Security Threats Under Attack

Security Threats Under Attack

There are two ‘givens’ in IT — security will constantly need to be updated and the world will never have enough storage.

Security, in particular, has been in the spotlight this year with blended threats on the rise, an epidemic of phishing and identity theft, and record virus and hacker activity in the first six months.

That has put added pressure on developers, vendors and resellers to ensure that the product they are providing to customers is up to standard.

Organisations need to protect the fort with an holistic security approach; in particular, a focus on intelligent networks and deploying security policies is essential given the shift in the malicious threat propagation.

And while most of the recent threats were spread through email, there are now more threats that are exploiting vulnerabilities, according to industry watchers. As such, users need to be diligent in patching systems, updating virus definitions and implementing best practice solutions.

They also are looking to the channel to take a greater responsibility across the board — from enterprise to consumer level — to ensure the solutions they provide are secure from day one.

It is not an easy task given the intricacies and rapid evolution of both the networks that need to be protected and the threats that they face.

Late last year, 3Com announced a strategy to deliver integrative secure networks for its small, medium and large enterprise customers by overlaying key security technologies into hardware, software and operational components that defined the network. Previously, security had been a segregated, band-aid approach with no common, unifying management system resulting in networks being exposed to vulnerabilities at random points throughout their infrastructure.

3Com’s security overlays are being developed both inhouse and in partnership with security vendors and includes Layer 2-7 firewall, virtual private network (VPN), authentication, authorisation, intrusion detection system and intrusion prevention systems (IPS), antivirus, security management and policy.

One of the key areas tackled by the strategy is that of identification and authentication. Whereas once the primary concern was to protect the data on a network, today the emphasis is on making sure you know who is using the network. Not only must users be able to protect their own identity to prevent wrongful access to their system, data or financial records, businesses must also be able to protect the identity of the customers who access their networks and ensure they can securely manage the identity of the staff members who have access.

While it’s important to ensure the wrong person does not get in from outside, it also is essential to protect against the threat from within.

Tivoli security executive for IBM Asia-Pacific, Con Yianakos, said one disgruntled secretary with a personal vendetta or an intern stumbling across a confidential document was all it took to undermine all the work done to secure the network from the outside only.

He said access and identity management systems were a key opportunity for resellers to help customers deal with this problem.

RSA security regional vice-president, Sebastian Moore, agreed.

He said most of today’s security threats were a symptom of poor identity management and organisations should focus on better managing the identities of users accessing their network and controlling what they had access to.

“In the past, you established trust in a person by identifying them with a handshake,” he said. “You always knew who you were dealing with and that they could only access what you gave them access to. When conducting business in online work, you obviously can’t shake hands with your users, and access to applications is more complex than ‘let them in, or not’.”

But Moore acknowledged the pressure on the channel.

He said there were two types of channel partner nowadays: those who were dedicated security specialists and those who found that they had to provide security as part of their overall offering.

A lot were moving into the services area and it was a challenge for them to build up the depth of skill required, he said.

Netgear Asia-Pacific managing director, Ian McLean, said businesses want resellers to think long term and provide them with scalable security solutions that could expand with their networks and allow for the integration of emerging standards.

These solutions must be user-friendly — people wanted to know that their resources were being protected without them really having to think about it, he said.

“The challenge for the channel lies in meeting these expectations, and often in educating customers as to which security measures realistically need to be deployed or enabled in order to protect mission critical resources,” McLean said.

The amount an enterprise was willing to spend, depended on how vulnerable it perceived it was, according to Vectra Corporations director of information security, Jo Stewart-Rattray.

“If their network looks inward and is only accessed internally, they are going to spend less than if they have a Web- facing network,” she said.

It’s the latter area where spending is on the rise, according to Stewart-Rattray.

She said demand from large organisations ordering vulnerability analyses to ensure Web-facing applications were not the weak link in their corporate armour had soared during the past 12 months.

At the other end of the market, small businesses, SOHO and home consumers are also becoming more aware they need more than just antivirus software nowadays, particularly if they have a broadband Internet connection and a LAN or wireless LAN.

However, while awareness is improving, these sectors still lag well behind the enterprise market in terms of education and even taking basic precautions.

The majority of home, SOHO and very small businesses still have dial-up Internet connections, are unsophisticated computer users with little knowledge of either the need for or how to patch their operating systems.

But, at the same time, they constitute one of the greatest threats to corporate, financial and government networks because of vulnerability to phishing, identity theft, and having their system taken over and used to launch distributed denial of services attacks.

In most cases, they have purchased off-the-shelf systems that have unpatched and vulnerable operating systems with the automatic update system turned off by default. While many have antivirus software, it is neither installed nor activated at the time of purchase and the consumer is unaware they are not protected. There is a growing groundswell of opinion that resellers should bear the responsibility of ensuring that systems are secure before they are allowed out of the shop.

During his recent visit to Sydney, Microsoft chief software architect, Bill Gates, recognised the problem of unpatched systems and announced that future versions of Windows would arrive with Windows Update turned on by default.

Meanwhile, resellers continue to sell vulnerable systems.

Ian Mackay, managing director of Trend Micro distributor, Manaccom, is one of a growing number of distributors who thinks the writing is on the wall for resellers of unpatched systems.

“It is only a matter of time before the Australian Competition and Consumer Commission rules that an unpatched PC is not of merchantable quality,” Mackay said. “You cannot expect the average small operator who is still using a dial-up connection to download 50-60MB of patches to update an off-the-shelf system.

“Half of them wouldn’t know they were supposed to do it anyway and they expect that because they have bought a system that is bundled with antivirus and a firewall that it has already been installed and activated when, in fact, the software is sitting on their hard drive waiting to be installed and set up.”

If authorities do decide an unpatched PC is unmerchantable it will put the onus on resellers to ensure they are selling a system that is up-to-date at the time it leaves their hands and that it has been set up to automatically update itself from then on.

“The end-user needs to be fully informed about how the updates work and the terms of their software licence. An effective reseller also will talk to them about the basics of a good security policy and then get the customer to sign off that their system has been updated before they take delivery.”

Senior security consultant with CA Australia, Daniel Zatz, said most home users and small businesses did not fully understand the risks associated with being online and relied heavily on channel partners to provide advice as well as solutions.

He said resellers should perform some sort of vulnerability management service for customers.

“They don’t want to have to worry about whether their machines are vulnerable or patched,” Zatz said. “They just want to do what earns them money.”

He said one of the easiest ways (in theory at least) to implement an intelligent network for a small business was to have a Common Base Operating Environment (Base COE) where all the machines were using the same operating system and service pack level.

“Have them all running the same version of productivity applications such as Microsoft Office and Internet Explorer [or whatever browser you choose to use],” he said.

“Most of the vulnerabilities will lie with the Base COE so having this common foundation makes it easier to assess the impact that a vulnerability will have on the network infrastructure.

“Again this is where the expertise of the resellers can add incredible value to their customers because they can determine the Base COE for the customer and then allow them the freedom to add business specific applications to each of the workstations as necessary.”

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Brand Post

Show Comments