| NORLIGHT
NEWSLETTER ARTICLE
STAYING
ON TOP OF THE THREATS
Keeping
on top of Internet threats has become a daily job for many IT workers.
However, in the process of filtering messages, updating patches
and putting out fires, many of us tend to overlook the trends behind
Internet threats. Knowing the attack trends can be important for
preventing future attacks, but also for planning and budgeting.
As the Guardians of Data, it's our job to keep on top of these trends
and to share them with you.
A good source
for attack trends is the Symantec Internet Security Threat Report,
which reports on the previous six months of Internet threat activity.
The following is a summary of the July - December 2003 report and
best practices to help keep your organization secure.
Vulnerabilities
According to the report, there were an average of seven new vulnerabilities
discovered each day. These new vulnerabilities are increasingly
severe and easy to exploit. The report terms a vulnerability as
"easy to exploit" when there is either no specialized
knowledge required to gain unauthorized access to a network, or
when tools are readily available to help attackers.
Backdoors
Exploited
Previous attacks, such as the MyDoom and Slammer worms, can leave
behind "backdoors" to networks, which, if not fixed, can
be used to gain access by new attackers. According to the report,
this is exactly what is happening. By using these backdoors, attackers
can install their own backdoor, or use the compromised system to
launch a distributed denial of service attack (DDoS). The report
states that in the first quarter of 2004 many attackers have been
scanning networks seeking the backdoor left by the MyDoom worm.
Malicious
Code Increasing
The past six months have shown an increase in particularly nasty
viruses that can release malicious code into your systems. This
malicious code can expose personal and confidential data, such as
passwords, decryption keys and keystrokes. In fact, the Bugbear.b
worm was designed to export financial data or gain future access
to accounts by stealing users' account details and passwords.
Best
Practices
Trends are great for planning purposes and to get the big picture
of Internet threats, but what can you do today? Here are a few best
practices recommended by the report:
- Always keep
patches up-to-date, especially on HTTP, FTP, mail, and DNS services
- Enforce a password policy
- Block e-mail that contains file attachments that are commonly
used for viruses
- Educate management on security budgeting needs
- Test security to ensure that adequate controls are in place
|
