Many IT shops say that phishing is the new security threat that worries them most. Why is it emerging as a big problem now? How can companies protect themselves?
Phishing is about users and social engineering attacks, not about technologies. It is a new threat, but it utilizes what most security professionals have known all along: Most computer users don't know and don't want to know about security. One can preach the value of security awareness programs, but those still face an uphill battle of users not wanting to know and care about security.
Spyware and other malicious software designed to steal online banking access credentials are closely related to phishing; however, those can be fought with technical means more effectively than pure phishing, which is largely an education and awareness problem. Even if a phishing e-mail utilizes a bug in IE [Internet Explorer] or an e-mail client to conceal its origin, it is still a user's choice to click on a link and enter his username and password. What's more or equally as dangerous as phishing in the security scenario for the rest of 2004 and beyond?
Worms will continue to be a top threat during 2004. They are much more dangerous than phishing, since their damage potential is much higher than losing $1,000 from a savings account. Defenses against worms are also not quite perfect yet. More advanced worms are sure to come, as well as a flood of less advanced but numerous variants of the existing "wormware."
When people talk about 'drive-by' -- and even 'fly-by' in one documented case -- hacking, they mean attacks against wireless networks [Wi-Fi]. Insecure wireless networks provide another entryway into corporate networks. While secure wireless infrastructures can be built, they are not widespread for cost reasons. What new security tools have caught your eye recently?
Funny as it sounds, I haven't seen anything ground-shaking for some time. I was looking into some new open source tools to analyze logs, but I have not noticed any major advances. What security technologies that are almost ready for prime time are you interested in?
Bringing security defenses into the network infrastructure -- as done by Cisco in NAC and planned by Microsoft in NAP -- has a potential to address some of the costliest security problems in the near future.
These initiatives connect an individual machine's (servers and desktop) security posture (patch levels, antivirus update status) to its access rights on the network. For example, an unpatched system will only be allowed to access a quarantine network with an access to a patch distribution server. These technologies have a chance to mitigate worm and other malware threats. Well, then, what existing types of products should security administrators check out at LinuxWorld or any other trade show?
Well, all kinds -- starting from firewalls, IDS, vulnerability scanners to security management products.