Six security leaks companies need to fix

By siliconindia   |   Monday, 01 November 2010, 19:56 IST
Printer Print Email Email
Bangalore: When you build a company, you take all the necessary steps to avoid any untoward incidents. Modern world companies need to take care of security. And we are not just talking about the real world security here but security relating to the virtual spaces. In today's world where major portion of the companies' work takes place via the virtual world, security of this space becomes utmost important to the firms. These leaks can take place in the form of Wi-Fi sniffing snafus, or Bluetooth sniper rifles used to steal company secrets, reports Information Week. In the list of security leaks that need the immediate attention of the companies, here are the top six and how you can fix them at the earliest. 1] Securing Wi-Fi networks Enterprises today face some of the greatest security threats from the smartphones. Explains Robert Hansen, Founder, Sec Theory (an internet security consulting firm) about the danger that smartphones exude, "The danger is that cell phones are tri-homed devices - Bluetooth, Wi-Fi and GSM wireless. Employees who use their personal smartphones at work introduce a conduit that is vulnerable to potential attack points." In that case, someone in a parking lot could use a Bluetooth sniper rifle that can read Bluetooth from a mile away, connect to a smartphone, then connect to a corporate wireless network," says Hansen. However, Hansen asserts that disallowing use of smartphones will not be helpful, as employees will be tempted to use them. To address this problem, Hansen says IT should allow only approved devices to access the network. And adds that these addresses should be based on MAC addresses, which are unique codes that are tied to specific devices - making them more traceable. Another way to deal with the issue is to use network access control to make sure whoever is connecting is, in fact, authorized to connect. You could also give company sanctioned smartphones on popular platforms. This step will prevent employees from using non supported devices. 2] Network printers - Hacker's Entry Point You would have hardly ever imagined that the harmless printer on your desk could possess potential security threat to your firm. But the truth is it does. With printers enabled with Wi-Fi and 3G services, there are several ports through which hackers can break into the company networks. They can also gain access to the print outs and steal sensitive business information. The proven answer to deal with the problem is to disable the wireless options on printers. However, if that is not practicable, make sure all ports are blocked for any unauthorized access, says Hansen. Use of security management tools like ActiveXperts Software's Active Monitor, can also be helpful that monitor and report on open printer ports. 3] Bad coded Web Applications The holes created due to sloppy programming are enough to give nightmares to security professionals. These holes can occur as a result of custom-developed software as well as commercial and open-source software. Even PHP routines on a web server are also vulnerable to attacks. Minor coding attacks also pave a way for hackers to add their own embedded code, says Hansen. For fixing the problem, Hansen suggests avoiding some software such as freely available PHP scripts, blog add-ons and other code that might be suspect. If these are required monitoring tools need to be in place then. 4] The Social Networking threats Acquiring sensitive information through social network sites like Facebook and Twitter have become commonplace now. And these kinds of attacks are not always traceable. People may get fooled by an e-mail that came from an imposter thinking that the person might be real. In order to prevent such scenarios, companies need to use e-mail verification systems that confirm the identity of a sender. These verifications send an e-mail back to the address to confirm the sender's credentials. 5] Securing networks from P2P threat Many companies will vouch of incidents where the employees used P2P networks to download and distribute illegal wares. Winn Schwartau, CEO, The Security Awareness Company, a security training firm says, "P2P networking should, as per policy, be completely blocked in every enterprise. P2P programs can be stopped through white/black listings and filters on the enterprise servers." To address this issue, Schwartau suggesta a technique called 'resource isolation' that controls which applications users are allowed to access based on permission rights. He also urges IT shops to conduct regular sweeps of all company networks and servers to look for P2P activity and to be vigilant about blocking any P2P activity. 6] SMS based security attacks Hackers can use the means of SMSing and contact employees thereby directly attempting to access sensitive information like network log-in credentials and business intelligence. Not only that, text messages can also be used to deploy malware on the phones. The best way to counter this crisis is to work with carriers to make sure that they're using malware-blocking software, SMS filters and redirects for those kinds of attacks, says Schwartau. Also creating smartphone usage policies can effectively reduce this problem. While these are some of the major security issues, with improving technology, hackers too improvise on ways to attack. It is up to the companies to keep an eye for new security threats while fixing the current ones.