帳號:
密碼:
最新動態
產業快訊
CTIMES / 文章 /
Security on the edge
 

【作者: F. Matthew Young III】   2006年04月13日 星期四

瀏覽人次:【3225】

Late in 2004, viruses took a turn for the worse, intensifying interest in network and host security. The Scob Trojan (aka Download.ject) and the various Sasser(Figure 1) worm variants are more sophisticated than previous viruses, while Scob's payload is especially dangerous.


《圖一: Sasser worm infected》
《圖一: Sasser worm infected》

Outbreaks of the Scob Trojan(Figure 2) have serious implications for both businesses and individuals. Scob is a keystroke logger that records whatever the user types into his or her computer, and sends it over the Internet to a hacker. Information such as an online banking login, user name and password, PIN (Personal Identification Number), even a network login name and password are no longer secure and confidential.


《圖二: Scob Trojan locates the System folder and copies itself to that location.》
《圖二: Scob Trojan locates the System folder and copies itself to that location.》

Such keystroke loggers have disturbing implications for businesses. When banking data gets compromised and customers lose money through these malicious attacks, who bears the liability? If the infected PC or laptop was operating behind a company firewall, should the company bear part of the blame - and the liability?


The implications for government agencies and the military are even more serious, because potentially people's their lives could be at risk. For this reason, the US-CERT (Computer Emergency Response Team) has issued an advisory calling for people to stop using Microsoft's Internet Explorer and switch to another web browser.


You Are Not Alone

Security problems can be more acute in SOHO's and smaller offices, which tend to be less strict that big corporations in enforcing virus scanning and updating their virus signature files. With smaller IT budgets and teams, they are more vulnerable because they have neither the time, money nor resources to keep out such sophisticated attacks.


Modes of Transmission

The ubiquity of viruses and worms propagated by email may have contributed to the browser "blind-spot". The Scob Trojan exploits a weakness in Microsoft's Internet Explorer, that allows a script to be executed on the user's machine simply by viewing a website. Because the threat comes not from obviously fake websites or sites with dubious content (example: pornography and bootleg software sites), but from reputable sites that have been compromised, such as the Kelley Blue Book automobile pricing guide, the virus circumvents typical website filtering mechanisms in firewalls. This mode of attack caught Microsoft by surprise, prompting the company to issue a configuration change in lieu of a fix to be released later.


The Scob Trojan is essentially a "binary agent" method of attack, that is, it requires two conditions - a compromised website and browser vulnerability - in order to work. This level of sophistication in a virus is quite frightening. Previous viruses required action on the user's part, such as clicking an attachment or permitting a download, but Scob requires neither. Because the payload is not in the email, virus and spam filtering on email servers simply would not work.


The Russian website that received keystroke information from infected machines was quickly shut down, but the precedent had already been set. Typically, when new virus methods are "developed", they herald more attacks, even though anti-virus companies may have already developed detection and removal strategies and/or software.


A little history and modern medicine

Security problems have been with us from the early days of computing. The Michelangelo virus, on DOS, predated the Internet, spreading through shared floppy disks. Transmission was slow because there were few companies and organisations using networks. With the Internet, transmission is a lot easier and the infection can spread rapidly to more computers.


Anti-virus software is understood by a vast majority of system administrators, as a "host-only" solution. That is, the anti-virus software is installed on PCs, laptops and servers by system administrators, scans are executed on the machine itself and virus updates have to be downloaded manually on to the system.


This is a difficult strategy to implement and maintain, as any system administrator will attest. Typically users are difficult to train to perform periodic virus scans and signature updates, and are prone to clicking attachments and infecting their own systems. The problem escalates dramatically for larger companies where technology professionals are usually stretched thin by the demands of the information infrastructure and often give a low priority to maintaining security on individual PCs. Yet these are the single weakest link in the company network.


A better strategy involves stopping viruses and spam at the gateway, and there are products available that offer these solutions. The concept is, if you can stop most of the malicious content "out there" from entering your network, the security situation on individual PCs and laptops becomes far more manageable. System administrators can concentrate on just one, or a few, servers or network appliances, instead of tens or hundreds of user workstations.


Performance anxiety

Although a few companies already offer this gateway solution, many users see it as comprising several servers running different security products, such as a content-filtering server, a firewall, an Intrusion Detection System (IDS) server. This approach is expensive, but is sometimes necessary because commodity servers cannot handle the performance requirements of high-bandwidth networks.


In contrast, ASIC-accelerated, all-in-one network security appliance solutions. These appliances provide anti-virus, content filtering, IDS/IPS, and firewall services in one box. Performance is not compromised because of the ASIC hardware, which is dedicated hardware for the security functions. Licensing and costs are kept low because the customer no longer has to pay for different security products.(作者為Fortinet Vice President for Asia Pacific)


《圖三: ASIC security appliance solutions》
《圖三: ASIC security appliance solutions》

Seven tips for protecting your organization

1. If you receive an email or a website that asks for your credit card information, or online banking password, or any personal information, and it looks suspicious (i.e. a so-called "phishing scam"), you can check against the Anti-Phishing website at http://www.antiphishing.org/(Figure 4). If you click on the Phishing Archive link, you can see a list of all recorded phishing emails. Each item is linked in turn to more information about the scam, including a screenshot that you can compare with your email or the website to which you were redirected.


《圖四: Anti-Phishing website http://www.antiphishing.org/》
《圖四: Anti-Phishing website http://www.antiphishing.org/》

2. Some websites are not who they claim to be. If you look at the URL (the address bar in your browser), you can sometimes spot a discrepancy. For example, if you expect to be on the Citibank website, you should see a URL that has "citibank.com" in the URL, not "citi.com" or "web-citi.com". Also, if the URL displays just numbers, it probably does not belong to the company.


3. If the website requires you to download a file in order to view the page, be very careful. A lot of websites run Flash and Java applets, and if your web browser does not have them installed you may get the dialog box. But if you know that Flash and Java are already installed and the website asks to install something else, do not click "Yes" unless you really know what you are doing.


4. One thing that gives "phishing" and fake websites away, especially if they try to imitate an actual reputable company's website is that the English used is sometimes ungrammatical, has spelling errors, or sounds clumsy. Most reputable companies employ professional copywriters who would not make such elementary mistakes.


5. Install an anti-virus firewall with deep packet inspection. This takes most of the burden off the employees, because your first line of defence (the firewall) will also scan data for malicious content. This includes email as well as downloadable content. You should also get a product that does automated push updates, so that you don't have to worry when your network administrator is on leave.


6. You can encourage users to use non-Microsoft browsers, like Mozilla, for normal email browsing and use Internet Explorer ONLY for certain sites that really require it. Make a list of allowable sites for Internet Explorer and use Mozilla for everything else.


7. Install or activate anti-spam software on the mail server. A lot of mail servers now have support for RBLs (Realtime Blackhole Lists) which contain a list of known IP addresses and host names from which spam originates.


相關文章
醫療用NFC的關鍵
14道安全鎖 強化雲端運算資訊安全
提高產業韌性 智慧製造扮演關鍵角色
駭客攻擊層出不窮 IoT安全備受關注
5G資訊安全發展現況觀察與分析
comments powered by Disqus
相關討論
  相關新聞
» 施耐德電機響應星展銀行ESG Ready Program 為台灣打造減碳行動包
» 台達推出5G ORAN小型基地台 實現智慧工廠整合AI應用
» 歐洲航太技術展在德國盛大展開,全球吸睛 鐳洋推出衛星通訊整合方案,目標搶佔龐大的歐洲衛星商機
» 經濟部促成3GPP大會來台爭話語權 大廠共商5G/6G技術標準
» 經濟部支持跨國研發有成 台歐雙方分享B5G~6G規劃


刊登廣告 新聞信箱 讀者信箱 著作權聲明 隱私權聲明 本站介紹

Copyright ©1999-2024 遠播資訊股份有限公司版權所有 Powered by O3  v3.20.2048.3.133.152.189
地址:台北數位產業園區(digiBlock Taipei) 103台北市大同區承德路三段287-2號A棟204室
電話 (02)2585-5526 #0 轉接至總機 /  E-Mail: webmaster@ctimes.com.tw