New Security Report is Good News/Bad News for Net Admins

Network News Break: We're happy to report that computer break-ins are down and intellectual property theft is costing corporations less. But that's the good news. Networking pros will want to pay close attention to the bad. Also: Another telco gets port-blocking religion, Microsoft's suing Spammers to be Named Later, and Intel manages to get some useful WiMax concessions from China.

By Michael Hall | Posted Jun 11, 2004
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Main     On the Horizon     Elsewhere     The Week in CrossNodes     The Week in Network News

Since we've spent so much time dwelling on bad news and ways to combat it in the past few weeks, we might as well go into the weekend on a positive note: To the extent any companies will admit they've had any security problems at all, it appears losses to computer intrusions dropped this year, and for the third year straight. That's according to a joint report from The Computer Security Institute and the San Francisco Federal Bureau of Investigation's (FBI) Computer Intrusion Squad.

From the report: "Overall financial losses totaled from 494 survey respondents were $141,496,560. This is down significantly from 530 respondents reporting $201,797,340 last year."

So 90 percent of last year's total respondents are reporting about 70 percent of the last year's total losses, and that's good news. There were also less losses due to intellectual property "theft."

But because we always like to leave folks with something to think about for the weekend, there was this bullet item: "In a shift from previous years, the most expensive computer crime was denial of service."

So while your buddies down in the server room are patting themselves on the back for implementing that unpopular "90 days per password" login scheme and ignoring the fact that you're the one who protected their boxes by implementing a "ssh only" policy for firewall egress, you're faced with the fact that frustrated black-hats have taken to simply hammering your network into submission.

The complete press release has a few more tidbits, including a pointer to InfraGard, the FBI-maintained effort to promote information sharing between Federal authorities and private industry. If nothing else, it looks like there might be some nice discounts to be had by signing up.

Coming up next week:

  • Voice over Wireless LAN (VoWLAN) is the logical marriage of two technologies we're all becoming familiar with, but is it soup? We'll have a look at the issues surrounding VoWLAN, and whether it's right for your network.
  • NFS might seem like a creature out of antiquity, but it's not uncommon for Unix shops to continue to deploy it often enough that Microsoft and Apple both continue to support it. But even if we all know that "NFS" stands for "Not," uh, "Real Secure" there are ways to button it down. We'll report.

Elsewhere:

» More good news: Microsoft has filed a raft of CAN-SPAM suits. Slightly more ambivalent news: Most of them are filed against John Does to be named "as the suits progress." Like we keep saying: laws are nice, sturdy locks and bars are better.

» And yet more good news. The Register reports "Cable telco NTL is blocking more Internet ports to stop worms from spreading across its network. Last month it blocked port 135. Now it is blocking (inbound only): 137 (UDP), 138 (UDP), 139 (TCP), 445 (UDP & TCP), 593 (TCP), 1433 (TCP), 1434 (UDP) and 27374 (TCP)."

The point of the effort is to shut down Microsoft-based worms that prey on these open ports. As The Reg points out, the blocked ports will cause problems for users dependent on them for file and print sharing or Exchange access, to which we say we'd rather see convenience introduced as it's proven to be secure . . . not security introduced as convenience is proven to be fatal.

» Intel has made a deal with China to bring WiMax there, avoiding the country's earlier intent to force a less open and less well known wireless security standard. Now if we could just get a finalized WiMax standard.

» Stalker is touting the anti-terrorist benefits of its CommuniGate Pro mail software:

Explains Philip Slater, sales engineer for Stalker Software, "we're not keeping a transaction record of messages sent and received. It's all activity in the account. It's what protocol, IP address, and time, and it's real time. It's like a wiretap."

[...]

Explains Slater, "intercept is part of the e-mail app. Whether it's local delivery or a message being read, an e-mail message is generated on the fly. For every app, we have to have a monitor process. Because we're a consolidated e-mail system, we're able to be aware of any account transaction immediately without having to get different logs together or sniff packets."

The Week in Network News

» Thursday: Corporate AIM: Come for the Whiteboard, Stay for ID Management

The gee-whiz factor of AOL's latest IM announcements overshadows some useful security functionality. Also: Cisco patches a DoS vulnerability in CatOS, Microsoft mulls an out-of-cycle bug fix, CVS mends a few fences, and modern-day Pinkertons roam the 'net frontier dressed up like girls.

» Wednesday: The State of 'Net Security: Nasty, Brutish, and Whiny

It feels good to threaten spammers with Gitmo time, but without security-minded admins, what's the point? Also: AOL tells e-mail hosts it's time to deploy SPF... or else, spim menaces instant messaging users, broadband use is on the rise, spam costs are going up, Korgo is getting meaner, and PhatNet provides a handheld network monitor.

» Tuesday: Netgear's Non-Fix: Another Black Eye for Off-the-Shelf WAPs

Netgear has thoughtfully patched a back door in one of its products with... another back door. Also: Cisco and Trend Micro team up to secure Cisco gear against viruses, domain registrations are on the rise, Gartner's not so convinced about host authentication, and Apple rolls out a wireless toy you might soon see dangling from outlets around your cube farm.

» Monday: Microsoft to Make XP SP2 Free for All

Microsoft says it's going to release XP ServicePack 2 for everybody... even the pirates. Also: Wi-Max standards in more depth, software to help with messaging archive compliance, a wardriver is faced with prison time, and why server authentication isn't the be-all, end-all of anti-spam measures.

The Week in CrossNodes

» Squid Puts the Squeeze on Net Wrongdoers (Part 2)

Between online deathmatches, hearts tournaments, and sports bookies, your network might be looking more like a playground than a place to get work done. Here's how to use Squid to button down the traffic and make sure your more slippery users don't slide out of its grasp.

» Three LDAP Browsers for the Asking

Getting your information in a directory is just half the battle: The other half is finding it. Here are three LDAP browsers, free of charge and up to the task of digging through your data.

» FaceTime Makes IM as Safe as Talking Face-to-Face

With IM use at critical mass and growing, security and privacy challenges abound. FaceTime's enterprise-grade server suite monitors, archives, and analyzes IM traffic for thousands of users without requiring thousands of admin hours.

» Scripting Clinic: Dissecting a Live Python... Script

By examining a working script line by line, this edition of the Scripting Clinic shows you how to put your own scripts together and exposes a few Python quirks along the way.

Network News Break is CrossNodes' daily summary of networking news and opinion, served up fresh daily. Please send your comments and suggestions to the editor.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter