Internet Security Industry News
Companies need better Internet security
August 29, 2003
As industry recovers from the latest security breaches, particularly the Blaster worm and the Sobig.F virus, affected companies should be implementing long-term solutions to make sure such problems do not happen again.
Last year's ICSA Labs survey on viruses showed that 87 percent of corporates reported virus problems even though 95 percent have antivirus software installed. Clearly, antivirus tools coupled with an activated update scheduler are not the whole solution. Shimon Gruper, executive vice president of ESafe Technologies, commented, "Most solutions are based on reactive updates and virus proliferation is always faster than the speed at which these updates can be applied."
To stop people clicking on attachments with hidden extensions it is best to have specific attachments blocked at the gateway, according to Gruper. "The best protection scenario is to not let attachments in if they are deemed not to be productive, which means only office documents and PDFs," he said. "By just stopping .pifs and .exes the majority of problems can be avoided."
Although companies have been affected by the recent wave of virus attacks, Kevin Hogan, senior manager at Symantec Security Response in Dublin, said, "It's been more severe on the home user than the corporates since they don't have the sophisticated gateways that can block [viruses]."
But there are still problems with misconfigured gateways on corporate networks. "Some gateways are auto responding to spoofed emails [email addresses harvested by Sobig] and sending the virus back," Hogan added. The Blaster virus hit a number of high-profile firms, including Sainsbury's. To prevent a recurrence, Gruper said companies should implement a solution that tackles the problems caused by Microsoft's patching regime. "Patching is not the right solution; Microsoft's ability to enforce patching of all the millions of computers is impossible," Gruper added.
Patch testing can cause headaches for IT teams. "Policy compliance in relation to patching is a problem, since you don't want to automatically update patches via Windows Update," said David Emm, marketing manager for the AV emergency response team at Network Associates. "Patch testing usually needs to be done to ensure systems run properly. Determining which patches are important is the problem." Some firms seek assistance from third-party patch management systems. "The US is about a year ahead of the UK in adopting third-party patch management systems and patch management software has three times the players it had 18 months ago," said Ron Kaplan, product manager for St Bernard Software.
Firewalls could minimise the damage caused by Blaster, if they are properly configured. "You may think that because you have a firewall you're isolated from the attacks," said Russ Cooper, editor of NTBugtraq. "[But] as in the Falklands, sooner or later observing is just not enough and it's time to send in the Royal Marines." Although companies may have the infrastructure to deal with the current band of worms, Trojans and viruses, there is currently a line of defence that is not in place. "The problem isn't Microsoft's products or the knowledge of the consumer. The problem lies in the ISPs' unwillingness to make this issue disappear or at least reduce it dramatically," said Cooper.
He added that ISPs have the view and ability to prevent en-masse attacks. "All these attacks traverse their networks before they reach you and me. If they would simply stop attack traffic that has been identified and accepted as such, we'd all sleep better," Cooper said.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing