Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.
Laptops
Toshiba Laptops with Intel® Centrino® Duo. Free Shipping

Security predictions for 2004

 

Sign up to receive Security Resource Alerts

December 29, 2003 (Computerworld) -- In 2004, information security professionals will experience more of the darker side of human behavior, but organizations will also take more control over their network and computing infrastructures, particularly end-user systems.
Here are my predictions on what to expect in information security in the next year.
R.a..n,d,ô.,m   p,u,,ñ,c.t,,u_a.t.1..0.n
Spam operators are getting more creative in their efforts to get around spam filters. R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n makes it nearly impossible to block spam messages by filtering keywords. Operators are changing to graphics interchange format images with no searchable text. Some spammers send in encoded formats, like Base64, to circumvent keyword filters altogether, and relay through IP addresses that have no Domain Name System domains associated with them. These recent developments are challenging spam-filter vendors and frustrating users.
More organizations will quantify the productivity losses and processing costs incurred by spam. Increasingly, IT security departments will be saddled with solving the problem, since it's a content management issue.
Consumer and office-worker definitions of spam will shift, thanks to the capabilities found on desktop spam-control products. Spam, once the domain of unsolicited junk e-mail, will become plain unwanted e-mail. Mail I requested last week is spam this week. A worker who subscribes to a mailing list in January will no longer want it in April. It will be easier to mark the message as spam than it will be to unsubscribe to the list. The messages will keep on flowing -- at the user's request -- but will be blocked before the user sees it.
Internet access filtering
Speaking of productivity, larger organizations will get more serious about managing and filtering employee access to Internet Web sites. Three justifications will dominate: productivity, security and legal liability. I'll explain these in more detail.

There have been a handful of sexual harassment lawsuits filed by employees who happen to see their colleagues surfing porn sites at work. Employees sue the employer for the distress of seeing these images and for the employers' failure to do anything about it.
Desktop management
Enterprises will begin to clamp down on users' ability to install software and make other configuration changes to their desktop systems. Windows 2000 had this capability, but thanks to the relatively uncontrollable Windows 95 and 98 platforms, users are accustomed to "owning" their desktop/laptop systems, with the ability to make systems configuration changes and install, update or remove software at will.
Unpopular as it will be, this has to change if IT is to regain control of its environment. A sizable portion of IT help desk call volume is associated with "power" users misconfiguring their systems and the problems brought about by non-IT-approved software. As a result, fewer users will have administrator privileges on their systems.
You may ask, what does desktop management have to do with security? An environment that lacks integrity (such as one where PC users are able to make configuration changes at will) will suffer a corresponding reduction in security because users' changes will sometimes make their workstations more vulnerable, and in other cases, user changes may be downright malicious.
Personal firewalls
Thanks to Blaster, Nachi and perhaps another worm in the final weeks of 2003, personal firewall software on end-user systems will finally get traction. Many companies found that these worms got into their networks via infected laptops that didn't have firewall software. The laptops became infected when connected to the Internet at home, where there was no firewall to protect them.
Senior managers who want to keep their jobs by avoiding a repeat of 2003 are funding enterprisewide personal firewall deployments. Now let's hope that they will be able to effectively manage them and still retain the ability to manage the PCs.
Leaky metadata
Tools that scrub metadata (change history, hidden text, undo information, internal routing memos and so on) will enjoy wider use. In 2004 or 2005, Microsoft will add a scrub feature to Word, Excel, PowerPoint and other software, perhaps by acquiring a leading third-party tool in 2004.
USB flash drives
One or more major companies will attempt to ban the use of Universal Serial Bus flash drives on the grounds that unscrupulous employees are using them to leak proprietary information. The result will be embarrassing, negative publicity for a policy that's ineffective in the first place.
Seriously, though, this is a problem for organizations. Many will begin to understand that the problem isn't with the technology, it's with the people!
Wi-Fi break-in
There will be at least one well-publicized break-in to a corporate Wi-Fi network. The cause of this attack will either be because the network was supported by IT but poorly protected, or a rogue access point was installed by an unauthorized employee. Regardless, the incident will shed light on this still-neglected vulnerability and spur companies into action.
Bluetooth
The same people who hack computers, send spam, make Pringle-can antennas, and drive funny cars will discover Bluetooth and begin to experiment with its uses and abuses. Negative publicity may cause Bluetooth to go back to the drawing board. Does any of this sound familiar? Will hackers build high-gain Bluetooth antennas from discarded ChapStick dispensers? And what will Bluetooth hacking be called? War nibbling? "Bluejacking?" Why someone would want to carry out such acts within six feet of a potential victim is beyond me, but people with too much time on their hands will figure this out, you can be sure of it.

Mobile phone hacking
Mobile phones are acting a lot more like wireless data terminals with very lightweight operating systems. We're building another monoculture, this time on almost-free devices that may outnumber PCs in a couple of years. Perhaps in 2004, we'll see more malicious code attacks than in years past.
IM incidents
Internet-based instant messaging services by America Online, MSN and Yahoo are in wide use inside large corporations whose IT departments may be unaware of the extent of IM use and are unable or unwilling to stop it. In most cases, corporate IT has no centralized control over IM. But the greatest concern should be that corporate messages sent via IM are traversing the Internet with no encryption. Any eavesdropper can see all of the messages flying by. I think that there will be at least one well-publicized incident wherein a hacker publicizes big-company proprietary information sent via IM.
Public utility break-in
Many public utilities have connected their SCADA infrastructure to the Internet. It must have seemed like a good idea at the time. SCADA stands for Supervisory Control and Data Acquisition. It's the mechanism that utilities use to monitor and control substations, water systems and power plants. I think that in 2004, a break-in to a public utility's SCADA system will be publicized.
Organized defense
The FBI and the U.S. Secret Service have made tremendous progress in their ability to track down and apprehend cybercriminals. Cooperation through public/private partnerships such as InfraGard will likewise improve. Those of us on the good side of security have a vested interest in the success of these efforts.

Peter H. Gergory
Continued...
1 | 2 | 3 | 4 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story
Forecast 2004 Roundup
Hey, it could happen! A contrarian's approach to predictions
Opinion: Linux adoption to soar in '04
Security predictions for 2004
Software Testability: On the Train or on the Tracks
IDC predicts 'tech resurrection' in '04
2004: It's IT's Turn
There's no 'next big thing' in IT
'Tis the Season to Predict
Death of the Microprocessor, and Other '04 Predictions
"Yes, NASA has confirmed that some laptops taken to the International Space Station were infected with an online-gaming password stealing..." Read more...
"Linux is more secure than most operating systems, but Not if you don't practice basic security measures..." Read more...
Read more Security posts or See all Blogs
Cellular operators say they're ready for Gustav
Psystar calls Apple a 'monopoly' in antitrust charges
Doubt cast on Seinfeld as Windows TV ads near
More top stories...
IT workers hit hardest by offshore outsourcing, survey finds
Microsoft: No more Windows Live Mail crashes with IE8 Beta 2
Microsoft warns of IE8 lock-in with XP SP3
Telework can change office dynamics in ways you hadn't anticipated. Proceed cautiously.
Got a painfully slow connection or random dead spots? Our tips will help you get the most out of your wireless network.
Listen up, managers: Employees don't quit the job; they quit you.
Netbooks, ultraportables, mini-notebooks — whatever you call them, they've been grabbing headlines. Are they here for the long term or just a flash in the pan?
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
The File Data Management Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Business Intelligence and Analytics Zone
Windows Protection Zone
Identity & Security Management Zone

Ads by TechWords

See your link here
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center
Register for this complimentary live webcast today!
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
Online Security Issues in Regulated Industries
Download this research paper, free for a limited time, compliments of Webroot!
(Source: Webroot Software) In June 2008, Computerworld invited IT and business leaders to participate in a survey on online security initiatives at their organizations. The goal of the survey was to better understand Web and e-mail security issues faced today within the regulated education, financial services, government and health care industries. The following report represents top-line results of that survey.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Archiving Compliance with Sunbelt Exchange Archiver
The Impact of Messaging and Web Threats
Advanced Load Balancing: 8 Things You Need to Handle Today's Network Traffic
View more whitepapers