David Greenberg, Principal Security Engineer in the University Information Security Office, shares his thoughts on current security trends at the University at the start of 2008.
2008 IT Security Challenges
The biggest IT security issue at the University is currently data disclosure (old files with SSNs or other sensitive data, accidentally made public, lost, or stolen). The biggest threat to our data is social engineering/phishing (getting tricked into clicking a link to malicious software). These will continue to be a problem for the foreseeable future.
Data Disclosure
What can you do to protect sensitive data? Find it and remove it.
Run a sensitive data finder, like Identity Finder, on your servers, especially web servers. If you support other computer users, you should have those users run the tool on personal workstations. You might have to help the users interpret the results, but it is well worth your time.
If you have to keep sensitive data on your computer, have a look at Protecting Sensitive Data.
Social Engineering
Microsoft has been making great strides on the security front. With Microsoft's Secure Development Lifecycle and the Windows Firewall enabled by default, attackers have moved to e-mail and IM as a means of getting access to a computer.
On the social engineering front, you just have to educate your users. This is hard, because the phishers will try anything. Recently, phishing e-mails have even taken the form of *fake* complaints from the Better Business Bureau.
If your users are not expecting an attachment, they should not open it without verifying the source first by simply asking, "Did you send that?"
If attachments are part of a user's job function, that user had better not be running as an administrator on the local machine. Depending on the attack used, that can help limit the scope of the compromise to the user's profile instead of the machine.
Global Trend
You do not have to take my word for it, these trends can be seen across the internet.
Microsoft posted this overview of 2007 security trends in TechNet Magazine. The details behind that report are also available online.
The Sunbelt Blog recently talked about the growth of malware. Modern malware distribution systems can actually repack the same malware each time it is requested, giving each download a unique signature.
F-Secure pretty much said the same thing in fewer words.
Symantec does an Internet Security Threat Report every 6 months in March and September.
Moving Forward
We continue to face a new kind of organized, skilled, for-profit attacker, as opposed to the old idea of a student in a dorm room cracking away. Even when a large attack is carried out by a teenager, the teenager is typically using open source attack kits that have been prepared and modified by talented groups of for-profit criminals.
Our office does what we can to help, but in the end, we need everybody's help in keeping the University network a safe place.
