Information Security Show Highlights New Threats, Old Problems

IT security administrators are struggling to balance security with the needs of users and regulations, and are starting to feel caught between tough new data-privacy regulations and aging Internet protocols. Are they losing hope that we can win the war on malicious code?

In an article on the InfoWorld website, writer Paul F. Roberts says attendees at last week's Information Security Decisions show expressed these opinions and more. Attendees, he says, are "scratching their heads over a witch's brew of new attacks and stealthy malicious code."

Among the chief concerns of IT security professionals, Roberts says, is the growing popularity of internet messaging (IM) applications. Chandler Howell, an information security manager at Motorola Inc., told Roberts that employees who chat over IM are vulnerable to potent new IM worms, phishing attacks and other IM-borne threats.

Another growing problem is networks of compromised computers, known as "botnets," which can affect corporate networks but are tough to find and stop. These bots, Roberts says, "allow remote attackers to command tens or even hundreds of thousands of compromised machines using … commands that can launch DOS (denial-of-service) attacks or distribute spam."

According to one speaker at the event, William Hancock, chief security officer at Savvis Communications, part of the problem may be that key Internet protocols, such as HTTP and TCP/IP, lack security controls. Bots and IM worms take "full advantage of those open protocols, hiding in otherwise innocuous network traffic or encrypting communications to disguise attacks," Roberts says.

To read the full article, click here: http://www.eweek.com/article2/0,1759,1815236,00.asp