Network Security News

Internet becomes a battleground, at times literally. Scam artists of all kinds, spammers etc are probing the defense systems, trying to find holes in security systems, enhancing their tactics and tools. The threats can't be underestimated: a single break-in into a, say, email box can cost a person many resources, including reputation. And it is important to select the optimal strategy, The Tech Herald elaborates that in Study: IT focused on the wrong network threats.

The story goes on: a new report that looks at data collected from March-August 2009, from the SANS Institute, TippingPoint, and Qualys, essentially says IT security teams are misdirected. Security operations within IT are focused on operating system issues, leaving the two largest security problems, client-side software and web applications, on the back burner.

The attack data in the report comes from IPS appliances deployed by TippingPoint at some 6,000 companies and government agencies. Vulnerability data comes from Qualys, via various appliances and software that monitored more than 9,000,000 systems, running over 100,000,000 scans. The combined information from Qualys and TippingPoint was then vetted by the SANS Institute, and the Internet Storm Center.

The report focuses on three things. The first is that IT operations for the most part are making great strides in patching and securing the infrastructure from operating system threats. Other than the issues with Conficker, there were no new Worms based on operating system flaws during the time the data was collected. With that said, the other side of the operating system coin is that the number of buffer overflow attacks tripled from May-June to July-August, accounting for more than 90-percent of the attacks against Windows.

The other two issues, mostly ignored by IT security, are the reason buffer overflow attacks worked so well during the testing period. The jump in the overflow based attacks correlated with the increase in the number of client-side software and web application vulnerabilities.

“Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access,” the report says while discussing client-side software.

According to the report, client-side software vulnerabilities are patched much slower than the vulnerabilities discovered in an operating system. For example, vulnerabilities in Adobe Reader, Flash, and Microsoft Office were patched days, if not weeks, after patches were applied to Windows.

When it comes to attacks against web applications, they account for more than 60-percent of the attack attempts seen online. Vulnerabilities, such as SQL Injection (SQLi) and Cross-Site Scripting (XSS), accounted for more than 80-percent of the problems observed in open-source as well as custom applications. The two vectors of attack are linked by criminals, who will compromise a web application and use it to distribute client-side software exploits. Yet, web applications and client-side software take a back seat when it comes to security planning. The full text of report can be found here.

The two mentioned aims are closely related to the so-called human factor; if a network activity can be monitored easily, human interference is often chaotic, unpredictable, and there are many legal obstacles preventing from full monitoring of activity. Since sical engineering is the best tool to crack any security barrier, the two areas of vulnerability should not be neglected or viewed as less important.

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.