http://www.computerworld.com/securitytopics/security/story/0,10801,84781,00.html Story by Scott Olson WholeSecurity Inc. SEPTEMBER 18, 2003 COMPUTERWORLD We live in an era that increasingly demands anywhere, anytime access to all of our business resources. What started with giving pagers to our most critical employees has evolved into ubiquitous use of cell phones and Wi-Fi access almost anywhere, even in McDonald's. Most recently, we've seen a trend toward Internet-enabled applications, Web mail, intranet portals and new Secure Sockets Layer (SSL) virtual private networks (VPN). More employees want access to their e-mail, data and applications wherever they are. If you work in a large organization, chances are that you have anywhere, anytime access to corporate data and resources through one or more of the following applications: * Web mail: Microsoft's Outlook Web Access, IBM's iNotes products and other programs allow access to e-mail from any machine connected to the Internet. * Internet-enabled applications: Companies like Citrix Inc. and Computer Associates International Inc. offer products that enable access to corporate applications and data from any computer with Internet access. * SSL VPNs: These VPNs don't require provisioned software on the user PC, but rather they allow employees to connect from any device with Internet access. Organizations that use these types of software realize significant benefits. Companies can reduce hardware and software costs, decrease IT management overhead associated with provisioned software and reduce help desk costs by providing a more user-friendly environment in which resources can be easily accessed. All of this adds up to a significantly lower total cost of ownership for these technologies. Managers recognize the value of this type of access, and employees are demanding it. But now the question is, how do the IT and security managers protect these connections? It's hard enough to secure corporate laptops, which for the most part are out of the direct control of the IT staff. The problem becomes more difficult when the IT manager is faced with protecting completely unmanaged, noncorporate systems used by employees who are logging in from home, from a business partner's machine or from a public kiosk. The growing trend of Trojan horses and other eavesdropping software makes anywhere, anytime access to company data risky. IT managers need to understand and address the threat that exists on the endpoint to ensure that anyone accessing corporate data is protected, even if they are using a machine that's not owned by the company. As companies embark on this challenge, they should consider the following questions: 1. Why is endpoint security important for my organization? What do Sobig.F, Bugbear.B, Fizzer and Blaster all have in common? They are all new versions of worms and malicious code that were released in 2003 and put back doors and monitoring programs on the infected computers. In essence, these new threats put the hacker at the keyboard of the PC that had been compromised. Attacks today are no longer simply propagating themselves and causing mischief, such as denial-of-service attacks or harming system resources. These new attacks are intended to enable the online criminal to watch the user and steal any data, identity information or intellectual property that they may access. Internet companies, banks and Fortune 500 companies have all fallen victim to these threats. 2. How can I be sure that the endpoint is free of eavesdropping and remote-control devices, such as keystroke loggers and Trojan horses? Companies should consider adopting on-demand security that can be delivered to any computer in a matter of seconds and that can provide universal compliance with security policies on the endpoint in much the same way that SSL has done for the network. It is no longer sufficient to rely only on signature-based software to catch and stop worms and malicious code. Not only are these solutions reactive, but it is a challenge to keep antivirus software updated to address each new threat (the Microsoft Blaster worm alone had eight variants in a matter of weeks). Organizations should look for and implement behavioral-based security software that doesn't rely on signature updates to catch and stop these threats. 3. How can I protect systems that I don't manage or own? At a minimum, companies should evaluate and implement software that provides endpoint security in conjunction with their clientless access to data and applications. This security solution should be downloadable to the machine and should identify and eliminate threats that could compromise the connection back to the corporate LAN. This software should also be able to work in an environment where end users don't always have full privileges to the machine. 4. How can I provide anywhere, anytime access while preserving the user experience? IT managers should look for and require security software that doesn't put the burden of security knowledge on the end user. Requiring the user to make security decisions means that the software will be less effective and may also result in increase costs due to an influx of help desk calls. The security software that is implemented should be transactional in nature and therefore shouldn't require significant installation, configuration or reboot to work. The software should work within the time frame of the transaction and therefore should be able to download and scan in a matter of seconds. IT managers who address these questions will be best positioned to embark on the critical first steps of ensuring security in an anywhere, anytime world while still realizing the significant benefits of remote applications. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 19 2003 - 01:39:28 PDT