GFI LANguard Network Security Scanner - Network-wide security vulnerability scanning & fixing - Free version available. Network Security Software - Sponsored by GFI Network Security.

Who's to blame for virus infections? Author: Fernando de la Cuadra Wednesday, 28 April 2004, 16:44 GMT Whenever a system is infected by a virus, people will scratch around looking for someone else to blame. This is often the case in corporate networks, where there are always 'less able' users who can be assigned the role of scapegoat for causing numerous infections. This, needless to say, is unjust, as a virus infection cannot be blamed solely on one person. Just as our justice system defines many levels of responsibility, when a malicious code enters a system, it is also possible to distribute the culpability in varying degrees. Firstly there is the actual perpetrator of the deed, the user that double-clicked on the infected file, or downloaded a Trojan hidden inside a web page. This is the person that will normally carry the can for these incidents. But who is really to blame? Network administrators must also accept their share of responsibility. They are, after all, responsible for a group of users that don't have -nor need to have- the knowledge and training of the administrator. Installing tools to prevent viruses and intruders should be a basic step when setting up a network, and their maintenance is vital. However, before using any tool, including a computer, users should have at least basic awareness, not just of how to use it, but how to use it safely. So while you wouldn't expect to see someone using a monitor outside in the rain, as the incompatibility of electricity and water is common knowledge, it still seems that many users feel perfectly safe opening absolutely any file that reaches them in an e-mail. Training departments barely have time enough to instruct employees in the basics of their posts. IT security is not a top priority. Just as they don't give road safety classes, why should they bother with courses to promote the safe use of a computer? Finally, the key factor when it comes to system security is evidently the software running on the computer. No system can be 100 percent secure, but nevertheless, existing software defence structures can no longer provide adequate protection in the present climate. Security solutions operate reactively. A new virus appears, and once it is circulating the antidote is generated. A new vulnerability is discovered and then the vendor's patch is released. This dynamic could have served a purpose a few years ago, when threats were slow to propagate, but not now. Andy Warhol once said that in the future everyone would be famous for 15 minutes, and this would seemingly also apply to the latest viruses: spreading rapidly across computers around the globe. The speed with which they propagate gives developers of security solutions little time to create the fix for the problem. For this reason, the security solutions of the future will need to combine both classic reactive strategies and new proactive strategies that can head off attacks before they represent a threat. So if disaster strikes in the future, some questions will have to be asked. Are users properly instructed in IT security? Have administrators installed adequate security systems? And, most importantly. are these systems passive, reactive or proactive? Companies will have to be able to rely on their virus and intrusion prevention system, not in a few years time, but in the next few months. If outdated technology allows an attack like SQLSlammer to wreak havoc in just a few minutes, the entire corporate security system will be compromised. International Technical Editor Panda Software

Thursday, May 12, 2005 Network Security A Sober-ing look at social engineering New HP Notebooks Focus on Security Security concerns outweigh all other IT headaches Messaging security pros get back to basics Wireless Security Business travellers targeted in latest phishing Wi-Fi phishing scam targets business travelers Firms call for action on wireless security Users untouched by mobile viruses despite hype InfoSec Directory Inoculating SSH Against Address-Harvesting Worms What is the point of encryption if you don’t know who for? Smart-Phone Attacks and Defenses Preventing Spyware Infestation Press Releases Information Shield Announced New Version Of Leading Security Policies Library CSIA Provides VoIP Security Recommendations to Assist Congress in Revising the Telecommunications Act of 1996 CipherTrust Named One of the Top 100 Private Companies .by Red Herring for Second Year in a Row Industry Leaders Launch OpenXRI to Provide Open Source Resolution Server for OASIS Extensible Resource Identifier (XRI)

Ê