/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsViruses, Trojans, Malware, Spam, Clickjacking, security threats have taken
many new forms. Security solutions have evolved from mere anti-virus engines to
those with comprehensive online protection features such as encryption, enhanced
spam filtering, anti-viruses for mobiles and much more. Security managers must
consider the changing nature of attacks and plan their strategies accordingly.
We take a look at the current scenario and ways to combat this menace in future.
White Listing
The concept is not new but can be interpreted from different perspectives. The
traditional approach of finding malware is to check against a pre-existing list
of malware, termed as a black list. The trend these days is to check for the
property of a program instead of tallying it against a list of malware. Norton
in its latest release has incorporated this feature which maintains a list of
healthy files. During the scanning process, it checks only for files that are
not there in the list and finds out if any changes have been made to existing
files. The new approach is effective and also consumes less system resources in
the long run, but still has long way to go before it's fully adopted.
We tested a product named DriveSentry 3.1.2 which utilizes the concept of
Whitelisting. It checks against the list of black listed programs, a list of
good known programs (white list) and the online advisor community. The software
provides the flexibility of choosing programs that need to be protected. A user
can create access rights for programs, for e.g whether IE can perform write
operations or not. It focuses mainly on write operations being performed by
different programs. A user can synchronize the software for updates from the
online database. We tested the programs against our virus database and found it
to quarantine all of them. We even tried to run some trojans and malware but the
software very promptly blocked them. Other protective features such as anti-spam
are not a part of this software. Another good feature about this approach is
that the scan time required is less. This is because each time a scan is
performed, trusted programs form part of white list and are not scanned until
modified.
Active operating systems
The new releases of operating systems include advanced security features.
For example, a user of Vista is always prompted for permission before any
activity. These features are good for security but also end up consuming a lot
of user time, sometimes unnecessarily.
| Wireless Keylogger |
| Like most threats keyloggers are also getting advanced. In wireless keyloggers the recorded data can be obtained via Bluetooth without disturbing the person. This can act as a tool to keep track of the employee's activities over the network. If utilized in this fashion, it proves to be a utility for the enterprise. But one cannot undermine its potential to be used as a device for gathering information for destructive purposes. This utility, when used as hardware integrated with the system, cannot be disabled by the user and data can be obtained at regular intervals. Now the data obtained will necessarily consist of important information like passwords, user Ids, etc, which comes through the system itself. This poses a great threat to the security. One possible solution for this is to use virtual keyboard as used by certain banking sites like ICICI Bank, but it still doesn't seem to be a practical solution. |
Wireless connections
The growing rate of mobile work force for small and medium businesses has given
strong impetus to wireless connectivity options and this is only expected to
rise in the near future. However, there is a need for proper training of
employees to ensure secure connectivity. After the recent incidents, where
terrorists took undue advantage of insecure networks, companies are putting in
place security measures such as VPNs and firewalls. Hackers are not just
interested in breaking through the network but their real objective is to
intercept vital information, decrypt it and then modify it. This doesn't stop
here. They encrypt it again and then send it through the network. We've seen lot
of such incidents in Hollywood sci-fi movies, where a hacker is able to take
control of the entire country's system and then manipulate it.
Click-jacking
The word not only sounds like hi-jacking but has similar connotations as well.
This new threat refers to the attack on the browsers. By exploiting
vulnerabilities present in a browser a hacker can take control. Next, the victim
can be duped into clicking on a link. that would lead to a malicious website.
Such a website might inject malicious code on the system. To the victim it would
appear as if he were clicking on something innocuous like a picture. Such an
attack could be compared to cross-site injection or any other injection
technique that has harmful consequences. At present there is no solution to
combat this threat but as it uses graphics as a shield to hide its malicious
content, switching to a browser that supports text only can be a solution (very
difficult in the current scenario). However, research is underway to to come up
with a more practical and viable solution.
| Spam traffic |
| Spam volume was at a record high in Q3 this year with fairly steady monthly increases throughout the summer. The acquisition of innocent machines via email and web-based infections continued in Q3, with over 5,000 new zombies created every hour. The United States continued in its dubious role as the largest originator of spam, nearly doubling its worldwide share from 16.6% in Q2, 2008 to 32.1% in Q3.
According to a report from Secure Computing Research in 2009 we are likely
|
Social networks
The word is not new but has taken a potentially dangerous new dimension. We're
all aware of all the social networking sites out there, which are increasingly
being used by millions across the globe. Often unknowingly, people share
information on these sites that could prove to be a security hazard. As the real
identity of the account holder can be faked, so the authenticity of a person is
always in question. Generally these sites carry information that is personal in
nature. This can be a target by the attacker and be used in a way that can prove
to be detrimental to a person or organization. Apart from this, an attacker can
himself con a person to share information by sending a link for a phising web
site. A user should be cautious while dealing with messages containing these
links.
Identity Management 2.0
New ways for managing a user's identity and their rights for access to various
resources will emerge in Identity Management 2.0. This management approach is an
improvisation over the Identity Management 1.0 which included authentication,
authorization, user provisioning and password management. The new management
system will include stringent forms of authentication, risk-based authorization
and fine-grained entitlements, role based user provisioning and ability to
virtualize identities.
/pcq/media/post_attachments/541a7c1d52860303c1fc5822133b5e07e1fc8d1e1423d65f185dafe7aa8a4943.jpg) |
| Drive Sentry Advisor is an online resource that helps a community in making independent program access decisions based on responses submitted by fellow users. |
a)Enhanced authentication and risk-based authorization
Imagine a threat similar to phishing that tries to steal a user's identity by
pretending to be one of the legitimate site. Under such a condition the
legitimate website can incorporate software products that uses enhanced
authentication techniques like on-screen pads. To further add to the security,
these input pads are customizable so that a user will only know its pad.
Assuming that the attacker has somehow managed to get information about the
personalized pad, even then the role of risk-based authorization will come into
play. This advanced technique maintains an analysis of behavior patterns of the
user session. If any abnormal behavior is found, the system will prompt the user
to authenticate again. These new techniques definitely make life harder for an
attacker.
| Citrix on Security |
| We had an interaction with Ratnesh Sharma, director of product management, Citrix on security issues. Citrix has two research and development centers for networking in California and Bangalore. They provide products for the global market. Based on our interaction, we summarize the latest happenings as follows: With increasing number of |
b) Fine grained entitlements
Earlier the access management system was simple and once the user had been given
access it was up to the user to use the system to whatever level. But the
upcoming trend in the management of systems is to give a very specific access to
the users based on their position and requirements. For example, a physician may
only be allowed to access records of patients under his care.
c) Role management
Defining policies for different roles within an organization according to
changing business requirements is the key feature under Identity Management 2.0.
This will not only include defining new policies or roles but will also provide
the flexibility to modify existing roles. Such an approach is beneficial for
business management and also simplifies the process of assigning access rights
to the user.
d) Identity virtualization
Under earlier systems, details regarding users and their passwords were
maintained across multiple directories. Identity Virtualization is a virtual
directory of all users with their information. Such an approach reduces the
access time and presents a consolidated view of all users. Virtual directory is
like a layer above all user repositories.
| Secure Computing unveils STAMP initiative |
| Secure Computing Corporation has unveiled a new initiative called 'STAMP' (Seven Technologies for Advanced Mail Protection), designed to improve email security. The STAMP initiative has been driving Secure Computing's next-generation messaging gateway appliance development and in conjunction with the launch, the company has announced Secure Mail 6.7.1. Highlights of the new version of Secure Mail 2) Complete data loss prevention for email - Out of the box, 3) Administrative empowerment -As it is the first delivery of |
Mobile malware
With the increasing use of smart phones, vulnerabilities also increase. Mobile
malware holds a lot of potential and will evolve because of penetration of
faster networks. Mobile devices are launched with a lot of new features but at
the same time they open more holes on the security front. Some of the attacks
that will be common are session keylogging, obtaining contact lists, etc.
Another trend to catch up will be solution to these malware from anti-virus
vendors. Monetization of mobile malware will be successful. Apart from this one
can think of open source malware, ie the code is modifiable and anyone can add
to the functionality of that code.
/pcq/media/post_attachments/b0bdab5036591af757b92196baccd806b5073909f5664ffaaaa68987d0534fb4.jpg) |
| This is a feature of an online identity management portal from VeriSign which remebers passwords by encrypting them. Read more at https://pip.verisignlabs.com. |
Data kidnap
Threats may not be limited to only causing damage to data or a person. It is
possible that an attacker might steal some important data of an organization and
then encrypt it. Then some form of extortion might be resorted to in lieu of the
data. Myfip is a type of IP theft worm that tries to steal files with extensions
such as: .pdf, .doc, .dwg, .sch.