Protecting Against Attack: Eight Ways To Limit Your Vulnerability

Security - Channel Insider

Empowering the next generation Channel

Home

Security

Protecting Against Attack: Eight Ways To Limit Your Vulnerability

By Ericka Chickowski on 2010-09-23

If you or your customers have been hit with a cross site forgery request (CSFR) and blended attacks using PDFs, you aren’t alone. These kinds of attacks and others have been steamrolling organizations with their malicious success. Recently HP's TippingPoint DVLabs, Qualys and SANS got together to put out a report on the top technology attack trends for the first half of 2010, which found that these kinds of attacks are hitting companies more often. Smart companies need to be vigilant to these IT security threats and take the proper measures to reduce the risk. And channel partners and IT solution providers looking to add value to their IT offerings would do well to keep these attack threats in mind and focus on the following eight best practices, as laid out by the report. Here’s how to protect your customers.

Move Them To A Whitelisting Model

One reason so many modern attacks are working is because organizations make it possible to download and run arbitrary code on endpoints across their infrastructure.

What The Experts Say: "In some environments with very focused computing tasks, switching to a smartphone model where only vetted and signed executables are allowed to run on the desktop can allow organizations to minimize the chance of infection."

Fine Tune Their Configuration Management

A default deny model is not always possible and takes time to develop—but that doesn't mean an organization should throw up its hands.

What The Experts Say: "As an interim measure to secure against attacks, DVLabs advises implementation of strong and comprehensive configuration management."

Build Security Into Web 2.0 Applications

As services keep moving to the cloud, attackers are increasingly shifting their sights to Web applications, looking for low-hanging vulnerabilities.

What The Experts Say: "Companies need to be very careful about moving more and more functionality onto the Web without ensuring its security."

Set Up Developer Education

Setting up security training for developers who code Web applications—supported by automated testing tools—will greatly diminish risk of attacks on critical applications.

What The Experts Say: "The potential impact of deploying new Web applications is rarely understood. Many times these applications directly access sensitive information, and if compromised, give attackers the means to steal this data quickly and easily."

Have Employees Log Off Websites Before Clicking Untrusted Links

A lot of CSFR attacks know that many users tend to stay logged into important Web sites and leverage that.

What The Experts Say: "In order to help prevent Cross Site Request Forgery attacks, it is important to log off of important websites prior to clicking links in email or on untrustworthy websites."

Patch Religiously

So many attacks today take advantage of well-known vulnerabilities. Automating your client's patching is one of the most effective ways of greatly reducing their risk of attack.

What The Experts Say: "It is more important than ever for organizations to have an accurate inventory of user applications and a defined patch strategy."

Establish A Point Man

Help your client identify one person to take responsibility for keeping up to date on vulnerability announcements and attack trends by subscribing to mailing lists and industry RSS feeds. Or better yet, become that point man for them.

What The Experts Say: "Organizations should designate specific security personnel with the job of monitoring public announcements of new vulnerabilities and widespread attacks."

Monitor For Anomalies

Attackers these days don't just announce themselves. Your customers have got to be on the hunt for unusual network behavior and other clues of attack in order to stop problems before they do real damage.

What The Experts Say: "Organizations should continuously monitor for anomalous and suspicious behavior on their computer systems and networks to detect attacks early on and minimize the damage."

Recent Slideshows

See All Slideshows

Sponsored Links

Try Windows Azure free for 90 days

Introducing the world's first family of systems with integrated expertise

FREE Securing Smartphones & Tablets for Dummies Book from Sophos

5 New Technologies That Will Change Enterprise IT

Build an IT Infrastructure That Delivers the Future

CHANNEL RESOURCE CENTER

Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking.
Learn More

WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace.
Click Here

New Technologies That Will Change Enterprise Computing

Check out our top five picks for technologies that will change the game in enterprise computing.
Learn More

Channel Insider:

Security:
Network Security
Enterprise Networking
Infrastructure Security
How To: Data
IT Security News
Security Watch Blog
Secure Channel Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
Computer Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Complementary Magazine Subscriptions

Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Publish Online
Web Buyers Guide

Developer Websites:
Microsoft DevSource
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 8

Protecting Against Attack: Eight Ways To Limit Your Vulnerability

Move Them To A Whitelisting Model

Fine Tune Their Configuration Management

Build Security Into Web 2.0 Applications

Set Up Developer Education

Have Employees Log Off Websites Before Clicking Untrusted Links

Patch Religiously

Establish A Point Man

Monitor For Anomalies

Recent Slideshows

Advertisement