Printer Friendly

Security Notes.

Privacy on the Network: Your Rights and Responsibilities -UKERNA News

The Human Rights Act, which came into force in the whole of the UK in October 2000, states that individuals have a right to respect for their private life and correspondence. Unlike other rights, such as the right to life, this is not an absolute right and the Act recognises situations where other needs take priority. Other legislation, which also came into force in October, clarifies the extent to which users of networks such as JANET can expect their communications to remain unseen by others.

The Regulation of Investigatory Powers Act recognises that some actions which are essential to keep a network functioning may result in communications being seen by the network operator. For example e-mail would be much harder to use if there were no human postmasters helping mis-addressed messages to reach the proper destination. While doing this, post- masters inevitably see some of the content of the message. The Act makes dear that users of networks should expect such actions to take place routinely: there is no requirement on the network operator to give warning of the possible loss of privacy. Organisations, such as universities, which provide computer networks, may also examine activity on their own networks for some business purposes. However, before this can be done, all users must be informed that their communications may be monitored. The Lawful Business Practice regulations supporting the Act set out the purposes for which monitoring may be used. These include ensuring compliance with acceptable use policies and other organisational rules but, again, only if users have been informed of the rules in advance. Organisations should therefore ensure that their roles for use of the network, including the JANET Acceptable Use Policy, are clearly and widely advertised.

Users who wish to protect their communications from interception can, of course, use encryption. A number of strong encryption programs are now available which make the process relatively easy. The encryption provided with word processors and similar programs may be sufficient to discourage a casual snooper, but will not usually protect against a determined attacker. Using encryption will normally be a matter of personal choice, but for those dealing with personal data it may be essential. The 1998 Data Protection Act requires that `appropriate technical and organisational measures be taken to protect such information against misuse. As encryption becomes more common courts are likely to come to regard it as a necessary measure to ensure the confidentiality of personal information.

The government has indicated that its new legislation should not have a significant impact on normal operations. However it does mm what was previously best practice into a legal requirement.

Organisations must now ensure that staff involved in network operations are properly authorised; users must be made aware of the fact and purpose of network monitoring. Acceptable and unacceptable use of the network must be clearly defined. Each user should take note of these changes, consider their own need for privacy and take appropriate measures to obtain it.

References:

Human Rights Act 1998 http//www.legislation.hmso.gov. uk/acts/acts1998/19980042.htm

Regulation of Investigatory Powers Act 2000 http:www.legislation.hmso.gov:uk/acts/acts 2000/20000023.htm

Telecommunications (lawful Business Practice (Interception of Communications) Regulations 2000 http://www.legislation.hmso.gov.uk/si/si2000/20002699. htm

Data Protection Act 1998 http://www.legislation.hmso.gov.uk/acts/acts/1998/ 19980029.htm

The year 2000, crucial in the fight against IT viruses

JS.Kakworrn and FBS/LoveLetter wreaked havoc throughout the world

MADRID, 20 December 2000 Drastic problems call for drastic solutions. This phrase could sum up the year 2000 in the field of IT viruses, which will without a doubt, be remembered for the appearance of the devastating VBS/LoveLetter, alias I Love You. However, other malicious codes, which may not be as well known amongst the general public, have done just as much damage, amongst which JS.Kakworm, a worm created at the end of 1999, stands out. The danger of this program lies in the fact that it hides below the autosignature in the e-mail messages through which it is transmitted, instead of through an attached file as usually happens in these cases. Furthermore, amongst the New innovations for this year the appearance of Palm systems viruses must be mentioned and in general, the development of new propagation and camouflage methods which try to take advantage of any opening left by lack of information, lack of foresight or carelessness on the part of the user.

At the beginning of January, our main worry was the "Y2K effect", which caused a lot of distress to the Administration and IT departments in many companies, as well as worrying users. In the end, as a result of the labour of those involved, there was not really any reason to be alarmed, the year 2000 started without any commotion. At the beginning of March, the compressed version of W32/PrettyPark appeared, a high-risk worm which was about to become the spring star of IT viruses, until, two months later, VBS/LoveLetter infected around 3 million computers throughout the world. This infection resulted in worldwide losses of around 2,000 million dollars and a decrease in productivity valued at around 6,700 million dollars. The Spanish leader in IT security, Panda Software, reacted quickly releasing an antidote in less than a day, which was available to its users free of charge via the Internet.

First National Campaign

With the commotion caused by the virus LoveLetter still recent, from 17 to 31 July Panda Software launched, in cooperation with the Ministry of Science and Technology and several Interact associations, the 1st National IT and Virus Campaign, which was very successful in raising public awareness about this type of threat.

For this campaign, the Spanish multinational designed a specific solution called Panda Antivirus Lite, which users could download free from the Internet during this period. The result of this initiative was very encouraging, given that more than 350,000 viruses were disinfected, more than 400,000 downloads of this product were earned out and around half a million people visited the campaign web page. There were countless consultations and the interest shown by the public has given renewed hope to keeping IT viruses in line

Real and fictitious threats

As we mentioned earlier, maybe the most destructive virus of the year has been JS.Kakworm, which spread by hiding itself behind Java Script code in the autosignature of Microsoft Outlook Express, which meant that systems were infected without the message in which it was contained being opened.

Meanwhile, there were frustrated threats such as VBS/Timofonica, which attracted the attention of mobile telephone users who were about to receive a damaging message against the company Telefonica. This gave way to attacks on laptop and wireless machines, which emerged during the summer in the form of the appearance of Trojan/Palm. Liberty, the first virus for the Palm/OS operating system, exclusive to these computers.

Furthermore, Cybernet whipped up an IT storm during August which did not correspond to its real effect, as although it was programmed to act during these dates, not a single case of infection was reported. At the end of this year, we saw the typical spread of Christmas viruses which take advantage of the traditional exchange of greetings to spread through e-mail. Amongst these we can highlight Navidad and Music. The former, which has been spread fairly widely throughout the world (Spain, USA, Australia and China, amongst other countries), released a series of disconcerting warnings, whilst the second emits a famous Christmas song. Recently the virus W32/Hybris has gathered strength. This virus displays a message related to the well known fairy tale Snow White and the seven dwarfs. Whilst, FdhLove and MTX continue causing havoc with their incredible propagation and, stealth capacities. Whereas other older malicious codes continue infecting many computers, such as happens with Happy99, which at the time came out as a Christmas virus. Throughout the year 2000 the trend, revealed in the most rigorous studies in the IT security field, amongst which the Sixth ICSA Report, which placed e-mail as the main virus entry point into computers, has been confirmed.

www.pandasoftware.com

Love Bug Beaten to Number One Spot by Kakworm

A report published by Sophos Anti-Virus notes that the viruses with the most attention are not necessarily the most common. Love Bug, which made front-page news across the world in May 2000, was beaten to the number one spot in Sophos's annual top ten chart by Kakworm. Kakworm topped Sophos's virus top ten for the year accounting for 17% of all calls made to Sophos's help desk. The virus, which first appeared in January 2000, has never dropped out of the top three most common viruses in Sophos's monthly top tens. Microsoft issued a security patch against the exploit used by Kakworm in 1999, yet, despite repeated warnings from anti-virus firms, many users have not downloaded it. "Love Bug was a shooting star, lots of action and noise and fury for a relatively short time." said Graham Cluley, of Sophos Anti-Virus. "Meanwhile, Kakworm has crept stealthily to the top of the charts." The annual top ten also reveals that only 6% of the viruses circulating in the wild are script viruses, yet these account for over one third of all infections. One latecomer stormed into the top ten for the year. Navidad started to spread at the beginning of November yet managed to enter the chart at number 7 in just a few weeks. The virus masquerades as a Christmas card, playing on the seasonal lapse in caution,

www.sophos.com

VBS/Forgotten.A@mm, a new email worm

The amount of viruses that infect without the need for the user to open an attached file is increasing. The tendency that started in November 99 with Bubbleboy and was followed by Kakworm is now continued with VBS/Forgotten.A@mm. These three viruses reflect the growing complexity of computer viruses, which are evolving continually with the aim of infecting as many computers as possible.

VBS/Forgotten. A@mm furthermore, uses `social engineering' techniques in as much as it tricks the user into believing that the message is of a `serious' nature given that the message subject is `FINANCING".

Panda Antivirus neutralizes VBS/Forgotten. A@mm, as such, users are advised to update their antivirus to be protected from this and other growing threats to IT security posed by computer viruses, VBS/Forgotten. A@mm - alias-"WBS@.Pica. worm.gen--" is a new worm notable for the fact that no attached file needs to be opened in order for it to be activated. As its code is in HTML format, it is activated just on opening the e-mail in which it is contained.

VBS/Forgotten.A@mm is transmitted through Microsoft Outlook, to all contacts in the infected computer's address book in an e-mail message with the following characteristics: Subject: FINANCING Message Body: You need ActiveX enabled if you want to see this e-mail.<br>Please open this message again and click accept ActiveX Microsoft Outlook VBS/Forgotten.A@mm, about which there is more detailed information at: http://www.pandasoftware.com/ cncyclopcdia.asp?page=gusano/ VBSForgottcnA@mm _EN _1, is also spread through IRC channels - via the applications Mire and Pitch - which further increases its propagation potencial.

CarrierScan Server 2.0

This solution, which allows Internet companies to integrate Symantec anti-virus protection into existing Web-based applications, is being engineered to meet Interact companies requirement for scalability, and ease of integration.

CarrierScan Server 2.0 features a simple programming interface that allows Interact companies to couple anti-virus scanning with their existing Web applications. Using this feature, companies can integrate anti-virus scanning and repair capabilities into services such as Web-based e-mail, Web-based file sharing, Interact- available databases and other applications that deliver fries over the Interact. CarrierScan Server 2.0 can also provide tracking and billing capabilities to help Interact providers charge their customers for anti-virus services.

www.symantec.com

`Prolin" Worm Demands Users Move to Linux

Kaspersky Lab, has announce the discovery of a new Internet-worm, "Prolin," that has been developed by an unknown hacker going by the pseudonym of "The Penguin.' To date, Kaspersky Lab has received many reports of infections by this worm from Poland. The "Prolin" worm is capable of operating on Windows 2000. For normal operating, under other versions of the operating system (Windows 95/98, Windows NT), the worm requires the Visual Basic 6.0 run-time library MSVBVM60.DLL, which is not included in the package by default. "Prolin" spreads using e-mail messages masquerading as a great Shockwave Flash movie. In order to initiate the e-mail spreading routine, the worm gains access to the MS Outlook address book, reads found e-mail addresses, and sends the following message to the addresses: [see http://www.avp.ru/news.

asp?tnews=O&nview=1&id=140&page=0] The worm itself is hidden as a CREATIVE.EXE file attached to the message. After the infected attachment is nm, "Prolin" places its copies to the disk C:\ directory and to the Windows start up folder. Because of a bug, the worm fails to plant itself into systems that have the Windows operating system installed in folders other than/WINDOWS. The worm then sends out a notification to an e-mail address within the Yahoo domain: [see http://www.avp.ru/news.

asp?tnews=O&nview=1&id=140&page=0] After this, "Prolin" initiates the main payload routine that searches a local hard drive for files with ZIP, MP3 and JPG extensions, and moves them to the C:\ directory adding to their names the following string: "change at least now to LINUX."

Kaspersky Lab estimates the threat of this worm as medium, since it does not make any irreversible changes that can affect a system's normal operation. However, they recommend users not tempt fate, and under no circumstances, run the attached file CREATIVE.EXE. This is because in some cases (duplicate file names in different directories, insufficient hard disk space, exceeding the number of allowed files in the C:\directory) the worm is able to completely destroy the damaged files, Kaspersky Lab has released a special cure that allows for fast and effective restoring of the files that have been damaged. The cure is available free of charge on

www.kaspersky.com

The technical details on the `Prolin' worm are available at Kaspersky's Virus Encyclopedia at www.viruslist.com.

Top Ten Viruses Reported To Sophos in December 2000

For December 2000, the chart is as follows, with the most frequently occurring virus at number one:

1. 18.3% W32/Apology-B

2. 16.1% W32/Prolin

3. 8.7% W32/Hybris-B

4. 7.6% W32/Navidad 5.

5. 5.3% VBS/Kakworin

6. 4.0% W32/Verona-B

7. 3.0% Troj/JetHome

8. 2.5% VBS/Lovelet-AS

9= 1.9% W32/Bymer-A

9= 1.9% W32/Hybris-C

Unipalm Launches Brand New Managed Services Initiative

Unipalm, in conjunction with a number of specially selected partners, can offer fully Managed Firewall services to the channel. Through various options, resellers can offer clients a firewall solution remotely managed by security experts.

With the Managed services sector set to grow it 100% in 2001 (according to IDC), Unipalm has put together a number of solutions to let it's customers take advantage of this big opportunity. These solutions will reduce the cost of in-house resources for the end-user, as the firewall is monitored 24 hours per day by a Unipalm partner company.

www.unipalm.co.uk

Security Products

Security Manager

The NetIQ Security Manager product lets organisations create threat perimeters intended to provide an early-warning system for corporate and e-business security organisations. It is powered by NetIQ's Operations Manager product, which Microsoft recently announced it will license for managing the Microsoft Windows 2000 operating system and Microsoft NET Enterprise Servers.

Security Manager presents, a security solution that provides users with real-time threat management, automated incident response, auditing and reporting, security event log consolidation, and the scalability required to meet the security service levels demanded by enterprises and e-business today. Security personnel can prevent security breaches through early warning perimeter alerting and automation, before key assets are at risk.

Additional features of Security Manager include:

* Detection of new servers as they are added and automated set-up of standard security settings, as well as the dynamic monitoring and updates of the server security configuration to ensure complete and continuous protection.

* `SecureBase' - an extensive out-of-the-box security knowledge base that provides security best practices expressed in terms of scripts, rules and English language descriptions for the most demanding security issues. SecureBase can be added to and customised by users, and "learns" as IT personnel deal with new security threats.

* Automated, proactive summary detail and trend reporting. Security breaches and threats can be analysed and audited, for future early warning and prevention.

* Security updates via easy downloading of the latest Security ActiveKnowledge Module from the NetIQ Web site. Installation of this module requires only a single import procedure that, in mm, causes the product to automatically distribute the updated module to all servers and workstations being managed by Security Manager.

www.netiq.com

TS-RAS

Topsoft, provider of token based computer security solutions, have launched TS-RAS, the latest product in its suite of encryption solutions. TS-RAS is a point to point software encryption product requiring no additional hardware devices that provides organisations with an alternative to a Virtual Private Network (VPN), without compromising its level of security. In a process transparent to the user, TS-RAS automatically encrypts and decrypts all transmitted and received data. Through the use of Triple DES (Data Encryption Standard) encryption keys, TS-RAS's cryptography is resistant to "brute force" key search attacks, which extract user name and password combinations. In addition TS-RAS generates new keys on every transmission, these are created from the secret personal key, stored on the Topsoft token of the user initiating the transmission. TS-RAS's modular design will also enable alternative algorithms and key lengths to be used.

www.topsoft.co.uk

Entegrity Assure Access

Based on open standards and implemented in Java, Entegrity AssureAccess enables businesses to tailor fine-grained application access to real-world business needs by defining dynamic policies for the four required access management components - authentication, authorisation, audit and administration. One example of Entegrity AssureAccess in business use is in the healthcare industry where Entegrity helps speed implementation and efficiency of large-scale policy-based access to protected resources and confidential records.

www.entegray.com

Anti-Vvirus Solution for Lotus Notes/Domino

Kaspersky Lab, have announced the beta-version release of its flagship anti-virus product, KasperskyT Anti-Virus (AVP), for Lotus Notes/Domino e-mail gateways running on the Linux or Windows NT operating system.

It is designed to provide enterprise-wide networks with virus protection for incoming and outgoing external and internal e-mail traffic. After installation on the gateway, the program enables real-time, centralised anti-virus filtering and disinfection of e-mail messages from all types of computer malware; `i. c., before an infected message reaches the recipient on a client computer."

It controls all the elements of an e-mail message: the message body;' attached files (including archived and compressed files); and other messages of any nesting level are automatically checked for viruses. In this way, the program detects viruses in any part of a message, leaving viruses no chance of entering a network.

in case a virus is detected, Kaapersky AV prevents the message from being delivered to a recipient, and sends out notifications about the incident to both the sender and recipient. The program's flexible configuration allows for deletion, blocking, quarantining or curing of malware so that the recipient within a network receives only cleansed messages. In addition, even if a virus has penetrated a workstation from another source other than e-mail, Kaspersky AV stops the virus from spreading by means of e-mail, notifying the network engineer about the incident. Kaspersky AV also supports centralised deployment and remote control, using the standard Lotus Notes/Domino built-in features.

www.kaspersky.com

Pay For ASP Services As You Do Gas Or Electricity

A new product has been developed to help kick-start the predicted $22.7 billion growth in the Application Service Provider (ASP) market. The product, from Emerald Lizard, has it is claimed, solved the puzzle of how to accurately measure and charge for applications delivered over Internet or telecoms links by ASPS. It means utility-style usage based billing for ASP services. When the idea was first introduced a couple of years ago, experts predicted that ASP application delivery was the future. Businesses could save money by paying only for the volume of applications they used, scaling-up when they were busy and down if there was less to be done. Start-ups wouldn't be crippled by huge up front software bills. Costly upgrades and maintenance could be left to the ASPS.

www.emeraldlizard.com
COPYRIGHT 2001 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2001, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Database and Network Journal
Article Type:Editorial
Date:Feb 1, 2001
Words:3484
Previous Article:Market Data.
Next Article:Database and Network Journal Editorial Features 2000.


Related Articles
Salmon editorial needed space to travel.
An opinion writing textbook.
Set editorial priorities with agenda.
NYT vs. WSJ - Editorial face-off on Bill Clinton.
Not Nearly E-Ready.
Institutional Trading Technology focuses on information and trading systems.
Editorials: Pungent, profound, and path breaking; A book offers practical pointers about how the best in journalism transmit ideas and opinion.
Cartoonists say: ready, set, draw. (Convention Panels).
How to run a Texas-sized regional.
FCC rules are gone. Now what? (Features).

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters