2008 brings with it new challenges and issues that network and systems administrators should be aware of, particularly vulnerabilities brought on by users. This white paper examines the top concerns which network security professionals should be prepared to face in 2008, and how they can be mitigated.
2008: Major concerns for network and
systems administrators
An article on the major concerns which network and systems
administrators should prepare for in 2008.
2008 brings with it new challenges and issues that network and systems administrators should be aware of. This whitepaper examines the top concerns which network security professionals should be prepared to face in 2008.
Introduction As with any other year, in 2008 network and systems administrators will have to face challenges which will tax their ability to adequately protect corporate networks. Experience shows that maintaining and improving on security is never easy; hackers, malware creators, spammers, malicious insiders and other, mostly unpredictable, elements all add up to the factors which tend to give these network security professionals many a sleepless night.
Various 2008 threat predictions have already hit headlines. Some mention VOIP and virtualization , others mention malware evolution and Facebook widgets that will be used to distribute malware; However, facts and figures indicate that the challenges faced in 2008 will not stem from technology itself; for in its nature technology is a neutral element that can either be used in a good or in a bad way. The biggest threat for 2008 is the same threat to businesses that has been around for the last 200,000 years - the Human Being himself!. Human beings, their weaknesses, fallacies and inquisition can all be exploited to wreck havoc within organizations.
Human Overconfidence History shows that we tend to rely too much on the claims which operating system vendors and business software vendors make. New systems sell themselves as being more secure and more fail-safe than their predecessors. While this is undoubtedly true, one must remember that at every release of each operating system and business software throughout the years vendors have all made the same claim, over and over again, year after year. This has never. However. deterred hackers and other malicious individuals from researching and executing attacks against newer systems.
A case in point is Microsoft Windows Vista, which by end 2007, will hit the 10% market share, with a projected 30% adoption rate expected by end 2008. Microsoft Windows Vista does not only equate to a new operating system, it also equates to a new user expierience. While this system is much more secure than its predecessors, its users are still the same as before, and therefore they are the path of least resistance to the average network environment exploit. Through social engineering, security features such as the new user access control can be easily circumvented, duping users in installing software which is insecure or tainted with malware.
Humans' misplaced trust Trust should be earned and not automatically afforded. Dangers to business do not only lie outside of the business perimeters; recent history shows that insider attacks to businesses cost as much, if not more, than attacks originating from the outside. Insiders have their own advantages for they have an intimate knowledge of your network and its inner workings. In 2008, an ever increasing proliferation of portable storage and communication devices (iPods, USB drives, USB WiFi cars, etc) will highly facilitate data theft, logic bombs and other forms of sabotage that can throw your business back to the Stone Age. Yet again, while it might be easy to put the blame on such devices it's not these devices that are at fault; once again, technology is a neutral entity. The main fault here is the use made of such devices - banning them will simply not work because you simply cannot rely on voluntary compliance, supervision is too laborious, the devices can be easily concealed and you'll just create dissent.
1 Human lack of knowledge When it comes to network security, ignorance in neither bliss nor excuse. In 2008, a lack of basic security principles and a lack of knowledge in the trends that malware, spyware, spam and other malware are taking will greatly contribute to the downfall of network security. This most often is due to lack of time or resources to research sec... [download for more]
