Browser-based security threats on the rise
April 12, 2004
In a survey conducted by the Computing Technology Industry Association (CompTIA), more than 36% of companies said they were plagued by one or more browser-based attacks in the last six months.
Browser-based security threats are on the rise and may pose the next significant risk to information technology operations, according to a technology trade association.
"Browser-based attacks are a logical evolution," said Randall Palm, director of IT at CompTIA. "The better we get at stopping attacks, the more creative hackers get at writing new ones. Ten years ago, most viruses were distributed on floppy disks. Then came e-mail and instant-messaging software. Now, they are targeting browsers."
Browser-based attacks are typically unleashed when a person visits a Web page that appears harmless but actually contains hidden code intended to sabotage a computer or compromise privacy. Some attacks simply crash a browser, while others pave the way for the theft of personal information or the loss of confidential proprietary data.
One of the most common ways of disseminating these attacks is through e-mails that include a link to a malicious Web server. Because the attacks usually aren't launched until the user clicks on the link, many firewalls don't catch them. Traditional firewalls examine traffic coming into the network, but guarding against browser attacks requires that traffic leaving the network also be inspected.
Some companies are using products from start-ups such as SurfControl and Websense that are designed to monitor and control corporate Web usage in order to help protect against browser-based attacks. Firewall vendors, like Check Point Software Technologies and NetScreen Technologies, have also added some protection. But Palm said these companies still have a long way to go before they eliminate the problem.
"Stateful inspection of inbound vulnerabilities is not Check Point's or NetScreen's main focus," he said. "All the firewall vendors are playing catch-up, when it comes to protecting against this threat."
Browser vendors also are taking action to minimize the risk to their products. In January, Microsoft said it would release software updates to Internet Explorer and Windows Explorer designed to protect Web surfers from being lured to Web sites that could contain malicious code. In December, a Danish security firm alerted the security community to an IE bug that would let hackers display false Web addresses.
While concern over browser-based security threats is growing, companies still view computer viruses and worm attacks as the most threatening security risk. But these threats are significantly less common than they were a year ago, according to the survey. Last year, 80 percent of organizations identified worm and virus attacks as their most common IT security threat. This year, that number is 68.6 percent.
Last year, network intrusion issues were the second-most common security threat, garnering 65.1 percent of the vote. This year, network intrusion issues dropped significantly, falling to 39.9 percent. This drop could be attributed to the high percentage of companies using antivirus applications to fight viruses and worm attacks. According to CompTIA, 95.5 percent of organizations use some form of antivirus technology.
Firewalls and proxy servers are the second-most commonly used antivirus technology, employed by 90.8 percent of respondents. Companies also are doing more security audits and penetration testing. They were used by 61 percent of respondents, up from 53 percent.
Source: C Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing