New Threats Leave Less Room for Error, Expert Says
“We used to have reasonably big windows when a security vulnerability was discovered,” he said. “We would find out about it and say, ‘That’s a bit of risk for our customers. We should plan on patching that system.’ As the number of broadband users—and potentially malicious users—grows, those windows are getting smaller and smaller.”
Although it used to be acceptable to employ a reactive, patch-as-you-go strategy, information security professionals have to take more preventative measures today. “You can no longer assume that you’re going to get a warning, and you can patch it and then you’re safe,” Redekop said. “You have to assume that by the time you’ve been warned, that particular exploit has been tested on your network by some zombie or some hacker. All of a sudden, we have to put big fences around our (network), and additional fences just in case there are some holes we weren’t aware of.”
Redekop recommends using reverse firewalls to cut down on spam and prevent malware from slipping in and out through back doors. “A reverse firewall virtually inspects any computer’s outbound request,” he said. “Spam is sent out by some piece of spyware on the users’ computers that helps the spammers’ cause by sending out masses of e-mails. A reverse firewall implementation (ensures) computers on a network can only send mail through a server, which inspects for viruses and spam. It’s an easy implementation, and it can be done on any professional-grade router.”
Users also need to be aware of the vulnerability of information sent through wireless networks or in public hot spots. Part of the problem is that more than 90 percent of users still use clear-text e-mail in all situations, Redekop said. Hackers use Cain-and-Abel programs to pick up traffic in exposed areas like this, and can intercept user names and passwords relatively easily. To avoid compromising sensitive information, he suggests using at least some level of encryption to send and receive e-mail.
For more information, see http://www.nerdsonsite.us.