How to fight the Top 9 IT Security Threats in 2009

I have read an excellent article today from “Perimeter e-security” which lists the top 9 security threats of the IT industry for 2009 and how to mitigate them. Perimeter is a Milford, CT company offering complete security on demand services, starting from the user’s CPE and continuing into network security. I thought it would be a good idea to list here in a table the top 9 security threats according to “Perimeter” together with the way to avoid them.

Threat

Description

Status

Resolution

1

Malicious Insiders

Rising Threat

Employee Security Awareness Training

2

Malware

Steady Threat

URL Filtering, Patch Management.

3

Exploited Vulnerabilities

Weakening Threat

Comprehensive Patch Management

4

Social Engineering

Rising Threat

Social Engineering Testing

5

Careless Employees

Rising Threat

Employee Training

6

Reduced Budgets

Rising Threat

Consider Opting for a Software-as-a-Service (SaaS) Solution to Cut Costs.

7

Remote Workers

Steady Threat

Use The Same Systems For Telecommuters As For On-Site Employees.

8

Unstable 3rd party providers

Rising Threat

Consider Streamlining Your 3rd Party Providers.

9

Download software including open source from P2P or download sites

Steady Threat

Limit Download and System Update Administration to a Trained IT Professional.

Comparison: Virus, Warm, Adware, Spyware, Trojan

We have all encountered terms like virus, warms, spyware etc many many times in the internet “jungle” without actually distinguishing between them. In this post I will try to define and compare all these malware threats that flow around the computer and internet worlds.

  • Virus: A virus is a malware program that is loaded on your computer without your knowledge, with the intent of doing some damage to your system. It normally attaches itself to another program or data file in order to spread and reproduce itself in other areas of the computer without the knowledge of the user. Normally a virus enters your computer through a spam email which has attachments (pictures or files) or by downloading infected programs from malicious sites. A virus can damage files or cause your computer to behave strangely.
  • Warm: Warms are memory-resident malware threats that can spread across networks by exploiting possible Vulnerabilities in the TCP/IP stack implementation of the OS and/or specific applications. They load themselves into the memory of a remote system and then execute themselves … all without ever being written to a disk. A warm therefore can live on its own and propagate by copying itself from one computer to another. Worms can harm a network, can consume tremendous bandwidth, and can shut a computer down.
  • The difference between viruses and worms is that a virus cannot replicate itself like a worm, and it usually affects the computer it has invaded. A worm acts autonomously, and uses a computer network in order to multiply itself and to send copies of itself to other systems. A virus needs a user action (e.g download of infected file, run a program etc) in order to propagate and spread itself. Continue reading “Comparison: Virus, Warm, Adware, Spyware, Trojan”

Firewall Definition – Firewall Technologies

By conventional definition, a firewall is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. It can be used to isolate one compartment from another.

When applying the term firewall to a computer network (or to a Local Area Network – LAN), a firewall is a system or group of systems that manages access between two or more networks.

A simple network protected by a firewall is shown below: Continue reading “Firewall Definition – Firewall Technologies”

Defense in Depth Security (or Defense in Layers)

This security approach is based on the concept of building several layers of defense around the host or information resource that you want to protect against malicious attacks.
In enterprise IT networks, the defense in depth approach is implemented using different security infrastructure equipment and mechanisms. These include hardware firewalls, Intrusion Prevention Systems, Authentication and Authorization servers, encryption devices, proxy servers, enterprise antivirus software, host intrusion detection software etc. Depending how big the enterprise is and how much security level they want to achieve, security administrators use some or all of the mentioned security tools.
On the other hand, for small home networks to attain a strong defense in depth I would suggest at least the following: Continue reading “Defense in Depth Security (or Defense in Layers)”

How To Protect your network from IP Spoofing

In a normal IP communication between two hosts, the sending host inserts its configured IP address in the ‘source IP’ field of the IP header, in order for the receiving host to know where to send the reply traffic back. In IP Spoofing, a malicious host can forge the IP header and change the source IP address to something different, thus making the packet to appear that it’s coming from a different machine.

IP spoofing is frequently used in Denial of Service attacks, where the attacker wants to hide its identity (source IP address) and also does not care about receiving responses to its attack packets. Continue reading “How To Protect your network from IP Spoofing”