There is a common misconception that because an
organisation has anti-virus, it must be safe, writes Raj
Samani, vice president of theInformation Systems
Security Association (ISSA). The threat
of malicious code cannot be circumvented through traditional
controls alone.
Organisational networks have often been compared to M&Ms
confectionery: hard and crunchy on the outside, but soft and gooey
in the middle. In reality, the security environment changes so
rapidly that it is like placing the chocolate ball in a furnace and
hoping it withstands the heat.
Low-hanging fruit
With emerging threats increasing in both complexity and
quantity, traditional anti-virus controls eliminate only the threat
of the low-hanging fruit. Research suggests that
an unprotected computer will be infected with malware in 12
minutes (according to Sophos) of connecting to the internet, or 20
minutes, depending on what article you read. Personal experience
suggests the duration is considerably shorter than either of these
numbers.
Traditional technologies should protect against known threats,
but what they won't protect against are very new threats or those
that have been
modified ever so slightly so as to elude the traditional malware
detection test - namely, by checking for specific malware
signatures.
Porous frontier
Assuming that internal networks are protected by an impenetrable
boundary is optimistic to say the least. Equally worrying are the
new channels that attackers are using to plant malicious code on
the target. Spam messages direct users to website that look and
feel like legitimate sites, but in reality have
malicious code embedded. One very well known sports website
even had a vulnerability embedded within it that allowed the
attacker to hijack victims' web browser - even trusted sites can
carry malicious payloads.
So what about mobile users? Is the threat greater or lesser when
you take the machine outside the "safety" of the corporate
network?
Mobile users are open to more channels of attack, but the
threats can also apply to the internal network. Take wireless
networks. It is assumed that internal networks are wired, and
external networks are likely to be wireless. The default action for
many operating systems is to automatically connect to the wireless
network a user has linked to before. What this means is that while
your users are safely working on your internal networks, they have
effectively bridged to a nearby hotspot with the SSID Linksys or
the even rarer Belkin!
In short, there are considerably more challenges facing an
organisation when it comes to malicious code then are usually
considered. Assuming that everything is okay internally leads to a
very false sense of security. Essentially, every network is
untrusted, and every system is essentially a road warrior!
Raj Samani is vice president of the UK chapter
ofISSA
Enforce wireless security >>
Read more expert advice from the Computer Weekly Security Think
Tank >>