Who knows more about your network - you or the cyber-criminals?

NEWS A leading security expert has urged UK businesses to remain one step ahead of the hackers and virus writers by ensuring they know more about the holes in their networks than the cyber-criminals. These days, you can be sure if you don't do something about a hole in your security you'll not be waiting too long before a hacker does - and while it sounds like obvious advice, recent high-profile incidents such as the slammer scare remind us that it's a message which still needs to be hammered home in some quarters. Vincent Gullotto, vice president of Network Associates' anti-virus emergency response team (AVERT), said: "Today is very different to two years ago when everybody was concerned with defending the perimeter. Now visibility and detection is key. "Companies need to find holes in their network - holes which can be detected and exploited by hackers." Gullotto added: "Slammer wasn't an anti-virus issue, but it was a detection issue. People now have to ensure they have patch management programs running across their whole IT infrastructure - not just on Microsoft machines." As companies expand their IT infrastructure they increase the potential for holes to appear. And even in the most pro-active of IT departments "there is still a human error factor" which cannot be eliminated, Gullotto said. This human factor may not be the "weakest link in the chain", according to Gullotto, but identifying what does pose the biggest threat to your network is critical - whether it be at the email gateway or a particular application. Two technologies which perfectly illustrate the threat of human error and the security flaws inherent in new technologies are instant messaging and file-sharing or peer-to-peer networks. "With instant messaging, in the next year we expect to see viruses which are prevalent. Hopefully companies have detection in place, because if they don't it just becomes another way for viruses to spread," said Gullotto. Similarly file-sharing networks also pose a threat to corporate networks. "Virus writers are asking themselves, 'How do I get back to the desktop?'" said Gullotto. "Mass mailers aren't getting to the desktop any more via email. We used to have a major virus outbreak every quarter. But that's not been the case for 18 months now." As a topical example of how viruses can spread by peer-to-peer, the recent Coronex worm copies itself into the recipient's C:\My Downloads folder - often used for file-sharing - using one of 24 file names, intended to make it look as though it could be a game or a movie file. Engineered to spread via file-sharing, unsuspecting users of a service such as KaZaA could easily be tempted to download these unaware that the file actually contains a virus. Files names used by Coronex include: The Lord of the Rings.exe; Doom 3.exe; The Sims: Unleashed.exe; Black Hawk Down (full).exe and Jedi Knight II.exe.