|
Plan Your Defense Strategy
Use these keywords and establish a security process of workflow patterns, procedures, and standards.
by Danielle Ruest and Nelson Ruest
November 1, 2004
Security. It's the biggest buzzword in IT today. No wonder. We face one attack after another from the Internet. Internal security threats used to be much more common than external ones, but that's changed. More and more of the attacks you must face today come from outside your corporate network. But the way to deal with these threats remains the same. You need to carefully put into place a security strategy that helps you prevent threats and deal with them when they arise.
Sure, you say. Everyone has a security strategy and everyone enforces it. If that's the case, then why are worms such as Slammer and Netsky still propagating? If everyone has such a great security strategy in place, why are large corporations brought to their knees with a viral infection? If everyone is so keenly aware of the security threats, why do users still open unknown e-mail messages with unknown attachments?
It's obvious that hackers and malicious users will not go away. It's also obvious that even though we've all raised our level of consciousness on security issues, it's still not enough. We must get together and do something about it, both individually and as an industry. This is starting to happen. Take Microsoft, for instance. Every Microsoft user has suffered to some degree in the last few years just because he or she is a Microsoft customer. Microsoft is a prime target for malicious hackers for a couple reasons.
First, some people resent Microsoft's success enough to continually attack its products. We can't tell who these people are, the animosity of some of the company's competitors and community of users might have something to do with it. Second, like most software vendors, Microsoft has been quite slack in the past on good coding practices and has left numerous holes in its software—holes that were just waiting for someone to exploit. For example, more than 800 patches and hot fixes exist for all of Microsoft's products. That's a lot of patches.
Put the two together, and you have a serious security issue. The problem isn't so much that Microsoft suffers when someone exploits a potential hole; it's that Microsoft's customers suffer. This is what makes it so painful for all of us. Hackers who attack Microsoft have an impact on the company's reputation, but in the end, the Microsoft user community is the target of all this malicious intent. That's just pure evil.
Nevertheless, some good has come out of this. Microsoft has finally begun to take this threat seriously and make its software better and more secure. Just look at what's coming with Service Pack 2 for Windows XP (see "Patching Windows Security"). The entire service pack is oriented toward security. By default, the millions of business and home users of Windows XP will have a secure installation—right out of the box. Now, if that isn't a change in philosophy, what is? It's no wonder Microsoft has taken so much time and invested so much effort in making sure the service pack works right the first time. The service pack will go a long way toward making even the home system a more difficult target—for systems using XP, that is.
Back to top
|