Tools & Technologies To Help You Ward Off The Latest Security Threats

October 24, 2008 • Vol.30 Issue 43

Press here to view original article.

Network security in the SME is not broken, but there are cracks in the vase: Remote workers visit your HQ for the day and unwittingly install malware from their laptop, or by exploiting one minor security patch for a Wi-Fi router, a hacker manages to break into a server and steal company documents. Often, by the sheer complexity of IT and the growing trends in consolidation and virtualization, storage and server utilization, and new efforts in cloud-based computing, it’s almost impossible to stay ahead of the curve. And when the curve is constantly devising new tactics, IT managers pay the price.

“One primary problem that SMEs seem to be dealing with is the introduction of malware through trusted channels,” says James Quin, an analyst at Info-Tech. “Whether it be the introduction of malware via a trusted partner or by a traveling laptop on its return to the network, the issue in both circumstances is that because of the way the user connects to the network, he or she bypasses many of the in-place protection mechanisms that these organizations have.”

“SMEs generally have a minimal IT staff—they generally outsource their Web presence to a third-party consultant, who dutifully crafts a Web page for them, collects their money, and then goes on their way,” says Paul Ferguson, an advanced threats researcher at Trend Micro (www.trendmicro.com). “This is where the problem lies with unattended Web platforms, which do not receive the proper, ongoing care and feeding they deserve and require. If these Web platforms do not get constant attention when security vulnerabilities are found (e.g. in the operating system and Web software), criminals will compromise them.”

 Attacking The Problem

In the battle for network security, a first step might be to admit that the war will never really be won. Hackers and criminals will always devise new attacks, so the best policy is to keep reinventing the policies and procedures. Resting on one security plan and trusting it will succeed will surely lead to identity theft, malware infections, and virus contaminations.

“The biggest problem here is obviously not updating the operating system and third-party software when security updates are available and the lack of updated security software, which leaves the PCs open to exploits,” says Ferguson. “The other major issue is the human sitting behind the keyboard. Computer users need to be much more suspicious and not so eager to open that email attachment or click on that link. A little common sense goes a long way here.”

Ferguson says the most recent form of attack is social engineering tricks that are hard to predict and scan on a network. For example, new “clickjacking” techniques—which have recently spread into PDF documents and Flash files—con users into clicking a link that looks legitimate but actually leads to a site that dispenses spyware and bots that can scan networks for vulnerabilities.

“Traditional perimeter security [solutions] such as firewalls or antivirus are less effective as work boundaries disappear, and these solutions tend to only look for open ports or known viruses—missing most Web-based threats,” adds Willy Leichter, director of product marketing at Websense (www.websense.com).

Info-Tech’s Quin says the most advanced method today for blocking network attacks is network access control, or NAC—typically an appliance that goes well beyond simple security scans. NAC is role-based, meaning it is a technology that can adjust to the changing landscape of network security.

“NAC is a great tool to protect the enterprise from external threats that bypass the enterprise gateway, but internal threats are as problematic as external threats or even more so,” says Quin. “While a number of new tool types—such as data leakage protection, or DLP—are available, probably the most valuable tool that SMEs can be investing in is a log aggregation and presentation type tool. These products can pull all the information that businesses are already collecting in system logs and correlate them to present a clearer and more concise view of what is happening across the network.”

 The Web 2.0 Threat

Another new frontal assault comes from Web 2.0 sites such as Facebook and MySpace, which are treading on new ground as far as applications that exist on the Web but can easily infect client systems and servers. For these tools, it’s almost impossible to use a signature file system that managers update (even automatically) to block threats. Instead, the security product has to examine the type of traffic coming into an organization and block according to the type of inbound data.

“To effectively deal with Web 2.0 threats, a product needs to examine the actual content and understand the context of communications,” says Leichter. “They need to examine inbound and outbound Web content in real time, allowing organizations to apply more granular policy controls. Many organizations find they need to allow access to networking sites such as Facebook. However, legacy security systems can only determine whether Facebook as a whole has a good or bad reputation. The reality is that Facebook contains millions of pages of good and bad content, and organizations need to examine content in real time and apply access policies on a page-by-page basis.”

In the end, understanding the complexity is part of the solution: There are just too many threats and too much potential for a breach. NAC appliances, security systems that analyze traffic, end-user education about recent threats, and security logs can all help an SME win the next battle. 

by John Brandon