Broadband security: The risks of always-on

Enterprises have had plenty of time to get used to the security risks associated with an always-on Internet connection via dedicated leased lines. But experience hasn't been much of a protection for the large number of companies that still fall prey to the Internet's more unsociable elements.

By 2005, says analyst firm Gartner Group, 20 percent of enterprises will experience a serious (beyond a virus) Internet security incident. Of those that do, the clean-up costs of the incident will be half as much again as the prevention costs would have been.

All this doesn't bode well for the increasing number of smaller firms and consumers -- typically without the resources to devote to adequately protect systems -- who are adopting broadband in ever-greater numbers.

A good example of the security risk posed by an always-on unsecured PC is illustrated by a recent experiment conducted by mobile security company F-Secure during the MSBlast worm attack this month.

The firm wanted to find out how much of a threat the worm would be to an unprotected computer. A PC without any antivirus or firewall software was connected to the Internet at 3pm and was infected in just 27 seconds by the worm.

This lack of security know-how among small to medium-sized enterprises is not just an issue for individuals concerned. It could provide a potential opening for virus writers to breach the defences of large companies using the relatively unsecured systems of one of its home workers, smaller business partners, or branch offices.

According to a recent Yankee Group report, Always On, Always Vulnerable: Are UK Businesses Ready to Move to Responsible DSL?, a DSL connection increases the likelihood of attack by five times. "Always-on, means always vulnerable," the report claims.

Yankee showed that only 45 percent of small businesses -- 20-99 employees -- had purchased a bundled firewall or other security services from their service provider, and only a further 18 percent said that they would like to have a service in place. The figures were even more alarming for companies with between two and 19 employees; among these, only 20 percent had purchased security services.

The figures are just as worrying for consumers. According to a US report released earlier this year by the National Cyber Security Alliance, most broadband cable customers lacked the most basic security protection. The report revealed that, while most consumers think they are protected, only 11 percent actually have safe and securely configured systems.

In the UK, only about 56 percent of online home PC owners have virus protection according to a Forrester Research study. But, encouragingly, the survey showed that the amount of security protection increases with online experience. Usage of any security measure increased from 66 percent of new online consumers to 92 percent of those online for more than five years.

But broadband not only helps hackers and virus writers by providing an always-open door into systems, broadband is also a tool that attackers can use to target potential targets more quickly and more cheaply.

Internet service provider PSINet recently tested levels of hacking activity on the Internet by setting up an anonymous "dummy test" server -- and found it was maliciously attacked 467 times within 24 hours of being installed.

The company ran the test on an unprotected server at its data centre in Amsterdam, and registered a total of 626 malicious attacks over a three-week period.

"High bandwidth links do not only provide end users with faster download times -- they also allow hackers to attack a wider target audience with a wider array of tools," the company claimed at the time.

A report from antivirus company Symantec released earlier this year revealed that South Korea, which has some the highest rates of broadband penetration in the world, is the number one source of Internet-based attacks in the world.

According to John Donovan, Symantec managing director in Australia and New Zealand, the figures may not necessarily represent the source of attacks, but could reflect the location of compromised systems being used to launch attacks.

"The high number of attacks generated from South Korea, for example, does not so much suggest that the country is a rogue state as that it is a convenient launch pad thanks to the high uptake of broadband and other factors," he said.

Countries with more developed broadband penetration provide a glimpse of what the future could bring if the security message doesn't get through to smaller companies and consumers. In Israel, where ADSL has been available to residential customers for some time, there have been a number of horror stories where malicious hackers have wreaked havoc with home PCs.

Israeli security firm Finjan warns that the same could happen in Britain. Protection at service provider level will do little to prevent a dramatic increase in hacking activity, and especially the number of attacks on ordinary home users in Britain, according to Finjan.

"The tools are getting easier to use. I think that there will be a lot more novice activity," said a Finjan spokesperson.

Another recent study from the US concluded that as many as one in four broadband PCs in the US are "highly vulnerable" to hack attack. The US government-sponsored Computer Emergency Response Team (CERT) Coordination Center has warned that home PC users in the States must wake up to the threat.

"Many home users do not keep their machines up to date with security patches and workarounds, do not run current antivirus software, and do not exercise caution when handling email attachments," the team claimed

CERT says home PC users need to take security more seriously. "Intruders know (that home PCs are insecure), and we have seen a marked increase in intruders specifically targeting home users who have cable modem and DSL connections," the group added.

Research published by Forrester predicts that by 2008, 30 percent of Europeans' homes will connect to the Internet with a broadband connection. Seventy-one percent of these connections will be via ADSL, which will only mean more exposed systems unless the security message gets through.

Personal firewall software is one solution to the problem and Microsoft has even included a bare-bones firewall in Windows XP. But lack of internal expertise often means that keeping pace in the security arms race can be a big overhead in terms of time and money for smaller companies.

Yankee Group claims that a managed service may offer a better solution which usually comes bundled with the DSL connection and includes a firewall, content filtering and monitoring and a choice of different levels of management.

"It is becoming vital that companies deploy a holistic defence system, which is updated by the supplier or service provider to match the ever-growing and changing threats to their business."