Don't neglect desktop when it comes to security

Erik Sherman   Today’s Top Stories    or  Other Windows and Linux PCs Stories  

HP's Virtualization: HP's Remote Client Solutions Webinar Long Tail Supplier Collaboration - What's In It For You? Leveraging Capabilities in your Existing Cisco Network for Optimized Performance and Troubleshooting 3 Building Blocks for a Profitable Green IT Strategy Top 10 Reasons to Go Green in IT Hospitality ISP chooses HP Thin Clients for high reliability low cost, security and IT management Computerworld Technology Briefing: Meetings @ the Speed of Business Computerworld Report: Virtual Reality Computerworld Report : Smart Storage Sign up to receive Security Resource Alerts

September 25, 2000 (Computerworld) -- Microsoft finally allows some user control of cookies with Internet Explorer. Napster appears on tens of millions of PCs, and security experts wonder if hackers could use it to invade a system. Advocacy groups express alarm at the amount of user profiling on many corporate sites.
Issues for consumers? Of course, but don't shrug them off. Client security has become the most neglected and vulnerable link in the corporate IT infrastructure.
Sometimes the problem is blatant, like unsecured dial-in lines connected directly to a PC. According to George Kurtz, one of the authors of Hacking Exposed (Osborne/McGraw Hill; 1999) and CEO of Foundstone Inc., a security consulting company, it's possible to break into a corporate network through dial-up connections more than 90% of the time. That risk extends to the home, where PCs - especially with always-on, high-speed Internet connections - get probed 10 to 20 times a day.
Since most home PCs aren't configured to detect and repel such advances, the chances are significant that the more criminally minded could take over such machines. Add a VPN connection into a company's network, and the entire business - potentially - is laid open. Software such as Napster or Gnutella actually invite outsiders onto a hard drive to swap MP3 files. Can a user get anything more than music? There have been no reports of a security failure in such applications, but who would have thought a flaw in Microsoft Outlook (now corrected) would allow hackers to have it run software, like a virus, for them? Betting on the invulnerability of code is like using the lottery as a sole form of retirement planning. Think Napster is missing from your clients? Kurtz tells of finding the program on the production server of a major e-commerce company.
And it gets worse. Imagine that someone could look over the shoulders of developers, engineers, marketing people and business planners to track the Web sites they opened. Those performing product or market research on the Web could leave a visible trail. Such information would be a gold mine to competitors. Even cookies could provide much of this information, let alone surreptitiously placed sniffer programs, and we haven't even started talking about breaking into e-mail. Whether the competitor does the actual snooping or simply buys the information from a third party is immaterial.
Security spending and awareness are typically directed toward servers. It's time to remember that the biggest breach happens at the weakest link in the chain: the desktop. Corporations should treat client machines seriously by thoroughly examining security and updating end-user policies. Insist that Internet software vendors provide strong privacy control. Sure, adding such abilities means that gathering information on your customers would be harder, and that would make the marketing department unhappy, but is selling an extra widget to John Smith really worth leaving the company's back door unlocked?
ERIK SHERMAN is a writer in Marshfield, Mass., who regularly covers technology and business issues. Contact him at esherman@reporters.net.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"It's IT Blogwatch: in which Research In Motion unveils its sexy new device -- the BlackBerry Bold (n��e 9000). Not..." Read more... "Worried about the explosive growth of Linux on inexpensive, ultra-portable PCs like the Asus Eee PC, Microsoft has launched a..." Read more... Read more Hardware posts or See all Blogs

Srizbi grows into world's largest botnet Analysis: Why Hewlett-Packard wants EDS Hackers create their own social network More top stories...

Hackers hijack a half-million sites in latest attack Phishers scamming IRS rebates, Burma donors HP in talks to buy EDS for up to $13B

Your help desk career: Dead end or launching pad? A role on an IT help desk is what you make of it, tech pros say — just don't get too comfy. The darker side of Webmail Web-based e-mail may be exposing you to privacy and security dangers you didn't sign up for. Performance showdown: Flash drives versus hard disk drives Ever been tempted to replace the mechanical hard drive in your laptop with a shiny new solid-state disk? Our expert did so, and here's what he found. Xerox touts erasable paper, smart documents PARC showed erasable paper and other technologies that adds intelligence to documents with raw text. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

Computerworld Report: Virtual Reality Download this Computerworld Report, free for a limited time, compliments of HP. (Source: Computerworld) The data center is real, but storage is turning virtual at many organizations that need to manage exploding storage needs. Learn how virtualizing your enterprise will save you money in this Computerworld Report, a $49.95 value, available free for a limited time, compliments of HP. Download this executive briefing  Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? Download this webcast, free, compliments of Sterling Commerce Go to the webcast  Virtualization Everywhere Download this white paper, free, compliments of Citrix. (Source: Citrix) Adoption of virtualization is concentrated among large enterprises, while adoption by mid-sized companies has been much slower. For these companies, the cost and complexity of server virtualization solutions has been a barrier. In this paper, we'll discuss how Citrix XenServer" provides simple, economical server virtualization for any size company. Download now! Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. New Fujitsu High-End Itanium Windows- and Linux-Based PRIMEQUEST Servers Offer the Utmost in High Availability New Fujitsu High-End Itanium-Based PRIMEQUEST Servers Offer Industry-Leading System Management for Linux and Windows Symantec State of the Data Center Report 2007 View more whitepapers

• Srizbi grows into world's largest botnet
• Analysis: Why Hewlett-Packard wants EDS
• Hackers create their own social network
• More top stories 

HP StorageWorks EVA4400 Before now, midsize customers settled for either an expensive and complex array or low cost solution that lacked functionality. Now experience virtual storage with enterprise class functionality at an affordable price. View this product demo now



Gift Guide Get tips on 50+ hot products - digital cameras, HDTVs, family games, wacky tech gifts and much more.



How Operating Systems Create Network Efficiency Lake Partners Strategy Consultants conducted research to understand the efficiencies created by different operating systems. Read the whitepaper to learn about the findings, including how in specific network areas JUNOS software creates significant operational efficiencies. Download this white paper now!