Mobile code - there is nowhere to hide. (Viewpoint).Network security is a common enough phrase, regularly bandied about and we all know how important it is to protect our networks. The rise in the number of nasty computer viruses, worms and hack-attacks has made us more aware of how damaging and frustrating frus·trate tr.v. frus·trat·ed, frus·trat·ing, frus·trates 1. a. To prevent from accomplishing a purpose or fulfilling a desire; thwart: they can be to a company but how many of us have done anything to protect ourselves against the increasing number of threats out there? Not many. Certainly, we may have virus checkers on our company systems and most of us will probably have installed some sort of corporate or personal firewall. Some companies may even have enhanced their firewalls with content checkers checkers, game for two players, known in England as draughts. It is played on a square board, divided into 64 alternately colored—usually red and black or white and black—square spaces, identical with a chessboard. or web filtering Blocking access to unwanted Internet content. Businesses can block content based on traffic type. For example, Web access might be allowed, but file transfers may not. Content can also be blocked by site, using lists of URLs cataloged by content that are updated frequently. services and, in some cases, may have installed an Intrusion Detection System This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. . Having done all this, you would think you are safe. In reality, it isn't enough. The world of hacking is evolving, becoming ever more complex and the tools which businesses are using to protect themselves, are proving to be outdated and ineffective. Hacking can compromise corporate confidentiality, waste valuable human and technical resources and threaten business continuity. This is the real threat which companies should be concerned about. As more people use the Internet, it is becoming cluttered with `open doors' which allow hackers to infiltrate infiltrate /in·fil·trate/ (in-fil´trat) 1. to penetrate the interstices of a tissue or substance. 2. the material or solution so deposited. in·fil·trate v. 1. a system. The imminent rise of "always on" broadband technology broadband technology Telecommunications devices, lines, or technologies that allow communication over a wide band of frequencies, and especially over a range of frequencies divided into multiple independent channels for the simultaneous transmission of different signals. and the integration of devices such as palm pilots and WAP phones has had a huge influence on the way in which hackers hide the code they write. Additionally, the evolution of the Interact, and its capabilities, means that this type of code is readily available to anyone who knows how to look for it. Hackers have traditionally used email as an obvious route into a company but the real, worrying development in the hacker community -- Mobile Code -- has moved away from email to web browsers The following is a list of web browsers. Historical Historically important browsers In order of release:
Mobile Code uses traditional web browsers as a means of hacking into a system by hiding subversive or malicious code in a website. For example, when you visit a web page containing this hidden code, you inadvertently download the code and let the hacker into your network. This can be very damaging as you would not normally be aware of the hack-attack. If your computer is connected to a network, once the attacker gets into your machine, they can access any information on the entire system. They could be able to access individual users' passwords, company financial and confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead , email address See Internet address. books, file servers, directories and anything else which is stored on the company network. More worrying is the fact that Mobile Code and instructions on how to implement it are freely available on the Internet and very much in the public domain. This blows away the traditional perception of hackers being computer geeks Computer Geeks is an Internet discount retailer of computer hardware, peripherals and consumer electronics to businesses, resellers and consumers. Computer Geeks focuses on purchasing manufacturers' excess inventories, closeouts and out-of-date products which allows the company to sitting in darkened dark·en v. dark·ened, dark·en·ing, dark·ens v.tr. 1. a. To make dark or darker. b. To give a darker hue to. 2. To fill with sadness; make gloomy. 3. rooms, intent on causing as much malicious damage as possible. Anyone with access to the Internet can quickly and easily download dangerous hacking tools and, at the click of a button, tap into systems and retrieve confidential company information. It is these people -- the general public -- who are more dangerous to companies than traditional hackers. Today's serious hackers actually tend to have morals and although they will hack into a system, they rarely intend to cause damage. How then do we protect against the increasingly real threat of the general public? Basic security precautions, which I mentioned earlier such as firewalls and AV software are still necessary as they will filter out some of the threats. Intrusion detection See IDS and IPS. is good but by the time it has detected the threat, it could already be too late. What companies need to look at is a complementary intrusion and abuse prevention solution. You need to know that your security software will prevent threats actually getting in, rather than simply detecting its presence once it has forced its way through and is causing damage. We, at Cryptic Software, have developed a solution which does exactly this. In addition to taking a holistic approach holistic approach A term used in alternative health for a philosophical approach to health care, in which the entire Pt is evaluated and treated. See Alternative medicine, Holistic medicine. to detection, our technique of taking a fingerprint of each threat allows us to detect them should they vary from the original. This type of solution is the only way to truly protect yourself against the rising threat of the unseen hacker. Hackers are far cleverer than we give them credit for and they are advancing far faster than the vendors which means the Internet community is always on the back foot. Remember, a healthy dose of paranoia can be a very positive thing and no matter how secure you think you arc, there is always a chance that they can get in somehow. This article has been written as part of a series of articles for Infosecurity Europe -- the IT security event in Europe, porn 23rd-25th April 2002, The Grand Hall, Olympia London. Dave Duke Cryptic Software |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion