Home > Information Security Magazine > Features > Reflections
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Reflections
Issue: Jan 2008
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

NOWHERE TO HIDE
Yesterday's tattered system or network administrator, or Web site operator, fought back with signature-based defenses, or sometimes hid in the weeds hoping they'd plugged the latest Windows hole and prayed the latest mass-mailing worm would skip on by. That kind of security by obscurity is fatal today to many business models.

"Coupled with [the changing threat landscape] has been the transformation of attack tools, going from largely self-propagating attacks or hacker tool-kits to automated, sophisticated blended threats with a high reliance on social engineering," Spafford says. "Botnets and rootkits are prominent. For those of us looking at trends, we see a similar evolution of viruses--stealthy, widespread, automated, organized criminal activity, coming from where we were 10 years ago."

Donn Parker, a longtime computer crime observer and prominent researcher with SRI International, says the cat-and-mouse game between criminals and those paid to keep them in check followed business' migration to the Net--and he doesn't expect it to abate any time soon.

"I've said time after time, the problems associated with the use and misuse of computers is a one-upsmanship problem. The bad guys figure out new ways to beat the newest security, and good guys increase security again," Parker says. "Used to be in the 1960s, '70s, '80s, it was amateur criminal activity where the criminals were motivated to solve their own personal problems by malicious acts against computers. Gradually...it has grown into a very large-scale organized criminal activity where motivation is for financial gain."


NOT SO FAST
The frenzy for enterprises to create online business models, and rush services and products online prematurely, has in many ways contributed to the success of the criminal element. Microsoft was the biggest offender in the early part of the decade. Simple, yet extraordinarily effective, pieces of malicious code roared through gaping holes in Windows. Vulnerabilities in the IIS Web server enabled the Code Red and NIMDA worms to spread like weeds across the Internet, infecting thousands of systems with self-propagating, network-aware engines. The Slammer worm, in January 2003, may be the most infamous--and smallest--malware to hit the Net and be so prolific. Exploiting a flaw in Microsoft's SQL Server database--for which a patch had been available for months--Slammer dragged portions of the Internet to a crawl, and made life miserable for administrators slow to patch these balky products.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts