We have met the enemy

Network security is on everyone's mind, but what are the biggest threats?



commentary Network security is on everyone's mind, but what are the biggest threats?

I know who the secret hero must be for just about every network manager out there. It just has to be the little Dutch boy from the Mary Mapes Dodge story. You know, boy walks along, boy sees water coming through dike, boy sticks his finger in dike and saves the whole town.

If only things were that easy. If only securing your network was as simple as plugging a network hole and waiting for the cheers from the ecstatic employees around you.

But of course the reality is more like the cartoon spinoffs of that story -- the ones where as soon as one hole is plugged another one starts spraying water. Then another, and another...

Certainly there are evildoers out there trying to get at your data, your bandwidth, and otherwise just make life difficult. They get better at what they do, and organisations have to keep the cycle going by coming up with better defences. That's just a given in most businesses today.

If you ever wanted to come up with the perfect tool for circumventing firewalls and antivirus defences, it already exists in the thumb drive.
Then there's the internal threat: disgruntled or former employees getting into your network and causing havoc. Having once been the biggest threat to organisations, that has recently become a lesser threat, but perhaps only because the external attacks have grown so rapidly.

But I can't help thinking that some of the biggest security problems we face these days are those we inadvertently bring on ourselves.

I recently saw a promotion for yet another security conference, one that deals specifically in firewalls and antivirus technologies. Nothing new about that. The thing that caught my eye was that attendees were being offered a free gift. And the illustration of that gift on the advertisement looked suspiciously like a thumb drive.

I might be a bit oversensitive here, but isn't that like offering first-time visitors to an AA meeting a free cocktail for attending?

Because if you ever wanted to come up with the perfect tool for circumventing firewalls and antivirus defences, it already exists in the thumb drive.

There are other inadvertent threats nearly as good. The take-home notebook, for example. And the severity of that threat jumps way up if the person taking the notebook home happens to have kids around the age of, say, 10 to 15.

Music lovers don't want to hear it (take those earphones out for a second!), but according to a recent Gartner report, Apple's ingenious iPod has popped up on the risk radar for many organisations. OK, it was really only included in a list of portable storage devices marked as dangerous because they could be used to "introduce malware or steal corporate data", but mentioning iPod first is always good in getting "enthusiastic" Apple product owners' attention.

And now phones are going to be added to the list of portable storage devices with the release of the Samsung V5400 (not yet in Australia), which is equipped with a 1in, 1.5GB hard drive.

So while you hard-working network specialists are busy plugging holes, the dike construction workers will be over here doing a little cosmetic work with a jackhammer. Or to put it another way, in the immortal words of Pogo, "We have met the enemy, and he is us!"

This article was first published in Technology & Business magazine.
Click here for subscription information.