Six enterprise security leaks you should plug now

Deal with these before it's too late

1 2 3 Page 3
Page 3 of 3

"P2P networking should, as per policy, be completely blocked in every enterprise," says Winn Schwartau, CEO of The Security Awareness Company, a security training firm. "The P2P ports should be completely shut down at all perimeters and ideally at the company's endpoints. P2P programs can be stopped through white/black listings and filters on the enterprise servers."

Winn Schwartau
"P2P networking should, as per policy, be completely blocked in every enterprise," says security expert Winn Schwartau.

Schwartau tells the story of a financial services firm in New York that had a P2P port running all day, every day in its office. Eventually, it was discovered and found to be a porn file server. Schwartau says the unfortunate truth about what he calls "criminal hacking" is that the thieves are usually drawn to nefarious activities, so one of the first places they might look is a P2P server and any potential security holes.

"Injecting hostile code into P2P files is [not difficult] and can create a beachhead within an organization, depending upon the code design," he says. He suggests a technique called "resource isolation," which essentially controls which applications users are allowed to access based on permission rights. Different operating systems do that in slightly different ways, Schwartau says, but it's worth pursuing in situations where a corporate policy is lacking or isn't followed.

Schwartau encourages IT shops to conduct regular sweeps of all company networks and servers to look for P2P activity and to be vigilant about blocking any P2P activity.

6. SMS text messaging spoofs and malware infections

Another potential attack vector: text messaging on smartphones. Hackers can use SMS text messages to contact employees in direct attempts to get them to divulge sensitive information like network log-in credentials and business intelligence, but they can also use text messages to install malware on a phone.

Robert Hansen
Security expert Robert Hansen says one of his clients experienced a hacker using a fake e-mail address from a job-search Web site to pose as a recruiter.

"In our proof-of-concept work, we showed how a rootkit could turn on a phone's microphone without the owner knowing it happened," says Schwartau. "An attacker can send an invisible text message to the infected phone telling it to place a call and turn on the microphone." That would be an effective tactic if, for example, the phone's owner was in a meeting and the attacker wanted to eavesdrop, he notes.

Schwartau says there are ways to filter SMS activity, but that's usually done through the wireless carrier, since SMS isn't IP-based and therefore isn't usually controlled by company admins. The best option for blocking such attacks is to work with carriers to make sure that they're using malware-blocking software, SMS filters and redirects for those kinds of attacks.

And again, creating smartphone usage policies that encourage or require the use of only company-sanctioned or company-provided phones and service plans can reduce that risk.

Of course, companies can't thwart every possible security attack with current technology, and hackers are constantly switching tactics. You should try to plug these six security leaks and work to ensure that they stay plugged -- but you should also keep an eye out for new forms of malicious activity.

John Brandon is a veteran of the computing industry, having worked as an IT manager for 10 years and as a tech journalist for another 10. He has written more than 2,500 feature articles and is a regular contributor to Computerworld.

Copyright © 2010 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
Shop Tech Products at Amazon