Opinion: Good news, bad news

The good news is that the only companies that really had problems with worms, viruses, and other malicious code last year were companies without decent firewalls, such as those that depended strictly on anti-virus software to keep them safe.

The bad news is that those happy and carefree days are over. If you didn't use last year's relative lull in attacks to upgrade the protection on your enterprise, you're just gonna hate 2003.

The reason 2002 was a relative walk in the park was twofold. First, the people who write malicious code were still learning the ropes. While NIMDA and Code Red were relatively successful in attacking personal computers, companies that had taken reasonable security precautions were largely unaffected. Second, anti-virus software was still fairly effective in fighting off the attacks that did make it to the enterprise.

Unfortunately, that's already changing. The current attack favorite is a Trojan that appears as an e-mail containing some porn and inviting the recipient to click on a link to see more for free. When the recipient clicks the link, he gets to look, while in the background the site delivers malicious code.

Although products such as ZoneAlarm from Zone Labs may prevent this code from doing much, and products such as AdProtector from RedV Networks may detect it if it's either adware or spyware, you must have already installed these products for them to work. Without taking precautions, trouble will find you.

Even companies that have taken steps to secure their enterprises may have left important doors open. Perhaps the biggest concern is remote access by employees. The problem isn't that hackers will find a way to crack a VPN tunnel. The problem is that they may find a way to break into an employee's computer outside of the tunnel and then use the VPN to access your enterprise.

This roundabout approach may sound unlikely, but it was one preferred means of breaking into Department of Defense networks last year. Expect that the process will become automated this year.

Worse, the fact that companies must provide remote access capability for employees creates two sets of risks. One is that the remote access ports could come under attack. The second is that the underlying OSes could become open to attack because of poor security from OS vendors. Alan Paller at the SANS Institute says the latter problem could reach crisis levels by spring as attacks build.

And now that hackers have learned their skills and have access to better resources, more serious attacks will come. A lot of unemployed programmers are out there in tech industry wreckage, and many of them are disgruntled. Also, groups of hackers and malicious code creators are now receiving government funding.

Two things you can do, however, are to use the tools that are available and combat stupidity in your own employees.

That's a tall order. Hope you're up to it.

Join the newsletter!

Error: Please check your email address.

More about SANS InstituteThe SANS InstituteZone Labs

Show Comments