ENTERPRISE: The Spooks Are Snooping Online

Whenever
someone speaks about network or IT security, the thought rarely goes beyond
hackers and attackers releasing viruses, worms or trojans. But 2004 saw
increased activity on invasion of privacy and confidentiality of users through
spywares and phishing.

According to a report by WatchGuard Technologies, 67% of security managers
said spyware posed greater threat to their networks than viruses, and 10%
considered phishing as a major threat. While 65% agree that they are least
protected against spyware, still they concentrated more on handling viral
attacks.
Â

In another report on security threat by Symantec, between July 2004 and
December 2004, of the top 50 malicious codes, spywares comprised 5%, up by one
percent when compared with the first half figures of 2004. For phishing, the
figures were scary with more than three fold increase in the number of attempts
being filtered per week. In July, almost 9 mn phishing attempts were filtered,
which went to 33 mn in December.

Both spyware and phishing, in most cases, do not cause much harm to the
network directly apart from hogging the bandwidth. But for e-commerce companies,
financial institutions, and organizations transacting over the Internet, they
pose serious threats. These malicious programmes or codes can be used to gather
sensitive and confidential data such as credit card numbers, passwords, and user
IDs, and can cause huge financial losses.

PHISHING FOR CONFIDENTIAL INFORMATION

Symantec defines phishing as an attempt by a third party to solicit
confidential information from an individual, group, or organization, often for
illicit financial gains or other fraudulent purposes. Though web browsers and
e-mails are the most common ways used for phishing, it can also ride on spywares
and blended threats.

According to CERT, between July 2004 and February 2005, there was a 28%
growth in the number of phishing sites and in February alone there were 2625
active sites. And, just six brands comprised 80% of the phishing attacks.

Unlike spyware, phishing requires some kind of consent or approval of the
user in giving out the information. The attacker usually employs social
engineering where it asks your account number, passwords etc over a fraudulent
form. The form would appear genuine, as it would carry the logo and other
information about the organization, while it gathers the inputs for the
attacker.

Pharming is another way of redirecting users from real websites to
fraudulent sites and then through key-loggers and malware sitting on the desktop
identify your confidential information.

REDUCING PHISHING RISKS

Detection and filtering of e-mails at the server level is the primary step
any organization should be taking to reduce phishing attacks. The absence of
SMTP authentication helps sending spoofed e-mails, and unless mail server
authentication standards are developed, attacks are likely to continue. Gateway
and desktop filtering may also help in reducing such threats.
Â

User awareness is important in dealing with fraudulent mails. The user
should be told not to reveal any sensitive information over the mails or
Internet. Enterprises, particularly  those
involved in financial transactions should strengthen their policy regarding
sending e-mails with digital signatures and embeddedÂ
links. Anti-phishing tools and detection toolsÂ
also help reduce threat from phishers.

SPIES ON YOUR NETWORK

After viruses, spywares and adwares are perhaps the two biggest threats to
confidentiality, availability, and integrity of data on a network.Â
Spyware refers to stand-alone programs that can secretly monitor system
activity and relay the information back to another computer. As information
gathering can be done through keystroke logging, capturing e-mails or messenger
traffics and even intercepting information before it is encrypted over a
network, it can bypass firewalls, VPNs or secure connections. However, some of
the spywares might be legitimate programs installed to monitor employees'
Internet usage.

Spyware and adware also need some program to ride on and get into a
system. This can be done through the web browser, e-mails or can be bundled with
software. Some companies even lower the cost of software and provision for third
party adwares in their end-user license agreements (EULAs). Once on your system,
these programs sit there and monitor the usage, gathering and sending relevant
information to the hacker.
Â

The best way to find out whether your network has got these malicious
programs or not is to monitor its speed. If the speed drops abnormally and more
pop ads start appearing, then the chances are that you have been hit!

NEUTRALIZING THE SPIES

Not all spyware and adware are malicious and a blanket ban on all cannot be
enforced. Like disabling ActiveX feature on your browser affects web browsing
and can display incorrect pages. Similarly, some pop ads might contain useful
software, and blocking all of them can result in a loss.

However, enterprises have to have some policies to secure the networks.
The difference between a good security tool and policy and a bad one, is its
ability to filter out the malicious and harmful activities. Regular monitoring
of security policies and tools helps contain their spread. However, being mostly
Internet driven, the system audits should ensure that no unauthorized software
is being installed from the Internet. Policies on disabling ActiveX and EULAs
have to be carefully laid down. And in the end, it all boils down to the common
sense of the end-user on how he accepts software from unknown, untrusted third
party.

Anurag Prasad

vadmail@voicendata.com