Wednesday, November 09, 2005

FEATURE:Outsourcing = bad security?

PREVIOUSLY : SCOPE CREEP

CHAPTER THREE : THE RUDE AWAKENING

After the disruptive outbreaks of Blaster (aka W32/Blaster, LovSan, MSBlast, W32/Posa), SoBig, Nachi, Sasser and others, almost every corporation effected now rated the threat from malicious code as top on their risk/threat management agenda. As mentioned before, what made these recent outbreaks all the more interesting is that many corporations were infected from within their own trusted network or from their own trusted users. This was despite aggressive antivirus, IDS and other traditional security investments made by these organisations. The reasons for this were:

  1. These were “zero day” attacks with no known signatures. IT managers would arrive at work the next morning to find they had already been infected from say the Far East overnight, before antivirus or mail vendors released signatures.
  2. Contractors and workers with laptops infected from elsewhere, infected the internal network when connecting to it.
  3. External VPN or remote access/wireless connections terminating in the network core (bypassing DMZ's and firewalls) introduced infections
  4. eCommerce and business partners, traditionally “trusted” were used as launch platforms by malicious code to attack the customers resources
  5. Branch networks not under tight control of the central IT department or outsourcer were used as launch platforms against the central network and other branches.
  6. Patch management was not proving scalable as a defence mechanism due to the effort and frequency of the updates required, and the shrinking window of vulnerability.

What this now highlighted is the fact that the single trust model to the internal network and the traditional approach to protection and detection no longer applied!

The wave upon wave of mass network worms and virus outbreaks in 2004 (In fact 2004 is tagged among the security community as "The Year of the Worm".) were getting far more sophisticated and starting to really hurt. Blaster and Sasser were so devasting that IT departments and outsourcers alike couldnt sweep the issues under the carpet anymore. Besides the press having a field day of the issue, company CEO's PC's were rebooting, Finance departments couldnt access their mail or systems anymore and point of sale systems were brought down. (Believe me when store tills in major retail outlets go off the air you soon see how security becomes a business survival issue and budget getting miraculously unlocked). Clearly something had to give...

NEXT : KNEE JERK REACTIONS

CATEGORIES: 1Feature story, 1Outsourcing, 1Best Practices, 1Trends

Rate this post: (Provided by NewsGator)

posted by Dwaine at 11/09/2005

0 Comments:

Post a Comment

<< Home