Security set back 6 years
Attackers don't go after operating systems like they used to. They've found bigger fish to fry in flawed applications like the average AV, database, IM, Backup software or media player program. They're also paying more attention to flaws in the routers and switches that keep the Internet afloat and are successfully stealing data from government networks.
That's the consensus among security experts who contributed to the SANS Institute's Top 20 vulnerability list for 2005. The Bethesda, Md.-based organization released the list Tuesday morning, and its research director said the findings show a major backslide in efforts to achieve ironclad information security.
"The bottom line is that security has been set back nearly six years in the past 18 months," SANS Institute Research Director Allan Paller said in an e-mail exchange. "Six years ago attackers targeted operating systems and the operating system vendors didn't do automated patching. In the intervening years, automated patching protected everyone from government to grandma. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching. Here we go again."
During a press conference Tuesday morning, Paller added, "These applications, other than AV, don't have automated patching. We're back to the stone age. Getting patches and figuring out how to install them -- those days are back in spades."
I can really relate to this - I have a few clients asking for strategies to upgrade their Cisco IOS and keep it regularly patched and best practices, methodologies and tools to achieve this are sorely lacking.
CATEGORIES: 1patching, 1threats, 1vulnerabilities, 1trends
That's the consensus among security experts who contributed to the SANS Institute's Top 20 vulnerability list for 2005. The Bethesda, Md.-based organization released the list Tuesday morning, and its research director said the findings show a major backslide in efforts to achieve ironclad information security.
"The bottom line is that security has been set back nearly six years in the past 18 months," SANS Institute Research Director Allan Paller said in an e-mail exchange. "Six years ago attackers targeted operating systems and the operating system vendors didn't do automated patching. In the intervening years, automated patching protected everyone from government to grandma. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching. Here we go again."
During a press conference Tuesday morning, Paller added, "These applications, other than AV, don't have automated patching. We're back to the stone age. Getting patches and figuring out how to install them -- those days are back in spades."
I can really relate to this - I have a few clients asking for strategies to upgrade their Cisco IOS and keep it regularly patched and best practices, methodologies and tools to achieve this are sorely lacking.
CATEGORIES: 1patching, 1threats, 1vulnerabilities, 1trends
posted by Dwaine at 11/23/2005
0 Comments:
Post a Comment
<< Home