I ran across this article this morning. The author and some people he interviewed seem to have been under the impression that corporate networks were almost immune to bots and similar malware. At first I thought "how naive" but then I remembered that I used to think that also. That is until I thought about all the different attack vectors that a network is susceptible to.
Years ago, when malware was sparse, a firewall and AV software was all many companies (even large ones w/ big budgets) needed and used. Virus' popped up from time to time when someone took a floppy disk home and got it infected and then used it at work. Then email started being used more frequently to spread them but they were mostly limited to doing little "real" damage and could be contained fairly easily. The malware writers got smarter and the advent of the Internet as a critical tool of business for both home and business use raised the stakes.
Now a corporate network can be secure at the perimeter, secure at the end point (as secure as is reasonably possible) and secure on the wire, yet still be open to attack from many points. Machines can get infected and the protections in place are often totally in the dark that anything has happened. You can get infected by doing things you shouldn't be doing and you can get infected by doing things that aren't inherently dangerous (browsing a legitimate site that has been compromised). The corporate network may be adequately secured to prevent this (at least we like to think so) but your home network, the coffee shop, the book store and other open wi-fi hot spots are ripe for the picking. These are the places where many users get infected and then they often bring the infection back to the office.
I'd dare to say that most corporate networks are not equipped to notice this unless something really unusual happens to trigger and IDS/IPS or they happen to stumble across it. Michael at mcwresearch gives us a great example of this. I also tell a story here of a time when I "stumbled" across something at a client site.
This is what is so scary about today's malware. It's easier than ever to get infected and harder than ever to be detected. That's why it's so important that security professionals continue to work diligently in all areas to protect their little corner of the network and Internet. Everyone from the Security Researcher down to the desktop guy is important in the fight. No one is better than anyone else and no one is more important than anyone else. We all have to work together if we ever hope to win this battle.
Security's Everyman
Thursday, May 03, 2007
No one is exempt
Posted by Andy, ITGuy at 5:52 AM
Labels: Andy ITGuy, bots, information security, malware, mcwresearch, rootkits
No one is exempt
2007-05-03T05:52:00-04:00
Andy, ITGuy
Andy ITGuy|bots|information security|malware|mcwresearch|rootkits|
Subscribe to:
Post Comments (Atom)