Network Endpoint Security News - Watch Your End

According to a recent report, senior government officials have warned businesses that foreign intelligence services are using sophisticated electronic attacks to steal sensitive financial and technological secrets, using a combination of traditional email phishing attacks, infecting systems with trojans via USB flash drives as well as social engineering methods.

It appears that overseas intelligence agencies have been engaged in economic espionage, targeting UK firms for technical information and details of contract bids from large firms. The National Infrastructure Security Co-ordination Centre (NISCC) said these attacks have increased substantially over the past 12 months.

Officials believe that overseas intelligence agencies are investing significant resources in targeting people in an organisation who have access to the data they want. “They use social engineering techniques to trick staff into opening e-mails, or use USB memory sticks to infect computers with hacking tools”, the NISCC said.

Intelligence officials have identified attacks against businesses by monitoring news reports for information that has been leaked about firms and matching the leaks against computer security logs.

These attacks are not just affecting the UK, Allan Paller, director of US security advisory organisation the Sans Institute, said evidence from the US showed that foreign intelligence services had recently penetrated US government computer systems using similar endpoint techniques.

Paller is advising businesses to respond to threats by carrying out mock endpoint security attacks within their organisations to help test and educate staff.

Sources:
NISCC
ComputerWeekly

New research suggests that 60 percent of office workers in the UK admit to having helped themselves to electronic documents such as confidential records, customer databases and sales leads. However, only seven percent of managers believed their organization had been the victim of data theft.

Twenty-nine percent of managers said that data theft was not a recognized issue at board level. When news abounds about large data thefts in commercial and public organizations across the USA and Europe, one has to wonder what newspapers board directors must be reading these days?

It seems that the culture of burying one’s head in the sand till the problem bites you on the backside is alive and well in the boardroom. And as such, it can only be a matter of (a very short) time till we all read about the next Los Alamos / Veterans Association / Nationwide type scandal.

Policies, training and enforcement were highlighted by the research as the key requirements for organizations to cut down internal data theft.

In response to the recent security breach at Los Alamos where three USB flash drives were discovered during a drug raid of a former Los Alamos contractors home, it seems that Los Alamos has come up with a solution to their USB woes. Super Glue the USB ports. That’s right, Los Alamos Nuclear Labs, one of the top US research labs with some of the smartest scientists and engineers has decided that Super Glue is the best answer to their endpoint security problems.

What about PCMCIA slots, PS/2, Serial Ports, Firewire ports and CD-ROM drives? What will happen when a researcher needs to use a biometric device, or other USB device? The computer system is now ruined and will have to have the USB ports replaced, or the system replaced. Your tax dollars at work.

The inability to provide granular control of removable media devices is a flaw in operating systems, particularly Windows. Fixing the problem with hardware modifications is not the answer, there are endpoint security software solutions which work with and enhance Windows to provide granular access control of devices, allowing administrators to decide who has access to what specific devices and what kind of access they have (read/write). These solutions also provide more robust features such as forensic auditing allowing administrators to see what devices are being connected to the network, as well as what files are being and have been transfered to those devices. In the Los Alamos case, this would have allowed IT administrators to know what data Jessica Quintana had brought home with her instead of the FBI stumbling on the data by pure luck.

Also, products like DeviceWall from Centennial Software has built in USB encryption, that allows administrators to require all data being written to a USB flash drive be encrypted. Again in the Los Alamos case, even if a USB flash drive full of nuclear secrets was discovered it would not be readable.

I think as a general rule, anytime an IT security solution involves the use of Super Glue, Duct Tape, or any other sort of adhesive, it might be time to reassess your overall security strategy.

A high court battle between two recruitment agencies has highlighted the risks of insecure data after one company accused an individual from the other of helping himself to large quantities of sensitive information, including client information.

The firms involved finally reach a settlement last week and the ‘victim’ organization has since disabled the USB drives on its PCs. Sounds great, as long as they don’t have any mice or keyboards that connect by USB!

More from Computer Weekly

In a comment that’s bound to raise an eybrow or two, Microsoft’s Jim Allchin last week announced that Vista was so secure that anti-virus software was soon to be a thing of the past. Sources outside Microsoft are not so convinced. Given that Microsoft has already released a number of large patches for Vista, security experts argue that there are bound to be areas of risk not yet identified or addressed by the software giant.

Whether the risk is a trojan introduced onto the PC through email or a removable media device, or an internet-based attack to take advantage of a software vulnerability, there is a strong sense within the security community that an in-depth approach to endpoint security is still the wisest course of action.

And with Vista adoption still muted to be at least 12-18 months away, it’s unlikely many organizations are going to change their security attitudes in the near future.

More on VNUnet.com