Infosecurity Europe 2007: a selection of papers from exhibitors at Infosecurity Europe 2007, Europe's dedicated Information security event. Now in its 12th year, providing an education programme, new products & services, over 300 exhibitors and 11,600 visitors from every segment of the industry. 24th - 26th April 2007, Grand Hall, Olympia. www.infosec.co.uk.The Burglar in the Basement What are the most common causes of IT security breaches, and how do companies stop the burglars getting in? Harnish Patel, SVP SVP S'il Vous Plaît (French: Please) SVP Senior Vice President SVP Schweizerische Volkspartei (Swiss People~s Party) SVP Society of Vertebrate Paleontology SVP Social Venture Partners SVP St Vincent de Paul EMEA (Europe, Middle East, Africa) Refers to that region of the world. For example, one might see products packaged differently for the UK, EMEA and Asia Pacific markets. , SurfControl Historically, the approach to enterprise security has been to make the fortress bigger and stronger--to install more products, and write more policies. Yet despite heightened security awareness Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. and cutting-edge tools, 2006 was the worst year yet on record for corporate security breaches--continuing the year-on-year escalation of security risk. The problem is, attackers are as advanced as the defenders--and the attacks don't always come from the expected direction. Inside job The fact is that the biggest threat to an organization lies within its boundaries. In its 2006 survey, "Information Security Breaches," the DTI Diffusion tensor imaging (DTI) A refinement of magnetic resonance imaging that allows the doctor to measure the flow of water and track the pathways of white matter in the brain. and PricewaterhouseCoopers found that 32% of Information Security attacks originated from internal employees while 28% came from ex-employees and partners. Similarly, law enforcement experts in Europe and the US estimate that over 50% of breaches result from employees misusing access privileges, whether maliciously or unwittingly. So securing the enterprise isn't just about stopping external threats. It's just as important to contain the threat from hapless or hazardous employees. One of the key internal threats to corporates is spyware, because it's all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved un·ap·proved adj. Not approved or sanctioned: an unapproved vaccine; an unapproved protest march. yet 'cool' application on the network. The situation isn't helped by the myths that surround spyware. Mythbusting These are the six most common spyware myths: 1. It's an isolated problem 2. Blocking at the gateway is good enough 3. Locking down the desktop is good enough 4. Drive-by downloads are a primary source of penetration 5. The problem comes from the outside in 6. No one wants spyware But the truth of the matter is somewhat different. Let's look at the real situation that's masked by each myth. 1. Most spyware comes in as the direct result of user behavior, whether that user is nalve or ill-intentioned. 2. Stuff comes in at the desktop all day long. Blocking at the gateway without securing the desktop PC doesn't make security sense. It's like locking the doors and windows Doors and Windows is a multimedia disk by the Irish band The Cranberries. Track listing
3. If "locking down" the desktop and restricting user installation were effective, there would be no need for antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. . Spyware is designed to get around acceptable use policies and exploits users' inquisitive in·quis·i·tive adj. 1. Inclined to investigate; eager for knowledge. 2. Unduly curious and inquiring. See Synonyms at curious. nature. 4. "Drive-by downloads" should never occur in a corporate environment, because they come from sites that users should not visit at work. 5. Sure, spyware comes from outside--because someone opened the door and let it in. Not recognizing this results in a porous security infrastructure. 6. True, no-one actually wants spyware, but it comes as part of that cool application that users do want. So spyware gets installed anyway. Spy trap So what can companies do to minimize internal threats? First, make a Web filter a required part of the network security arsenal. This should prohibit users from visiting known spyware and 'drive-by download' sites. Second, deploy an effective email filter that blocks spyware from entering the network via active HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. , attachments, phishing and spam. There also needs to be protection at the desktop to stop spyware as it's introduced. Finally, implement a solution that disallows running or installing programs that in turn install spyware. Put simply, to keep the burglar out of the basement, organisations need to remove the ability of employees to let the burglars in, in the first place. They need to implement tamper-proof solutions that users cannot easily evade--no matter what the external inducements. Encryption in enterprise storage--why should IT professionals be more aware of its importance, what's best practice here? Paul Howard For the baseball player, see . Paul Howard is a journalist with the Sunday Tribune, an Irish Sunday newspaper. Howard is best known as the author of the paper's Ross O'Carroll-Kelly columns. , managing director and founder of DISUK (www.disuk.com) The number of reported losses of personal customer information held in digital format has increased dramatically during the past year. Many of the high profile losses have occurred as a result of external hacking, these cases tending to receive the most adverse publicity. There are, however, several cases of copies of data held on storage tapes being accidentally lost or stolen and it this type of loss that we shall be discussing. We first need to look at why backup and archive tapes are so important. If you consider the reason that backups are made it is simply because the loss of the data would most likely cause the closure of the company and hence the data is copied on to tape to ensure it is always available in the case of a disaster, be it man made, an act of God, or simple hardware or software failure. A single modern tape cartridge See cartridge. can store over 400GB of data and has a very low [pounds sterling] to Gigabyte cost. Most companies use large numbers of these tapes and move them to a secure location in case they are needed for a restore of either a complete system or a partial restore of lost or corrupted data. One tape would logically contain up to date customer information; and for a database that is being regularly updated there would be new data on almost every backup copy A disk, tape or other machine readable copy of a data or program file. Making backup copies is a discipline most computer users learn the hard way-- after months of work is lost. See backup and LAN free backup. . Many tapes are moved to off-site vaults and the common method is to use a specialist company such as Iron Mountain to collect the tapes and then return them when they are next due to be overwritten or appended to. These data copies are no longer within the control of the enterprise and are not protected by the company's firewalls, intrusion detection See IDS and IPS. and prevention security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security . The number of tapes in daily transit must run into the hundreds of thousands or perhaps even millions. It is not surprising then that within this large movement there is the occasional misrouting or even loss. Most reported cases are due to simple human errors. Yet, if a tape is deliberately stolen, how do people know that a theft has occurred in the first place? A tape can easily be cloned and the owners of the original will not be aware of the fact as long as the original is returned to site when required. As there is no audit trail on a tape, the losses may never be uncovered and so the theft would go unnoticed. So if it backup copies of data are such a major loophole An omission or Ambiguity in a legal document that allows the intent of the document to be evaded. Loopholes come into being through the passage of statutes, the enactment of regulations, the drafting of contracts or the decisions of courts. why is it that not everyone takes measures to fully protect individual backup and archive tapes? Excuses: The backup data is old so there is no problem. Your mother's maiden name maiden name n. A woman's family name before she is married. Used of a surname that is replaced by a woman when she marries. Also called birth name. , your data of birth and national insurance number don't change so the age of the data is not relevant. Most people's circumstances are quite stable so it is likely that other information such as address and employment are also unchanged. We use a backup programme that has a special format so it is impossible to read the tapes! This is not true as data stored on tape is in clear text so it can be read whatever backup software See backup program. (tool, software) backup software - Software for doing a backup, often included as part of the operating system. Backup software should provide ways to specify what files get backed up and to where. you use. There are special programmes available capable of reading many different formats which require no real specialist knowledge at all. It's not our responsibility but the customers. Banks and other financial institutions are loath loath also loth adj. Unwilling or reluctant; disinclined: I am loath to go on such short notice. [Middle English loth, displeasing, loath to admit to a problem or to any loss of customer information and so will often cover the cost of a loss rather than admit to the public their system is not secure. More emphasis is put on placing responsibility with the customer protecting their information rather than on the bank to address the security flaws in its own systems. Most media focus at the moment tends to point to personal identity theft and this is certainly a major concern as it causes major problems to individuals. However, surveys reveal that many companies either fail to appreciate the risks from loss of backup tapes or are simply ignoring the issue. What defence is available to protect against these threats? Encrypting the data saved to tape, be it for backup or archive use, is the most logical and secure option. There are two different approaches, either using software on the system or a hardware solution design specifically for the job. Software-based systems tend to be the lowest cost option but these solutions can have several drawbacks. The most apparent problem in using software tape encryption is that the system processor is not designed as an encryption engine, so the software can use a great deal of the available processing power. As this is likely to impact on the speed of the backup or archive jobs, which may already be time critical, this alone can be a reason for not using software. Of more importance however is the impact it has on a system restore, as this is 'in reality' the most time critical point in tape usage. Another point to consider is how the tape drive performance may be impacted when it is receiving encrypted data. In normal tape operations, the drive pre-compresses the data before it is written to tape. This allows big speed improvements on the native transfer rate available on both read and write operations where the data is compressible com·press·i·ble adj. That can be compressed: compressible packing materials; a compressible box. com·press . Encrypted data is very random so you cannot expect the tape drive to achieve compression with this data. It is possible to compress the data at the system level but this again uses valuable system processing resources which may impact both backup and system performance. Hardware solutions are able to overcome the speed limitation suffered by software solutions as dedicated hardware engines compress and encrypt the data being written to tape and so have no impact on host system processing resources. With hardware, the backup and restore times remain constant and predictive, ensuring service level agreements can be met. The hardware approach also provides security for the encryption user keys as they no longer reside on the system itself. By allowing for user unique hardware keys to be built into the system, products ensure that even if an unauthorised person possessed the user keys, they would be unable to read the tapes on another company's apparently identical units. The approach to take is to install a product designed to protect the data on the tape cartridge but with the minimum impact on the company's existing infrastructure and operating procedures. Hardware vendors that have put the complexity into the unit will shield the user from extra work as much as possible. This helps ensure that, in the event of a major disaster where the company has lost all its systems and, as in the case of the last year's hurricane in Texas, also lost access to its disaster recovery site, it is straightforward to get operational again. By simply supplying a new encryption hardware unit that can be fitted by the user and allow them to get the restores running on another site quickly and easily. Web Filtering Blocking access to unwanted Internet content. Businesses can block content based on traffic type. For example, Web access might be allowed, but file transfers may not. Content can also be blocked by site, using lists of URLs cataloged by content that are updated frequently. : The Network Strikes Back Ross Paul, Senior Product Manager, EMEA & APAC APAC Australian Partnership for Advanced Computing APAC Agricultural Policy Analysis Center APAC Asia and Pacific APAC Asian Pacific American Coalition APAC Adapted Physical Activity Council (American Alliance for Health) Websense As the internet becomes more and more business-critical, the line between professional and personal use is becoming increasingly blurred. Incredibly popular websites like iTunes, YouTube and MySpace combined with non-automated IT Internet usage policies The guidelines and instruction given to employees concerning the use of Internet facilities such as the Web, e-mail and chat conferences. It stipulates all prohibitions such as access to pornographic sites, conducting illegal activities and sexual harassment. are resulting in the office PC and laptop being used as a personal entertainment centre rather than a work station. Clearly, the multimedia revolution is having impact on productivity, but that is only half the story. With today's sophisticated Internet attacks coming from all corners of the globe, companies just can't settle for a standard 'run of the mill' web filtering solution that only targets known websites with inappropriate content e.g. pornography and gambling. These threats, although considered a nuisance, aren't the greatest problem. They are just the tip of the iceberg tip of the iceberg n. pl. tips of the iceberg A small evident part or aspect of something largely hidden: afraid that these few reported cases of the disease might only be the tip of the iceberg. . Organisations must choose a web filtering solution that is not only intuitive and robust, but more importantly proactive and automated. Organisation can no longer place the security onus in the hands of the user. An effective web filtering solution must have the ability to proactively discover, mine and analyse web security threats. Having the ability to patrol millions of websites per week for malicious activity plays a key role in the prevention against malicious attacks like drive-by spyware, bots bots maggots of flies which infest animals, especially horses and sheep. The term bot is also loosely used to include the invasive maggots such as those of Cuterebra and Wohlfahrtia spp. horse bots see gasterophilus. and bot (1) (roBOT) A program used on the Internet that performs a repetitive function such as posting a message to multiple newsgroups or searching for information or news. Bots are used to provide comparison shopping. Bots also keep a channel open on the Internet Relay Chat (IRC). network traffic, phishing, malicious mobile code, keylogger backchannel
Backchannel is the practice of using networked computers to maintain a real-time online conversation alongside live spoken remarks. communications, and crimeware. Standard web filtering solutions are not enough; a comprehensive, defence-in-depth web filtering security solution that meets the challenge head on is the only way to ensure total protection. Close encounters of the malware kind In most cases, employees are completely unaware of the malware close encounter. With unlimited internet access See how to access the Internet. , the probability for employees to stumble upon websites with malicious code is inevitable. Perfectly innocent activities, such as visiting a celebrity gossip website on lunch break; swapping a music file with colleagues or chatting on Instant Messenger AOL's instant messaging service. See AIM and instant messaging. (IM) is now resulting in major corporate security breaches such as corporate extortion extortion, in law, unlawful demanding or receiving by an officer, in his official capacity, of any property or money not legally due to him. Examples include requesting and accepting fees in excess of those allowed to him by statute or arresting a person and, with , data kidnapping See ransomware. and identity theft. In fact, a recent report commissioned by the Anti-Phishing Work Group (APWG APWG Anti-Phishing Working Group APWG Action Plan Work Group APWG Acquisition Policy Working Group APWG Advocates for Prostituted Women and Girls APWG AFSCN Prioritization Working Group APWG AFSCN Priorities Working Group ) and conducted by Websense, found that crimeware-spreading URLs have increased by 60% in the last year. In this climate, business can't afford to be complacent. Complacency not only threatens their networks, but it can also have a serious impact on brand. For example, Samsung was unknowingly distributing crimeware through its Samsung telecom website. The site, which was hosted in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , had been hosting a number of directories and files which, when downloaded and run, installed malicious code on end-users' machines. Samsung is not alone. This is just one of many incidents of this nature. In fact, another recent report published by Websense found that over 35% of crimeware samples are hosted for download on legitimate websites, unknown to the site owners. Take instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or Although use of IM is steadily gaining acceptance as a viable business communications tool, it poses a much more sinister threat to business than simply distraction. IM attacks, often referred to as 'spimming', are growing at about three times the rate of spam, due to the explosion of IM use. When used to send file attachments, IM tools are vulnerable to viruses, worms and Trojan horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
In addition, employees are exposed to harmful, even destructive, threats while in the process of simply doing their jobs. The superiority of today's attacks and methods of social engineering mean that even the most tech-savvy user can be duped into opening an email or visiting a website with malicious content. Simply clicking on a link can result in users unwittingly giving sensitive information away. Lately, reports have also begun to circulate about so-called spear phishing See phishing. attacks. These are similar to regular phishing scams; however they are highly targeted with far more customised emails than regular phishing missives. Unlike basic indiscriminate phishing attacks, spear phishers target only one organisation at a time. Once they trick employees into giving up passwords, they install Trojans or other malicious software to sift out to search out with care, as if by sifting. See also: Sift corporate secrets. Unlike email, which has clear business benefits, some applications have no real place in the business world. These applications should never be allowed to run on a network, but have found their way into organisations by stealth. Peer to Peer (P2P See peer-to-peer and point-to-point. ) file sharing Copying files from one computer to another. See peer-to-peer network, file sharing protocol and file and printer sharing. applications are often used in workplace to download music and video files, often including sensitive copyright protected content. These P2P networks can easily be exploited to distribute viruses and worms because they bypass normal security and filtering barriers. Spyware is also typically acquired during P2P application or file downloads, making keylogger and Trojan horses a real threat to corporate security. Adding additional complexity to the present threat, employees can now access information, network resources, and the internet from their homes, hotels, or remote offices. These remote users often circumvent IT investments in perimeter security, opening an access channel to the corporate network for external threats, creating an enormous challenge for IT departments. It's a Juggling Act The challenge that organisations face is striking a balance. Today's IT managers are in a real conundrum conundrum A problem with no satisfactory solution; a dilemma . They are not only juggling to balance employee's personal and professional needs, they must also ensure that the network is secure and bandwidth isn't comprised. Legislation such as Sarbanes-Oxley, Basel II Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The purpose of Basel II is to create an international standard that banking regulators can use when creating regulations and the Data Protection Act are applying considerable pressure to an organisation to comply and be more accountable in how they use and store data. For instance, misuse of the internet can expose organisations to legal liability when employees engage in illegal or inappropriate activities. Organisations not only need to protect their own intellectual capital, but they are also responsible for protecting their stakeholders' sensitive information. Taking a holistic approach holistic approach A term used in alternative health for a philosophical approach to health care, in which the entire Pt is evaluated and treated. See Alternative medicine, Holistic medicine. Given the value of digital information in this day and age, the need for robust company internet and usage policies are climbing high on the corporate agenda. Organisations clearly need to take back control and apply a multi-layered solution that addresses its security and productivity needs. Web filtering helps organisations manage the delicate balance between employees' personal internet needs while decreasing the risk of legal liability, maintaining adequate network bandwidth levels and increasing productivity. Unless an organisation can track and control which websites its employees have access to, it faces a losing battle. But in saying this, companies must also be cautious not to create the 'Big Brother' effect. Web filtering is all about complementing an organisation's overall security strategy. Companies need to take a more holistic approach to protecting their network rather than a complete lockdown Lockdown A specified period when an employee of a public company is barred from selling - and occasionally buying - their company's stock. Notes: These types of equity transaction restrictions can be imposed by securities regulators or underwriting firms if a company has . The ability to apply user-based policies so that only certain groups can access certain URLs is an important aspect of web filtering. Applications like instant messaging may be completely invalid for the marketing department but could be a viable communications tool for the customer services team. By limiting access to the appropriate user-group, organisations can ensure that applications are being used properly and with the correct permissions in place. Traditional approaches have put the onus on employees to recognise fraudulent activity and prevent a security breach. With increasingly developed scams this responsibility cannot rest with the employee. Business can no longer rely on Internet usage policy documents from HR. Web filtering enables IT managers to better control and automate their organisation's internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. , cutting the threat off at the source. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion