Web services, Internet collaboration pose security challenges for 2002

Computerworld - The increased use of videoconferencing and Internet-collaboration technologies, the rush toward Web services and an emerging class of malicious code that blends virus and wormlike capabilities represent some of the biggest security challenges for 2002, according to analysts.

As was the case last year, users can also expect to see a sharp increase in the number of macro and script viruses that emerge in 2002. But major antivirus software programs should be able to handle most malicious software relatively easily.

"The bottom line of malware prevention remains the same: filter, patch strategically and update your antivirus software," said Roger Thompson, an analyst at Herndon, Va.-based security firm TruSecure Corp. "Use common sense to protect your network's vulnerabilities."

The rush by corporations to set up videoconferencing and Web seminar capabilities after the Sept. 11 terrorist attacks on the U.S. presents a particularly serious security risk for companies that aren't careful, said John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc.

Users can expect to see at least one widespread attack this year that tries to exploit openings in enterprise firewalls created by the frantic push to set up these capabilities, Pescatore said.

The accelerating efforts by corporations to link their internal applications with those belonging to external partners and suppliers using technologies such as XML and Simple Object Access Protocol are another source of concern, he said.

Increasingly, companies are opening new ports on their firewalls to let outside applications talk with inside applications, "even though the security aspects of doing so are totally unproven," Pescatore said.

"The rush toward Web services will result in glaring holes," he said. "2002 is not the year to jump on Web services."

Malicious code that blends virus and wormlike features and is designed to take advantage of multiple software vulnerabilities also poses a major threat, said Thompson.

One example of this emerging threat was last year's Nimda worm, which wreaked havoc on enterprise networks around the world (see story). Unlike previous-generation malware, Nimda spread via both the Internet and e-mail, taking advantage of multiple vulnerabilities.

Expect to see more sophisticated variants of Nimda this year, Thompson said. Dealing with them will require constant attention to patching and updating of antivirus suites, he said.

Wireless security will also emerge as a major concern this year, said David Lelievre, a project manager at Clinton Township, Mich.-based application service provider Tweddle Information Services Inc.

"The wireless Internet will emerge as the leading trend for the next three to five years," Lelievre said. "Security will have to be