08:20 PM
Combating Blended Threats
One of the most significant computing events of 2004 occurred in January, when the Internet was hit by the MyDoom worm. According to analyst group Computer Economics, the worldwide cost of MyDoom reached an estimated $4 billion. This equals monetary damages from the SoBig.F virus in 2003 and the SQL Slammer worm in 2004 combined. Security experts agree that blended threats will continue to grow in frequency, complexity and severity.
Blended threats use multiple methods and techniques to propagate or attack, often combining attributes from hacking, computer-worm and denial-of-service attacks to exploit known vulnerabilities. As a result, blended threats can spread to large numbers of systems in a very short time, causing widespread damage very quickly.
Today's blended threats represent the greatest risk to information security since the launch of computer viruses more than 20 years ago. According to Symantec's September Internet Security Threat Report, an analysis of trends in cyber security activity, blended threats made up 60 percent of the top 50 malicious code submissions during the first six months of 2004, an increase of 9 percent from one year ago.
Additionally, the time between a vulnerability announcement and the release of an associated exploit is diminishing rapidly, which contributes to the amazing infection rate. The Witty worm, for example, appeared in the wild only two days after the vulnerability that it targeted was announced, leaving many unpatched systems dangerously vulnerable.
Further, blended threats are reaching entirely new target levels. The MyDoom worm is responsible for one of the worst mass-mailer worm outbreaks ever seen. The virus harvests e-mail addresses from infected PCs, causes the computer to spew spam and opens a back door for hackers to enter later.
Best Practices for Comprehensive Protection
Blended threats dominate the threat landscape, spread very quickly and pose significant risk to confidential data, making it important for businesses and consumers to have multifeatured, multilayered protection for their computer systems. In addition to information security solutions, security experts agree that the best line of defense is a combination of technologies, people and processes. The following security practices are examples of how to successfully combine these elements:
1. Evaluate Your Needs
Identifying which operating products and services an organization actually needs and eliminating any that are unnecessary is the first step a business should take toward reducing security risks. Removing unnecessary products can decrease system vulnerabilities considerably. For example, there are not many reasons to run a Windows NT Server with IIS Web Server on an employee's desktop computer, so removal of IIS from company desktops should preempt attacks that are designed to exploit such vulnerabilities.
2. Use an Integrated Approach
Since blended threats use multiple methods and techniques to propagate and attack, businesses need to employ integrated, multitier solutions that offer protection at the gateway, server and client tiers and incorporate antivirus, intrusion protection and firewall capabilities. Most major security vendors offer integrated security solutions that are designed and tested to work together, minimizing potential gaps in security coverage. Because these products monitor for slightly different Internet security threats, they can significantly minimize the possibility of a security breach by blended threats when they are used together.
For example, a firewall appliance at the Internet gateway can block malicious traffic from entering the network. Antivirus software on each desktop and server can be used to detect attacks that somehow slip past the firewall. In addition, intrusion protection solutions can monitor network traffic for improper activity that eludes detection by both the firewall and the antivirus software.
3. Use Smart Password Practices
Computers and networks are often protected by passwords as a security measure. However, these same passwords can be a major vulnerability. People try to save time by sharing passwords or choosing simple ones, making it easier for unauthorized users to gain access and break into networks.
A policy that requires users to change their passwords on a regular basis will lessen the possibility of a system breach. Passwords should be at least six characters long, including both letters and numbers, and they should be randomly chosen. Names or important dates, such as birthdays or anniversaries, should be avoided.
4. Keep Security Patches Up-to-Date
The time between the disclosure and widespread exploitation of a vulnerability continues to shrink. As exploits are developed and released more quickly, companies are increasingly vulnerable.
For this reason, security patches need to be kept up-to-date. Most blended threats are based on known vulnerabilities. Keeping operating systems, applications and security solutions current with the latest security patches will seal off many of the open holes that blended threats use to spread. Security patches are typically available from the vendor.
5. Regularly Check Your Network
An integral practice that is often overlooked when securing a network is the collection of data forensics. Since blended threats use numerous ways to infect a system, a careful analysis of irregular network behavior can provide an early warning of an attack.
Internet security best practices should include policies, procedures and standards for such functions as logging, reporting, and auditing network traffic. Tools need to be implemented that increase the effectiveness of event analysis through after-the-fact data forensics.
As blended threats appear with increased regularity and growing complexity, organizations should recognize the importance of adopting best practices and applying them jointly with multifunction, multitiered information security solutions. The specific security policies and solutions required to combat blended threats will vary depending on the size and needs of each company. However, every organization should make provisions to implement an integrated security approach that combines layered security solutions with an educated, aware workforce and proven best practices.
About The Author
David Tan, Chief Technology Officer, CHIPS Computer Consulting
David Tan is cofounder and chief technology officer of CHIPS Computer Consulting. In addition to managing the technology infrastructure and technical direction of CHIPS, Tan acts as a virtual CIO for the firm's clients. In this role, he has been responsible for integrating new server and security platforms, setting up remote access solutions and allocating IT resources.