Click here to receive your FREE subscription to Campus Technology
Security Trends
SANS Flags Browsers, Botnets as Top Security 'Menaces'
1/17/2008
Research and education organization the SANS Institute this week revealed its list of the top menaces facing IT in the coming year. Echoing earlier reports from security watchdog organizations, the group's "Top-10 Cyber Security Menaces for 2008" cited Web 2.0 technologies, converged devices, botnets, and browser addons among the worst, with a heavy emphasis on consumerized technologies and the vulnerabilities they present.
Consumer Technologies
These "consumerized" technologies include a wide range of Web applications, online media, and consumer devices (like the iPhone) designed to take advantage of them. They're the sorts of technologies over which IT has very little control, as students, faculty, and staff bring their personal electronics to campus and otherwise insinuate themselves in the enterprise.
Top-10 Security Menaces of '08 1. Browser Exploits Source: The SANS Institute, January 2008 |
At the tops of the SANS Institute's list comes one of these technologies: digital media and other related technologies that users access through browser addons: Flash, QuickTime, etc.
Said the report, "Web site attacks on browsers are increasingly targeting components, such as Flash and QuickTime, that are not automatically patched when the browser is patched. At the same time, Web site attacks have migrated from simple ones based on one or two exploits posted on a Web site, to more sophisticated attacks based on scripts that cycle through multiple exploits, to even more sophisticated attacks that increasingly utilize packaged modules that can effectively disguise their payloads."
Converged consumer communications devices, like the iPhone and other types of smart phones, coming at at No. 4. Other types of consumer electronics, such as USB thumb drives, GPS systems, and others, come in at No. 10 on the list.
And, like other recent reports, SANS also names Web 2.0 and other types of Web applications as major culprits.
Back in October, Georgia Tech's Information Security Center released a report entitled "GTISC Emerging Cyber Threats Report for 2008," in which Web 2.0 was cited first as one of the threats to watch in 2008. And earlier this month, the UK's KPMG released a report for the business sector called "Risk concerns stall uptake of Web 2.0 technology in the workplace," in which more than half of the executives surveyed for the report cited security fears as major barriers to institutional adoption of Web 2.0 technologies.
Recommended Reading
- Yuba Community College District Renews with AT&T for Wireless
Yuba Community College District (YCCD) has contracted with AT&T to provide wireless Internet access to the 11,000 students attending the district's two Northern California colleges, Yuba College in Marysville and Woodland Community College.
- Surveys Raise Doubts on Virtualization Security
Migration to virtualization won't be the quick transition that some technology evangelists have predicted, according to recent surveys by two IT security companies. Nor is virtualization as secure as many might want it to be.
- What Was Your First Pet's Name? Lessons Learned About E-Mail Security
The intrusion last month into Vice Presidential candidate Sarah Palin's e-mail highlighted the frailty of some types of data security measures. What are the lessons for the rest of us?
- Report Casts Doubt on Anti-terrorism Tools
A new report from the National Academy of Sciences, part of which was co-authored by an Indiana University School of Law-Bloomington professor, casts doubt on the effectiveness, lawfulness, and appropriateness of using data-based tools such as data-mining and biometrics to fight terrorism.
- University in South Africa Set To Install Quantum Cryptography on Municipal Network
Physicists at South Africa's University of KwaZulu-Natal are set to install a quantum communication security solution over the eThekwini Municipality fibre-optic network infrastructure in Durban.
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
