Rounding the Corners of Network Security

As the Black Hat conference descends upon Las Vegas this week, presents a series of articles addressing security issues past and present.

You might just call it the Windows factor. The more widespread the
technology, the higher-value target it becomes to crackers, hackers and

But network and personal computing safety go beyond the operating
system you’re running. Even Linux and Macs have seen their share of security
issues. Maybe your databases aren’t up to code in order to thwart a SQL
injection attack that could bypass your firewall.

Maybe the folks using free IM clients are not aware that they just got a
message with a link containing malicious code. Do they know not to click on
it? And how about the proliferating endpoints hitting the network beyond
the laptops?

The issues will always be with us in the wooly Web as long as there are
folks bent on breaking into your system or who happen to think it’s worth
getting the digital equivalent of peeking over your e-mail.

With all the concerns swirling around IT staffs each day, herewith, in no
certain order, are a few of the top trends in network and computing security.

Endpoint Security: Can We Just Agree?

It’s important, yes. But are you using it in the same way as your
colleagues? Research suggests otherwise.

As has reported, firms such as IDC define
endpoint security as centrally managed client security and liken it to a
21st century digitized watchdog protecting users.

Ask the folks at Check
Point, and they’ll likely tell you “endpoint security” means centrally
managed personal firewall-based security.

One thing they do agree upon: Enterprises need to be a lot more picky
about their network access protocols and figuring out just who those
endpoints are.

But that’s not all. Research firm IDC’s January survey of enterprise
security issues noted that intellectual property siphoning and corporate
espionage, as well as attempts to steal personal and company information,
are increasingly hitting on business networks.

Phishing begets spear-phishing

While phishing attacks are still a growth industry, spear-phishing attacks
are the breakout trend, according to IDC’s survey of enterprise security.

Spear-phishing means just what it suggests: a targeted approach to fool a specific
end-user into turning over sensitive data that could enable the identity

“Trusted employees deliberately or inadvertently distributing sensitive
information are quickly becoming a major concern in many organizations,” IDC
said, dubbing the concern outbound content compliance (OCC).

Makers of smartcards and two-factor authentication tokens are selling
their wares with a pitch that they can cut that problem down.

Even the Security Center features in Microsoft’s next Windows Vista
release are rounding up security needs.

For example, with one click, end
users can check security status across all levels of the operating system
and applications — from Outlook to the IE browser.

Smartcards are also moving into more widespread use in order to make
sure the endpoints are who they say they are.

Neal Creighton, CEO of GeoTrust, said recent industry mandates and
government regulations, such as Sarbanes-Oxley data retention rules, are
driving more organizations to begin deploying smartcards and tokens, as
well as adding new audit features to keep track of who has access to what.

But for now, ask folks such as Kelly Dowell, executive director of CUISPA,
the Credit Union Information Security Professionals Association, and John
Brozycki, CISSP, Hudson Valley Federal Credit Union whether spear-phishing
attacks are mere hype. Their staff were targeted by select phishing scams.

The banking executives brought on security firm Cyveillance to help track
down the attacks and even take down phony Web sites that were just waiting
for the bamboozled banking executives to turn over their information.

Old UTMs still around

On the network level, we’re seeing enterprises take a closer look at
Unified Threat Management (UMT) appliances that deliver firewall, intrusion
detection, packet sniffing and policy enforcement among endpoints gain
traction in the marketplace.

Phishing Begets Vishing

Sure, plenty of techies know what phishing’s  all
about. It’s not a proud moment to have to admit you’ve been bamboozled into
turning sensitive data such as bank account info over to people pretending
to ask you for that information in an e-mail.

But as reported recently, now scammers are using
technology for a new kind kind of scam.

Vishing” uses Voice over Internet Protocol (VoIP) phones, rather than a sneaky Web site, to steal your information.

So how to combat vishing? As with many security issues, education is the
first line of defense. But experts say more stringent measures for VoIP
account activation could help.

Then there’s the perimeter stuff

They were big in the 1990s. Now, they’re back and, some experts in the
field say they’re better than ever. Research firms such as IDC say Unified
Threat Management appliances, or UTMs, are still a big trend after a strong

At the same time, all the major security vendors (hardware and
software — Symantec, Cisco, Microsoft, Checkpoint and Juniper, to name a
few), are gearing up with similar forms of UTMs, except these are called Network Access Control systems.

The industry may have standards issues to work out with NAC, but UTMs will keep their pace, analysts

Gartner’s take helps explain why.

The IT research outfit said deep packet
inspection intrusion prevention system (IPS) technologies and network
stateful firewall technologies are the next big thing in firewalls and will
be delivered in the Next Generation Firewalls (NGFW).

The companies getting
out in front of the trend are the ones that have network-level firewall
capabilities and deep packet inspection in an integrated product and are
continuously providing new features to answer new threats.

Image-based spam?

It’s on the rise,
according to IronPort, an anti-spam service provider.

The vendor said
image-based spam represented 12 percent of all spam as of June 2006. Other
firms, as we’ve reported, say it’s even higher: Ciphertrust pegs it as 15
percent of all spam.

Researchers tell that, thanks to
the development and release of underground software, spammers have a
powerful new way to bypass plenty of spam filters because the software makes
each spam look unique and difficult for filters to spot.

What to do then?

For starters, make sure your computer doesn’t become a zombie. IronPort
said as more computers are infected with code that makes them an unwitting
spam sender, image spam rises, too.

According to IronPort, more than 80
percent of all spam is sent with a zombie computer.

Did we mention browser safety?

Then there’s the browser mess. And July was dubbed the month of
browser bugs, according to H.D. Moore, the co-author of the Metasploit Framework, an open source licensed platform for both the development and testing of exploit code, so look out, Loretta.

As reported, hardly a week
goes by without another browser vulnerability being reported.

Moore said he’d release a new vulnerability every day in July to draw attention to so many unpatched browser security flaws.

And he’s not reserving his aim at just Microsoft’s IE browser, legendary
for its security problems. He’s pointing the finger at Mozilla Firefox and
Apple Safari, too, though Firefox just just fixed a
bunch of vulnerabilities with a bevy of patches.

As for IE, Microsoft has promised a bunch of new advanced security
features in IE7, which is now in advanced beta
testing and in wide use at that.

For example, IE7
builds on limits to running ActiveX  unhindered in a

This keeps the browser-scripting feature from being exploited to
deposit malware on computers when a Web surfer hits a site lying in wait
with malicious code to deposit.

Microsoft is also working with security and registrar VeriSign’s
high-level certificate authority so that if an IE7 user hits a site that’s
already been tagged for sneaky behavior or loaded up with malicious code, a
bar in the browser lights up with a red light.

If the site’s got cred, green
is the color that shows up.

After all, even the little “lock” that appears in the lower-right corner
of a browser can be easily spoofed, leaving the user to think they’re in an
SSL  encrypted mode, but are actually not.

It’s VeriSign’s
certificate that lights up green in the URL field, but it actually is the
work of a network of security providers sharing information on the validity
of the Web sites.

News Around the Web