Saturday, June 21, 2008

threat of online security


Thumbsucking is a huge threat that the companies face due to the proliferation of portable storage devices. As people increasingly use media players, and external hard drives for personal and business needs, each device becomes both a friend and foe to the modern-day corporation. In fact, a 2008 Applied Research-West survey found that workers born after 1980 are 200 percent more likely to have corporate data on their storage devices. This threat becomes even more prominent when devices are not company-owned or issued, but can still be used to store and transport sensitive corporate data, leaving no audit trail or trace of what's been taken. Without control, portable storage devices present four major threats to the enterprise:



  • It allows users to bypass the perimeter and introduce malware into the enterprise.
  • They allow internal users to remove confidential information such as financial files, health records, and other intellectual property from the organization.
  • Employees can bring unwanted or unauthorized programs onto the company’s network.

The biggest threat to personal data, according to Symantec, comes from the loss of laptops, hard drives, and USB drives, which accounted for 57 percent of the data loss outlined in the company's latest Internet Security Threat Report, released today. In addition, 70 percent of the malicious code unleashed in the last six months of 2007 was meant to steal confidential information. Finally, the creation of malicious software is now outpacing the creation of "good" programs. As such, all this stolen information ends up in an underground marketplace that works just like a legitimate economy.

Typical approaches to improving computer security from the threat will include the following:

  • Physically limit access to computers to only those who will not compromise security.
  • Hardware mechanisms that impose rules on computer programs, thus avoiding depending on computer programs for computer security.
  • Operating system mechanisms that impose rules on programs to avoid trusting computer programs.
  • Programming strategies to make computer programs dependable and resist subversion

In order to secure a company system, some secure systems are importance to be used like:

  1. Firewalls are systems which help protect computers and computer networks from attack and subsequent intrusion by restricting the network traffic which can pass through them, based on a set of system administrator defined rules.
  2. Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).
  3. Social engineering awareness keeps employees aware of the dangers of social engineering and/or having a policy in place to prevent social engineering can reduce successful breaches of the network and servers.
  4. Honey pots are computers that are either intentionally or unintentionally left vulnerable to attack by crackers. They can be used to catch crackers or fix vulnerabilities.

No comments: