|By RealWire News Distribution||
|September 7, 2011 08:19 AM EDT||
Ian Kilpatrick, chairman of IT specialist Wick Hill Group, examines the range of Internet security threats faced by companies today and advises on how to protect against them.
How to use the Internet while staying secure has always been a concern for businesses. Over the last couple of years there have been many changes in the Internet threat scenario. Most notably there has been a significant increase in the 'access anywhere/anytime culture' with a growth in social networking, a move to convergence solutions such as VoIP, a major increase in smartphone use, a growth in cloud computing, plus the 'consumerisation' of systems (i.e. the use of personal devices for company data).
2. OVERVIEW OF INTERNET THREATS.
The range of security threats includes
* Malicious threats, such as viruses and other malware
* Fraud threats such as phishing emails, spyware and toll fraud
* Unauthorised access from hacking, data leakage, botnets, unsecured wireless, and user name/password insecurity, etc.
* Operational threats, such as distributed denial of service (DDoS) attacks, attacks on VoIP, the failure of cloud computing suppliers to secure your network, or security risks from remote workers.
* Newer threats such as social networking insecurity, web application threats, smartphone insecurity and poor security for converged voice/data applications on the network
3. HOW TO PROTECT AGAINST INTERNET THREATS
The basics that companies need to protect themselves in today's internet environment include:
Risk assessment/risk management.
A risk assessment should be carried out BEFORE implementing additional aspects of internet use, to identify the risks and determine what, if anything, needs to be done to minimise them. It is important to regularly review all security policies. Recent history has shown that it is less expensive, easier and more efficient to deploy security at the beginning of any project than to try to "backfill" it. Oh yes, and it's more secure!
Educated staff are the first and main line of defence. Staff need to be brought on board, where security is concerned. The impetus needs to come from the top and be maintained.
Staying up to date
A basic and key way of staying secure is to make sure you rapidly deploy software updates, such as operating system and browser updates. Make sure too that patches, particularly security patches, are installed as soon as available.
As a first line of defence, users should be educated to not open unknown attachments, which are a common source of viruses and spyware, and to be very cautious about clicking on any links.
Anti-virus systems should be behaviour-based and updated automatically in the background. Many anti-virus solutions also incorporate anti-spyware elements, to help cope with problems such as the theft of user names and passwords. Suppliers include Kaspersky Lab, VIPRE Business, Norton, McAfee and Symantec. Anti-spyware suppliers include Barracuda Networks and WebRoot. Free anti-spyware solutions, such as Spybot, are also available.
Firewalls are now almost universally deployed. All messages entering or leaving the network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
A huge range of firewalls is available today from companies such as Check Point, Nortel, Nokia and WatchGuard. Firewalls are also available as part of a unified threat management appliance (UTM) or an extensible threat management (XTM) appliance, where a firewall is combined with other security functions, including (in many cases) web application firewalling (WAF), sometimes also known as deep packet inspection (DPI).
The best way to prevent unauthorised access is through authentication.
Single factor authentication involves the use of passwords only, ranging from weak to complex. It has a number of insecurities and is highly vulnerable to the same password being used for multiple applications (including social networking), increasing the risk that your business applications security could be breached.
Strong two factor authentication comprises something you know (a password) and something you have (e.g. a hardware token, which can produce a time limited one time password, a soft token (for example a PIN sent to a mobile phone) or a swipe card). Companies including VASCO, RSA and CRYPTOCard provide strong two factor authentication solutions. While there are still risks with this approach, it provides significantly improved security at a comparatively low cost
Biometric authentication, involving personal elements such as fingerprint or iris recognition, is more appropriate for high security applications, such as financial or defence.
Remote user security
Encrypted virtual private networks (VPNs), either IPsec or SSL, are the typical solution for secure branch to head office communications, for communications between companies and third parties such as suppliers, and for secure communications between remote/mobile workers and head office/branches. This should be done, using a minimum of two-factor authentication.
Branch offices can install low-cost remote UTMs which incorporate VPNs and these can be centrally administered, typically by the head office. Companies such as WatchGuard, Check Point and NETASQ provide remote, centrally manageable IPsec and SSL VPN solutions.
Another method of securing remote and mobile users is endpoint security (EPS). Coupled with central management, it can ensure that firewall, anti-virus and security patches are used. A range of solutions is available from companies such as Check Point, GFI Software, Kaspersky Lab and Citrix.
With the growth of remote working, managing the remote worker network securely has become increasingly difficult and costly. To complicate matters, many employees are using their own PCs, laptops and smartphones to link to the company.
This carries a significant risk of these devices being infected by spyware, etc. and introduced to the network. Additionally, data on them could be unprotected. Coupled with this, there is the high cost of providing, supporting, patching and managing company supplied devices.
One solution is for the employer to give the employee an allowance to buy their own PC or laptop and to supply them with a secure, hardware encrypted flash drive with embedded security software.
This creates a secure tunnel, stronger than an SSL VPN, between the remote worker's PC and the applications on the home network. File transfer between the PC hosting the flash drive, and the corporate network, is strictly controlled. The use of applications and programmes too is subject to the applied security policy.
These types of solutions essentially provide a secure, virtual environment, irrespective of the security status of the users PC/Laptop. They include solutions from Check Point (Abra) and IronKey, as well as the different approach of virtual desktop infrastructure (VDI) from Citrix and VMware.
Smartphone growth presents another remote access security risk. Staff are increasingly using them to retrieve email and use other applications on the move.
But they remain largely unprotected and have the potential to put the whole network at risk through unauthorised access, particularly as they are so easily lost or stolen. Wi-Fi roaming out of the office, creates a number of security risks, including the risk of identity and security credentials being lost or stolen.
Because of the dangers, smartphones should be treated just like PCs, when it comes to securing them.
A lot can be done through carrying out a number of simple preventative actions. For example, use the PIN function to secure the phone, install data wiping facilities, employ time-out policies, and install GPS tracking so the phone can be located if stolen. Authentication to the network from smartphones is essential.
Specific smartphone security solutions are also available from suppliers such as Kaspersky Lab, Sipera, CRYPTOCard and Check Point.
The use of wireless has grown significantly in the last few years and is now endemic, with smartphones increasingly being used to connect to wireless.
Authentication is absolutely crucial in this environment and strong two factor authentication should be used for access to all confidential internal data, from wireless pcs, laptops and smartphones. Sensitive data should not be held on a smartphone or wireless laptops, unless encrypted.
IPSec or SSL encrypted VPNs should be used for all wireless communications between head office and remote locations, such as branch offices, mobile users or home workers.
When employees leave a company, and their access to wireless hasn't been managed, then the risk of them causing problems through unauthorised access is significantly increased.
Wi-Fi roaming and Bluetooth are other risks, with many users leaving their devices Wi-Fi roaming and Bluetooth-enabled. This leaves them vulnerable to attacks resulting in access to the devices and the company network, particularly if authentication is not strong enough.
If your organisation is using unencrypted wireless in the office, all the information held on your network can be at risk. If your existing solution supports WPA2 or even the discredited WEP encryption, switch it on (it will have arrived with the default off). It is a good idea to encrypt all relevant confidential files, data, internal e-mails and network attached storage (NAS).
Wireless security providers include companies such as Aruba Networks, Check Point, Ruckus, SonicWall, and WatchGuard.
Encryption (including laptop and smartphone encryption)
The easiest and most effective way of stopping sensitive and critical data being read by unauthorised personnel or outsiders is to encrypt it.
Loss or theft of data stored on laptops or smartphones is a particular problem.
However, this can be easily and inexpensively protected using comparatively low-cost encryption software for laptops from companies such as Pointsec, Utimaco and PGP, and specific mobile security software for smartphones.
The use of unified encryption management (UEM) means encryption can be easily managed across all data risk areas including desktops, laptops, PDAs, USB sticks, mobile phones and other removable media.
* Converged systems security
Security convergence is different from normal data security, because the link between phone systems and the Internet makes both voice and data more vulnerable to problems such as toll fraud and the total loss of both voice and data communications, if VoIP is hacked. However, there are security products available specifically tailored for a unified communications (UC) environment. These include solutions from Sipera, Panasonic and Samsung.
* Cloud computing/hosted systems security
If you put your network into the cloud or use hosted systems, then you are making someone else responsible for your security and need to ask your supplier a number of questions. These could include:
- what security and authentication procedures are in place for remote staff access?
- how is data secured against leakage?
- what protection is there against DDoS attacks?
- how can you guarantee your staff won't access my company's data?
- what is the service level agreement for availability and what is the recourse if it is breached?
- in what jurisdiction is my data held and stored?
4. MULTI FUNCTIONAL SOLUTIONS
Unified threat management systems (UTMs) are designed to provide a range of security solutions in a single appliance, reducing costs and simplifying the whole process of security systems management and installation. The minimum requirement for a UTM is a firewall, VPN, anti-virus and intrusion detection/prevention. Some UTMs may also provide anti-spam, web content inspection spyware protection, centralised management, monitoring, and logging capabilities.
Extensible threat management systems (XTMs) are a development of UTMs, which combine fast throughput with advanced networking features to handle high-volume traffic. They are suitable for 50-10,000 or more users.
Popular UTM and XTM solutions include those from WatchGuard, Check Point, Fortinet, Barracuda Networks and NetASQ.
Web Application Firewalling (WAF)
Web application firewalls apply rules to HTTP (essentially web server and browser) conversations. This is sometimes also known as deep packet inspection (DPI). Dedicated devices are available such as SecureSphere from Imperva, ModSecurity (open source) and the Barracuda Web Site Firewall. WAF is also included in many UTM and XTM solutions.
A variety of other multi-functional solutions, incorporating various security product mixes, is also available from companies such as Kaspersky Lab, Symantec, McAfee and Computer Associates.
The latest important IT security concerns include the increasing amount and variety of remote access, and the growing use of converged systems such as VoIP and smartphones. However, these and other ongoing security risks such as malware, fraud and data leakage, can all be adequately protected against with a strong commitment to security and the deployment of appropriate solutions.
Ian Kilpatrick is chairman of Wick Hill Group plc, specialists in secure IP infrastructure solutions for e-business. Ian has been involved with the Group for more than 30 years. Wick Hill is an international organisation supplying most of the Time Top 1000 companies through a network of accredited resellers. Contact www.wickhill.com, 01483 227600.
Ian looks at computing from a business point-of-view and his approach reflects his philosophy that business benefits and ease-of-use are key factors in IT. He has had numerous articles published in the UK and overseas press, as well as being a regular speaker at IT conferences.
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
Jul. 26, 2016 05:15 AM EDT Reads: 2,049
Large scale deployments present unique planning challenges, system commissioning hurdles between IT and OT and demand careful system hand-off orchestration. In his session at @ThingsExpo, Jeff Smith, Senior Director and a founding member of Incenergy, will discuss some of the key tactics to ensure delivery success based on his experience of the last two years deploying Industrial IoT systems across four continents.
Jul. 26, 2016 05:00 AM EDT Reads: 1,524
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
Jul. 26, 2016 03:45 AM EDT Reads: 1,830
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
Jul. 26, 2016 02:00 AM EDT Reads: 1,335
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
Jul. 26, 2016 01:45 AM EDT Reads: 1,313
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, explained how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.
Jul. 26, 2016 01:30 AM EDT Reads: 1,000
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
Jul. 26, 2016 01:15 AM EDT Reads: 2,534
In today's uber-connected, consumer-centric, cloud-enabled, insights-driven, multi-device, global world, the focus of solutions has shifted from the product that is sold to the person who is buying the product or service. Enterprises have rebranded their business around the consumers of their products. The buyer is the person and the focus is not on the offering. The person is connected through multiple devices, wearables, at home, on the road, and in multiple locations, sometimes simultaneously...
Jul. 26, 2016 12:45 AM EDT Reads: 648
“delaPlex Software provides software outsourcing services. We have a hybrid model where we have onshore developers and project managers that we can place anywhere in the U.S. or in Europe,” explained Manish Sachdeva, CEO at delaPlex Software, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 26, 2016 12:00 AM EDT Reads: 1,545
From wearable activity trackers to fantasy e-sports, data and technology are transforming the way athletes train for the game and fans engage with their teams. In his session at @ThingsExpo, will present key data findings from leading sports organizations San Francisco 49ers, Orlando Magic NBA team. By utilizing data analytics these sports orgs have recognized new revenue streams, doubled its fan base and streamlined costs at its stadiums. John Paul is the CEO and Founder of VenueNext. Prior ...
Jul. 25, 2016 11:15 PM EDT Reads: 2,020
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 25, 2016 11:15 PM EDT Reads: 1,317
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Jul. 25, 2016 10:00 PM EDT Reads: 2,520
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
Jul. 25, 2016 08:30 PM EDT Reads: 1,946
With 15% of enterprises adopting a hybrid IT strategy, you need to set a plan to integrate hybrid cloud throughout your infrastructure. In his session at 18th Cloud Expo, Steven Dreher, Director of Solutions Architecture at Green House Data, discussed how to plan for shifting resource requirements, overcome challenges, and implement hybrid IT alongside your existing data center assets. Highlights included anticipating workload, cost and resource calculations, integrating services on both sides...
Jul. 25, 2016 08:00 PM EDT Reads: 1,987
Big Data engines are powering a lot of service businesses right now. Data is collected from users from wearable technologies, web behaviors, purchase behavior as well as several arbitrary data points we’d never think of. The demand for faster and bigger engines to crunch and serve up the data to services is growing exponentially. You see a LOT of correlation between “Cloud” and “Big Data” but on Big Data and “Hybrid,” where hybrid hosting is the sanest approach to the Big Data Infrastructure pro...
Jul. 25, 2016 07:30 PM EDT Reads: 1,897
"We are a well-established player in the application life cycle management market and we also have a very strong version control product," stated Flint Brenton, CEO of CollabNet,, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 25, 2016 07:15 PM EDT Reads: 1,806
We all know the latest numbers: Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from last year, and will reach 20.8 billion by 2020. We're rapidly approaching a data production of 40 zettabytes a day – more than we can every physically store, and exabytes and yottabytes are just around the corner. For many that’s a good sign, as data has been proven to equal money – IF it’s ingested, integrated, and analyzed fast enough. Without real-ti...
Jul. 25, 2016 07:15 PM EDT Reads: 1,033
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
Jul. 25, 2016 06:30 PM EDT Reads: 1,031
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
Jul. 25, 2016 06:15 PM EDT Reads: 1,782
Unless your company can spend a lot of money on new technology, re-engineering your environment and hiring a comprehensive cybersecurity team, you will most likely move to the cloud or seek external service partnerships. In his session at 18th Cloud Expo, Darren Guccione, CEO of Keeper Security, revealed what you need to know when it comes to encryption in the cloud.
Jul. 25, 2016 06:00 PM EDT Reads: 2,451