Endpoint Protection

The BBC reports that a man from New Zealand found that his MP3 player which he bought from a shop in Oklahoma contained sensitive information about military personnel. The data contained names and telephone numbers of soldiers including details of pregnant personnel and even some mission information.

The data is thought to date back to 2005 and isnt thought to compromise national security. There were also similar breaches in Afghanistan in 2006 where shops outside the main US base had stolen flash drives containing sensitive data.

In the current climate of data mobility, some level of encryption and security policy is becoming vital to protecting sensitive data.

Symantec have released Endpoint Encryption 7. eChannelLine reports that the product is aimed at providing advanced encryption for desktops, laptops and portable storage devices.

Symantec have designed the product to fit in with a wide variety of configurations among is larger enterprise customers. Support is provided for non-domain customers such as Novell eDirectory clients. These users should be able to have a single sign-on experience in a similar way to that of windows clients.

Group policys are implemented so that CD’s for example  that might be burned for use in a closed group of users, access will only be available to members of that group.

Administrators can administer encryption to hard drives for protection of sensitive data when lost of stolen. Symantec is releasing three versions of the software with the full version costing around $110 per seat.

Network World reports on the third security related purchase by CA in recent times. Their new acquisition is the data leak prevention vendor Orchestria. Orchestria provide a number of DLP and information compliance products. Symantec also use Orchestria’s smart tagging technology for use in their Enterprise Voltage product.

CA is said to be working on solutions to administer access control and set security policies based on a users role and identity. Adding Orchestria’s technology and experience to the company will strengthen their DLP offering and compliment their existing product range.

A worm known as Kido, Conficker or Downadup has quickly replicated across vulnerable Windows computers in a recent outbreak utilising clever tricks to propogate more successfully.

The worm is thought to have moved from 3 million to 10 million infected computers in a short time and is continuing to rise exponentially. The worm is thought to have left a bot-net for its creators to utilise though there appears not to have been any attempt to use it yet.

The register speculates that the MOD may also have become victims of the worm with noticeable disruption for 2 weeks and counting to admin based workstations.

The worm is able to spread via USB sticks and also attempts login and password brute force attacks for access to networks, files and folders etc.  Microsoft has provided updates and a malicious software removal tool to counter its spread.

As attempts to prevent worms from their spread become more advanced so we see the creators use more advanced techniques to circumvent these strategies. Most notably here this worm is utilising vulnerable endpoints as a major tool in its success shining more light on the need for networks and its users to protect themselves against malicious mobile data.