RealTime IT News

Rounding the Corners of Network Security

As the Black Hat conference descends upon Las Vegas this week, internetnews.com presents a series of articles addressing security issues past and present.

You might just call it the Windows factor. The more widespread the technology, the higher-value target it becomes to crackers, hackers and attackers.

But network and personal computing safety go beyond the operating system you're running. Even Linux and Macs have seen their share of security issues. Maybe your databases aren't up to code in order to thwart a SQL injection attack that could bypass your firewall.

Maybe the folks using free IM clients are not aware that they just got a message with a link containing malicious code. Do they know not to click on it? And how about the proliferating endpoints hitting the network beyond the laptops?

The issues will always be with us in the wooly Web as long as there are folks bent on breaking into your system or who happen to think it's worth getting the digital equivalent of peeking over your e-mail.

With all the concerns swirling around IT staffs each day, herewith, in no certain order, are a few of the top trends in network and computing security.

Endpoint Security: Can We Just Agree?

It's important, yes. But are you using it in the same way as your colleagues? Research suggests otherwise.

As internetnews.com has reported, firms such as IDC define endpoint security as centrally managed client security and liken it to a 21st century digitized watchdog protecting users.

Ask the folks at Check Point, and they'll likely tell you "endpoint security" means centrally managed personal firewall-based security.

One thing they do agree upon: Enterprises need to be a lot more picky about their network access protocols and figuring out just who those endpoints are.

But that's not all. Research firm IDC's January survey of enterprise security issues noted that intellectual property siphoning and corporate espionage, as well as attempts to steal personal and company information, are increasingly hitting on business networks.

Phishing begets spear-phishing

While phishing attacks are still a growth industry, spear-phishing attacks are the breakout trend, according to IDC's survey of enterprise security.

Spear-phishing means just what it suggests: a targeted approach to fool a specific end-user into turning over sensitive data that could enable the identity theft.

"Trusted employees deliberately or inadvertently distributing sensitive information are quickly becoming a major concern in many organizations," IDC said, dubbing the concern outbound content compliance (OCC).

Makers of smartcards and two-factor authentication tokens are selling their wares with a pitch that they can cut that problem down.

Even the Security Center features in Microsoft's next Windows Vista release are rounding up security needs.

For example, with one click, end users can check security status across all levels of the operating system and applications -- from Outlook to the IE browser.

Smartcards are also moving into more widespread use in order to make sure the endpoints are who they say they are.

Neal Creighton, CEO of GeoTrust, said recent industry mandates and government regulations, such as Sarbanes-Oxley data retention rules, are driving more organizations to begin deploying smartcards and tokens, as well as adding new audit features to keep track of who has access to what.

But for now, ask folks such as Kelly Dowell, executive director of CUISPA, the Credit Union Information Security Professionals Association, and John Brozycki, CISSP, Hudson Valley Federal Credit Union whether spear-phishing attacks are mere hype. Their staff were targeted by select phishing scams.

The banking executives brought on security firm Cyveillance to help track down the attacks and even take down phony Web sites that were just waiting for the bamboozled banking executives to turn over their information.

Old UTMs still around

On the network level, we're seeing enterprises take a closer look at Unified Threat Management (UMT) appliances that deliver firewall, intrusion detection, packet sniffing and policy enforcement among endpoints gain traction in the marketplace.

Phishing Begets Vishing

Sure, plenty of techies know what phishing's  all about. It's not a proud moment to have to admit you've been bamboozled into turning sensitive data such as bank account info over to people pretending to ask you for that information in an e-mail.

But as internetnews.com reported recently, now scammers are using technology for a new kind kind of scam.

"Vishing" uses Voice over Internet Protocol (VoIP) phones, rather than a sneaky Web site, to steal your information.

So how to combat vishing? As with many security issues, education is the first line of defense. But experts say more stringent measures for VoIP account activation could help.

Then there's the perimeter stuff

They were big in the 1990s. Now, they're back and, some experts in the field say they're better than ever. Research firms such as IDC say Unified Threat Management appliances, or UTMs, are still a big trend after a strong 2005.

At the same time, all the major security vendors (hardware and software -- Symantec, Cisco, Microsoft, Checkpoint and Juniper, to name a few), are gearing up with similar forms of UTMs, except these are called Network Access Control systems.

The industry may have standards issues to work out with NAC, but UTMs will keep their pace, analysts say.

Gartner's take helps explain why.

The IT research outfit said deep packet inspection intrusion prevention system (IPS) technologies and network stateful firewall technologies are the next big thing in firewalls and will be delivered in the Next Generation Firewalls (NGFW).

The companies getting out in front of the trend are the ones that have network-level firewall capabilities and deep packet inspection in an integrated product and are continuously providing new features to answer new threats.

Image-based spam?

It's on the rise, according to IronPort, an anti-spam service provider.

The vendor said image-based spam represented 12 percent of all spam as of June 2006. Other firms, as we've reported, say it's even higher: Ciphertrust pegs it as 15 percent of all spam.

Researchers tell internetnews.com that, thanks to the development and release of underground software, spammers have a powerful new way to bypass plenty of spam filters because the software makes each spam look unique and difficult for filters to spot.

What to do then?

For starters, make sure your computer doesn't become a zombie. IronPort said as more computers are infected with code that makes them an unwitting spam sender, image spam rises, too.

According to IronPort, more than 80 percent of all spam is sent with a zombie computer.

Did we mention browser safety?

Then there's the browser mess. And July was dubbed the month of browser bugs, according to H.D. Moore, the co-author of the Metasploit Framework, an open source licensed platform for both the development and testing of exploit code, so look out, Loretta.

As internetnews.com reported, hardly a week goes by without another browser vulnerability being reported.

Moore said he'd release a new vulnerability every day in July to draw attention to so many unpatched browser security flaws.

And he's not reserving his aim at just Microsoft's IE browser, legendary for its security problems. He's pointing the finger at Mozilla Firefox and Apple Safari, too, though Firefox just just fixed a bunch of vulnerabilities with a bevy of patches.

As for IE, Microsoft has promised a bunch of new advanced security features in IE7, which is now in advanced beta testing and in wide use at that.

For example, IE7 builds on limits to running ActiveX  unhindered in a browser.

This keeps the browser-scripting feature from being exploited to deposit malware on computers when a Web surfer hits a site lying in wait with malicious code to deposit.

Microsoft is also working with security and registrar VeriSign's high-level certificate authority so that if an IE7 user hits a site that's already been tagged for sneaky behavior or loaded up with malicious code, a bar in the browser lights up with a red light.

If the site's got cred, green is the color that shows up.

After all, even the little "lock" that appears in the lower-right corner of a browser can be easily spoofed, leaving the user to think they're in an SSL  encrypted mode, but are actually not.

It's VeriSign's certificate that lights up green in the URL field, but it actually is the work of a network of security providers sharing information on the validity of the Web sites.