Assess Your Network Now
From the smallest Home office to the largest global companies, security is now the watch word from here forward. The threat level to personal information and corporate data is growing exponentially from every corner of the internet. Personal information, from banking to house-hold accounting is vulnerable via the smallest mistake that you make with your home PC.
Peer to peer networks that are running in the background can lead to the most dangerous and devastating problems.
Case in Point
Not long ago, I was doing some research for an article about peer to peer networking. The client software that I was using had the feature of being able to query a sharing users HHD for other files after connection is established for a download. The remote user that I was connecting with had misconfigured the server side of the peer to peer network at setup time. The result was that all file types had been copied to the network share folder instead of only a single file type. What was visible for download was truely frightening. All manner of personal information, from business records to personal letters to friends were copied to the network share folder, and they were available to me, or anyone else.
The Moral Here
Feature rich applications, such as peer to peer network shares, and a host of others, can be the doorway to disaster because the default setup allows an otherwise secure system to be compromised.
Corporate networks are not immune either. Over and over, I find Virtual Private Networks that are misconfigured and allow easy penetration. Closed Circuit Network Cameras on private networks are another easy entry point. High end hardware such as routers and switches from the top manufacturers are full of bugs and holes. Software that is less than fully tested for vulnerabilities is now a major problem.
Corporate IT folks from CIOs to help desk operators are now almost over-whelmed with a constant bombardment of new exploitation warez.
Case in Point
Remember Napster
The Napster peer to peer was written by a 20 year old student over the course of about four months of twenty hour days and case after case of Jolt Cola and Doritos. 30,000 lines of code later, Napster was born and everything changed. Peer to peer is here to stay and it has grown up and changed . Think of the old Napster as a proof of concept. The new Napster is much more dangerous than the old version. Instead fo 30,000 lines of code, the new peer to peer can be written in 9 lines of perl script. It can be hidden anywhere and run on anything . A little bulkier version, 15 lines of perl script , make it remotely executable.
The Moral Here
Innovation is outstripping our ability to keep up with changes that are coming so quickly, that it is breath taking.
What to do
At some point, and it should be done at least once every year, stop and take stock of your network assets. What works? What is marginal? Can I grow? What are the risks? These and a hundred other questions need to be asked on an ongoing basis. If you cannot do the work yourself, hire a professional, but do this work.
For more information, go to my website
SecureWiFi Networking Consulting
Peer to peer networks that are running in the background can lead to the most dangerous and devastating problems.
Case in Point
Not long ago, I was doing some research for an article about peer to peer networking. The client software that I was using had the feature of being able to query a sharing users HHD for other files after connection is established for a download. The remote user that I was connecting with had misconfigured the server side of the peer to peer network at setup time. The result was that all file types had been copied to the network share folder instead of only a single file type. What was visible for download was truely frightening. All manner of personal information, from business records to personal letters to friends were copied to the network share folder, and they were available to me, or anyone else.
The Moral Here
Feature rich applications, such as peer to peer network shares, and a host of others, can be the doorway to disaster because the default setup allows an otherwise secure system to be compromised.
Corporate networks are not immune either. Over and over, I find Virtual Private Networks that are misconfigured and allow easy penetration. Closed Circuit Network Cameras on private networks are another easy entry point. High end hardware such as routers and switches from the top manufacturers are full of bugs and holes. Software that is less than fully tested for vulnerabilities is now a major problem.
Corporate IT folks from CIOs to help desk operators are now almost over-whelmed with a constant bombardment of new exploitation warez.
Case in Point
Remember Napster
The Napster peer to peer was written by a 20 year old student over the course of about four months of twenty hour days and case after case of Jolt Cola and Doritos. 30,000 lines of code later, Napster was born and everything changed. Peer to peer is here to stay and it has grown up and changed . Think of the old Napster as a proof of concept. The new Napster is much more dangerous than the old version. Instead fo 30,000 lines of code, the new peer to peer can be written in 9 lines of perl script. It can be hidden anywhere and run on anything . A little bulkier version, 15 lines of perl script , make it remotely executable.
The Moral Here
Innovation is outstripping our ability to keep up with changes that are coming so quickly, that it is breath taking.
What to do
At some point, and it should be done at least once every year, stop and take stock of your network assets. What works? What is marginal? Can I grow? What are the risks? These and a hundred other questions need to be asked on an ongoing basis. If you cannot do the work yourself, hire a professional, but do this work.
For more information, go to my website
SecureWiFi Networking Consulting
posted by Bob Williams | 2:37 PM
0 Comments:
Post a Comment
<< Home