Computer Security Part I: Better security begins at home


4 Nov 2004

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Make no mistake about it; IT security is now one of the hottest topics for Irish business. While security experts have been pushing the importance of good security practice since the use of the internet began to become ubiquitous, many Irish businesses and home internet users have only come to realise its importance thanks to bitter experience.

Internet viruses and worms are now circulating widely, exploiting the fact that many users have not updated their antivirus software or applied operating system patches and many Irish companies have had to shut down systems as a result of attacks. Antivirus company Symantec recently announced it had tracked 4,000 new Windows viruses and worms since March of this year — an increase of over four and a half times on the same period in 2003.

Spam mail, which can carry viruses, also has a major impact on productivity and is on the increase. Modem hijacking, which affects users of dial-up connections, is also a big issue in Ireland and can lead to users unwittingly clocking up massive phone bills when their calls are re-routed to long-distance numbers. To tackle the problem, in September the Commission for Communications Regulation took the unprecedented action of instructing Irish telcos to block calls to 13 countries, predominantly in the South Pacific, which are used to terminate such calls.

The Honeynet project, a consortium of Irish security companies that regularly assesses the threats to different systems, connected an unpatched Windows 2000 PC to a DSL line earlier this year.

Within minutes of connecting to the internet, the machine was infected with an internet worm. Over the seven days of the experiment it was concluded that a PC with a DSL connection is five times more likely to be affected by online attacks than those using dial-up connections.

“The attacks were relentless,” noted TJ Kelly, one of the project members. “It is another clear demonstration that those organisations using DSL — either as their main internet link or as a way to connect remote offices or home users — must take precautions to ensure their data and information is kept safe from harm.”

“If you are working from home, the sitting room should not be an extension of the office,” says Colman Morrissey, one of the main players in the Honeynet project and managing director of security firm Espion. “There needs to be policies in place for those who can use the PC and how. These policies need to be enforced as well, so you should audit people’s PCs randomly.”

Remote workers who connect to the office systems via a laptop are a particular security concern. They use their laptops to connect to the internet remotely but those same machines are then brought back into the office and connected to the network behind the company firewall and other security measures.

At the very least, organisations have to ensure these machines have personal firewalls, are running up-to-date antivirus software and have the latest software patches installed. In fact, these are the three most important things that any home user should be doing to remain secure. Statistics on the most prevalent viruses on the loose in Ireland suggest that home users are not taking these steps — a startling number of the viruses have been in circulation for the past year and could easily be stopped if these steps were carried out.
“My gut feeling is that if people are only using the PC a couple of times a week they don’t renew their antivirus subscriptions,” says Morrissey. “They get the antivirus software with their PC but they don’t renew it until they have a serious problem.”

Remote users should also be using a virtual private network to ensure that hackers cannot piggyback on their link over the internet to get on to the corporate network.

“For most of our enterprise customers, the hottest area at the moment is the issue of remote machines,” says Conall Lavery, managing director of Entropy.

“They have been very effective at getting security right at the gateway but they are now recognising that mobile remote users is the area where the biggest gap is,” he says.

He believes that the main reason usage policies have not been effective is that executives, when given a laptop for business use, see it as a perk of the job and don’t see a problem connecting from home or using the machine for home use. “Policies have to be in place but then you also have to have the tools to enforce them,” says Lavery.

He suggests companies should be using products such as Sygate Secure Enterprise, which ensures remote devices are secure before they are given access to the network. Networking company Cisco has released its Cisco Security Agent, which ensures laptops are quarantined if they do not have the latest updates and cannot connect to the network until they are applied.

While such automated tools are not practical for home users with a personal PC, the necessary patches are easily available on the internet. An antivirus subscription costs as little as €20 per year and will automatically download the latest antivirus definitions on a regular basis. There are even free products available on the internet such as AVG Anti-Virus that will do the same task. An online resource well worth checking out is the site of the National Security Day (www.makeitsecure.ie), which happens on 17 November and is backed by the Department of Communications and a number of industry heavyweights.

By John Collins
Next week: Security priorities for SMEs