There was another crane collapse in NYC today, killing one person and critically injuring two others, according to CNN. This brings the death toll to 8 people in the last two months just in New York City due to crane collapses. These events are tragic, and they make the issues that we as Information Security and Privacy professionals seem minor by comparison. However, there is a connection between the people in New York that strive to reduce these types of incidents and us. Somewhere in the various departments and agencies in NYC that regulate and inspect these cranes, there are probably several people who have made the argument time and time again that they are understaffed or under budgeted, or that there are not enough controls in place to prevent these types of incidents. Unfortunately, it takes one of these incidents to obtain increased funding and controls that should have been in place in the first place. The same thing happens in InfoSec and Privacy. We all tell management (and anyone else who will listen) things like:
We need to install x to reduce the risk of y
We need to do x to minimize the risk y
We need a review or addition of controls
We need more staff
We need more budget
Unfortunately, it takes an incident like this to produce change and to get enough attention on a topic that something is done. There is one other constant between these subjects. Whether it is a crane collapse, or a DNS takeover for a giant cable provider - there will be a fall guy to blame for both of these.
Rock On
Friday, May 30, 2008
Thursday, May 29, 2008
Stupid security trick of the month
The following story was reported by the Memphis News. Hopefully, some lawmakers in Nashville will ask their 12 year old about the Internet before creating anymore useless legislation that deals with technology.
[Memphis News]
Starting July 1st, Tennessee sex offenders are required to report their e-mail addresses, user names, and screens names to Tennessee’s Sex Offender Registry. Lawmakers created the new requirement for sex offenders during this year’s legislative session in Nashville. Police say the requirement will make it easier for them to spot sex offenders trolling for prey online.
[Memphis News]
Starting July 1st, Tennessee sex offenders are required to report their e-mail addresses, user names, and screens names to Tennessee’s Sex Offender Registry. Lawmakers created the new requirement for sex offenders during this year’s legislative session in Nashville. Police say the requirement will make it easier for them to spot sex offenders trolling for prey online.
Tuesday, May 13, 2008
Anti-virus not keeping up?
According to Panda Software there was a tenfold increase in the number of new malware strains detected in 2007 compared to 2006. More than 3,000 per day were detected in 2007. I don't have to tell you that with that many new malware strains, each day that your A/V software will, well, "strain" to keep up. The days where A/V signatures could be updated daily, or every couple of hours are simply gone, and even if you could update them every 5 minutes, the signatures simply aren't there to cover all of the new threats. Never mind the impossibility of updating signatures across thousands of systems on a network constantly. Some companies are working on behavioral based A/V like ISS. They take all of the common traits found in viruses and malware and try to stop the code based on behavior. In theory you would then only have to update the behavioral signature when a new malware strain does something you have not seen before. Almost all of the thousands of new malware strains a day do basically the same thing, but thanks to morphing and subtle differences, they are not always detected by traditional signatures. The behavioral model is not perfect either, since it suffers from false positives, just as IDS/IPS signatures do.
So what to do?
Defense in depth is called for here.
Systems need to be patched to minimize the attack surface
System administrators need to minimize the places users can get one of these files through the web, e-mail, IM, etc. by using content filtering.
Reduce or remove the number of local administrative users
Watch what is entering and leaving the network
Run IDS/IPS on endpoints as well as the network
Run A/V and update it often
Watch for registry changes
Run virtualization, so cleanup becomes much easier, and infections become temporary (hopefully)
So what to do?
Defense in depth is called for here.
Systems need to be patched to minimize the attack surface
System administrators need to minimize the places users can get one of these files through the web, e-mail, IM, etc. by using content filtering.
Reduce or remove the number of local administrative users
Watch what is entering and leaving the network
Run IDS/IPS on endpoints as well as the network
Run A/V and update it often
Watch for registry changes
Run virtualization, so cleanup becomes much easier, and infections become temporary (hopefully)
Subscribe to:
Posts (Atom)