re-issue it to ensure it is secure, user levels are appropriate, and no residual confidential information is present.
ITOs can use logon scripts to check for security agents and dynamically install it – with approval from the end user – if necessary. These tools typically can report only on compliance and cannot deny network access for non-compliance unless combined with logon scripts.
More info: [url=http://techupdate.zdnet.com/techupdate/stories/main/Defending_Against_Insider_Infections.html?tag=tu.scblog.6673]http://techupdate.zdnet.com/techupdate/stories/main/Defending_Against_Insider_Infections.html?tag=tu.scblog.6673[/url]
Firewall sales to skyrocket, say analysts
While almost every large and midsize business already uses a firewall, more companies will start installing the devices at an increasing number of points in their networks, said Mark Bouchard, senior program director for technology research at Meta Group.
I see a lot more customers intent on using firewalls in a lot more places, like between business units,” he said. Digitally cordoning off networks has proved to be an effective way to prevent some attacks, such as worms, from spreading. Business adoption of that tactic, plus sales to new customers, will expand the market for firewalls to $2.5bn worldwide in 2005, Bouchard estimated.
The forecast comes as security companies seek to improve the integration of different safeguards into a single device. Such a product would bring together many functions, such as virus protection, intrusion detection, virtual private networking (VPN), firewalls and content filtering. Security device maker NetScreen Technologies and network hardware maker Cisco both plan to add secure sockets layer (SSL) functionality to their VPN products. Internet Security Systems, a network protection company, has combined several security functions into an all-in-one device. In addition, Check Point Software Technologies announced in mid-November that it would branch out from firewall and VPN software and devices to incorporate internal network and website protection software and services.
Meta Group’s Bouchard believes that companies will still demand stand-alone firewall devices to protect key parts of their networks. “I believe that the integrated products have a way to go before they become a primary solution,” he said.
More info: [url=http://www.silicon.com/software/security/0,39024655,39117180,00.htm]http://www.silicon.com/software/security/0,39024655,39117180,00.htm[/url]
Report: A third of spam spread by RAT-infested PCs
Graham Cluley, a senior technology consultant for Sophos, said Wednesday that the increasing use of broadband Internet connections and a general lack of security awareness have resulted in about one in three spam e-mails being redirected through the computers of unsuspecting users.
Cluley said that if a Remote Access Trojan (RAT), a type of Trojan horse program, is able to get into a PC, an attacker could take full control of that PC, as long as it is connected to the Internet.
There is also a very small chance that PC owners will have any idea their system is being used by a third party, said Cluley, who warned that attackers could remove any traces of their activity so that there would be no obvious record: “It is really just network and Internet bandwidth that is suffering–there is no permanent record left on the PC that you can look up–you wouldn’t see anything if you checked your Outlook ‘Sent Items’ folder,” he said.
More info: [url=http://zdnet.com.com/2100-1105_2-5113080.html]http://zdnet.com.com/2100-1105_2-5113080.html[/url]
VOIP Rules Inch Toward Internet
Verizon Communications Inc. and SBC Communications Inc. (see story, Page 26) recently launched VOIP services in selected cities.
In arguments to the FCC, the RBOCs point to Vonage’s marketing as an illustration that VOIP is the functional equivalent of regular telephone service, but others, including manufacturers such as Cisco Systems Inc., argue that it is an Internet application like instant messaging or e-mail.
More info: [url=http://www.eweek.com/article2/0,3959,1400198,00.asp?kc=EWRSS03119TX1K0000594]http://www.eweek.com/article2/0,3959,1400198,00.asp?kc=EWRSS03119TX1K0000594[/url]