Endpoint Protection

Ealing Council is facing a bill for over £500,000 after a member of staff plugged in an infected memory stick into a PC. The virus spread. The virus infected Ealing Council systems for several days after introduction at the housing department requiring emergency IT work and interruptions to services such as parking fines and library systems.

It also seems that the council’s telephone systems were affected. It stopped AV functioning and blocked access to Microsoft support sites as well as contacting other websites at random.

What can one say? (I told you so springs to mind but that would be chirlish). There are products that would have stopped this from happening but the reliance on AV as the main security barrier was found lacking.

What is needed is a thing called Application Control. This function stops any application whether a legitimate application started by the user or a malicious virus running on the endpoint. Windows 7 will have this feature as part of the Operating System but that is not out for a while and it will take years before everyone upgrades. So what do you do? Well look at some of the existing products that already provide this capability for XP and Vista such as Versec from Guardian Technologies. It scans permitted application images into a database which is then compared with the image that the user would like to run. It either permits or prevents as required.

So security guys at the councils get wise and look at what employees are doing on your systems. Data is spread everywhere, running unauthorised applications on endpoints, storing inappropriate content, using unsecured IM - all lovely ways for viruses to get in and data to get out!!

If you want the full story go here. http://news.bbc.co.uk/1/hi/england/london/8237085.stm

It is old news about the security threat from instant messaging (IM) but a reminder of the interesting statistic from IDC on instant messaging is worthwhile. Back in July 2008. IDC predicted that IM would overtake email as the preferred form of business communication by the second half of 2010. As we are half way there and the explosion in IM continues unabated, most of the horror stories to emerge regarding security have focussed mainly on the threat of viruses, worms and botnets. Most IM providers do not encrypt transmission nor can any firewall scan for viruses contained in IM traffic. Few providers store messages for investigatory purposes: all the features that are provided by email.

The other point to consider is that not just messages are sent but files, documents, links - anything can be passed, none of which is encrypted. The reason that IM is so popular is really because of the ease of use over email but with the ease of use comes the lack of security. Once IM has been secured through encryption, message capture, virus scanning, etc then some other method of communication will be invented to circumvent it.

But the question of information protection is the problem here. In any data loss prevention scenario, to stop email, HTTP and USB devices but allow IM to be used unchecked is pure folly.  Organisations need to consider whether IM facilities should be withdrawn for external connections. Certainly any advantage in cost of an IM solution as opposed to email will be negated if all the security protection were to be implemented. I just wonder how much business communication is performed over IM versus chats with your mates. So if it was removed then would productivty suffer? It might actually increase as people get on with their jobs.  cheque please!