This is an exceedingly useful article from IT Security. For the past couple of decades, security professionals and those trying to push various forms of malware have played a high stakes game of cat and mouse. Consequently, many approaches to data security have emerged, each protecting against one strain of vulnerability. This complex mosaic of solutions means that one security tool can overlap with another. One layer up are approaches — such as network access control (NAC) — that federate the localized products into a more comprehensive offering.
The article attempts to make some sense of this highly fragmented environment; it poses nine questions that those in charge of security should pose to vendors, integrators or other experts. The writer doesn’t advocate a particular approach. Rather, he is laying out the first step in suggesting to businesses how they can find out how the various approaches available (for instance, white listing, access control programs and behavior-blocking) can be harnessed in a flexible and efficient manner. The piece describes what each does and whether one makes another unnecessary.
The story offers no answers. Its usefulness is in helping those charged with protecting organizational data — but perhaps untrained in the niceties of security — to start organizing their thinking.
Thursday 6 March 2008
Over Here or Over There, Server Protection Is Key
This distressing story from Government Computer News focuses on government servers, but there seems to be no reason to assume what is happening isn’t a danger to corporate servers as well.
Tools available to Internet browsers, the writer points out, are becoming more adept at identifying questionable Web sites and stopping phishing attempts. That’s great. But it’s also true that the malware community is clever and never at a loss for what to do. Its response, according to the story and the Symantec release upon which it is based, is to find loosely protected government servers and use them to host phishing sites that attack that government.
It doesn’t sound like it’s all that hard, either. At least some of the servers used by a government will be lightly protected. It’s also particularly dangerous, since the superimposition of the fake site on a real server makes it seem legitimate.
So far, according to Symantec information, the hackers aren’t using the .gov domain name in the United States. But this approach has been seen on servers in 12 nations (Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, Ukraine, China, Brazil, Bosnia-Herzegovina, Columbia and Malaysia). It seems like only a matter of time before it is attempted here.
Tools available to Internet browsers, the writer points out, are becoming more adept at identifying questionable Web sites and stopping phishing attempts. That’s great. But it’s also true that the malware community is clever and never at a loss for what to do. Its response, according to the story and the Symantec release upon which it is based, is to find loosely protected government servers and use them to host phishing sites that attack that government.
It doesn’t sound like it’s all that hard, either. At least some of the servers used by a government will be lightly protected. It’s also particularly dangerous, since the superimposition of the fake site on a real server makes it seem legitimate.
So far, according to Symantec information, the hackers aren’t using the .gov domain name in the United States. But this approach has been seen on servers in 12 nations (Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, Ukraine, China, Brazil, Bosnia-Herzegovina, Columbia and Malaysia). It seems like only a matter of time before it is attempted here.
Pfizer, Kingston Breaches Show Notification Shortcomings
egal requirements mandating notifications of employees or customers if their data is exposed is an understandably unpleasant corporate task. No matter why the data disappeared, the organization’s image is clipped a bit with every notification it sends out.
This Computerworld story implies that Pfizer Inc. and Kingston Technology Co. had trouble facing the music and delayed letting those potentially impacted know what was going on — until it was likely too late to do anything about it.
The story says Pfizer’s lawyers informed Connecticut Attorney General Richard Blumenthal that a breach impacting about 17,000 employees occurred on April 18, but notifications weren’t made until about six weeks later. The time gap in the Kingston situation was far greater. Earlier this month, the company began informing 27,000 online customers of a potential compromise in September 2005.
This Computerworld story implies that Pfizer Inc. and Kingston Technology Co. had trouble facing the music and delayed letting those potentially impacted know what was going on — until it was likely too late to do anything about it.
The story says Pfizer’s lawyers informed Connecticut Attorney General Richard Blumenthal that a breach impacting about 17,000 employees occurred on April 18, but notifications weren’t made until about six weeks later. The time gap in the Kingston situation was far greater. Earlier this month, the company began informing 27,000 online customers of a potential compromise in September 2005.
Subscribe to:
Posts (Atom)