Saturday, 2 December 2006

Securing the Network: 10

Securing The Network
A Post on Corporate Security Issues for the Non Technical

This post covers:
                Pod Slurping
                Instant Messaging

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a blend of the words ‘malicious’ and ‘software’. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Many normal computer users are however still unfamiliar with the term, and most never use it. Instead, ‘Virus’ is used in common parlance and often in the general media to describe all kinds of Malware.

Software is considered Malware based on the perceived intent of the creator rather than any particular features. It includes computer Viruses, Worms, Trojan horses, Spyware, Adware, and other malicious and unwanted software.

(Source: WikiPedia)

Pod Slurping
The most popular MP3 player, the Apple iPOD has sold 60 Million units since 2001. In addition to the iPOD there are many different and competing products in the portable music player space.

From a security standpoint the one thing they have in common is the ability to be plugged into a computer and copy huge amounts of data, (possibly confidential data) onto the device in a matter of a few minutes. This can be done very discreetly and easily.

A common misconception is that if the outside perimeter of your network is secured, with Firewalls and Routers, then your network is safe. Very little thought is given to the security of computers and data inside the perimeter and yet around 50% of all security breaches occur from inside the corporate firewall.

This is a very real problem, with no easy solution. If you are in charge of security for your organisation then it’s a problem you will want to address as it will not go away. These portable devices are getting smaller and their capacity is increasing.

Instant Messaging
Instant Messaging using tools such as MSN Messenger, Windows Live Messenger, Skype, AOL IM and ICQ, have become standard applications for many of us. They do however have their risks.

It is important that a policy is in place that covers the use of Instant Messaging within your organisation, a policy that should be rigorously enforced by the IT Department.

Content sent through to your employees via IM tools completely bypass your perimeter network defenses and due to the ignorance of most people where these matters are concerned, they pose a very real threat.

"He who promises more than he is able to perform, is false to himself; and he who does not perform what he has promised, is a traitor to his friend." - George Shelley

No comments: