Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Bugwatch: 'Tis the season to be careful

Bugwatch: 'Tis the season to be careful

by Nikola Strahija on December 12th, 2002 As Christmas approaches, many IT security personnel are bracing themselves for a hike in personal internet usage as staff log onto e-cards, online shopping facilities and web mail sites to organise their festivities and send greetings to loved ones.


It is at this time of year that a user's guard is down and therefore the most opportune time for hackers and virus writers to strike.

This is the time of year when people would not think twice about opening a message from someone that they might not have heard from in months.

Perhaps they've received an e-card from a friend, or maybe they've just received some spam from a wily marketer that is about to wreak havoc on a company's server.

At a time when users expect to see attachments and web-links to festive amusements, IT security staff can be guaranteed a headache long before the Christmas celebrations get underway.

It is crucial that companies clamp down on email and internet use, making it clear precisely what the IT infrastructure may and may not be used for, and clearly flagging the potential dangers that each outlawed practice may pose.

Only through educating users will businesses begin to see a decline in downtime.

For example don't use the company facilities to access a web-based email account. These tend to bypass existing email filtering tools and can therefore leave the way clear for malicious content to enter and leave the system without the administrator finding out until it is too late.

Restrict the viewing of content rich sites because those using flash, ActiveX and scripts consume large amounts of bandwidth and have the potential to allow dangerous, even viral, code to enter the network.

Now is the time for businesses to start blocking or quarantining all emails not relating to work. This rule should be applied to both inbound and outbound traffic, with particular attention paid to emails that contain either a web link or an attachment.

This will help to prevent networks and systems becoming swamped by resource hungry greetings etc, and may also prevent any damaging infections.

The most effective way of dealing with a festive influx of unsolicited emails is to apply the same level of vigilance all year round.

For example, one way of reducing the level of spam is to set out guidelines for employees using mailing lists.

Many companies that hold mailing lists make the names and email addresses available to third parties and this is where a large proportion of spam is generated.

Businesses can combat this by restricting the sites at which employees are permitted to register, and by encouraging them always to request no third-party contact.

So the key is not to stop employees from accessing the internet but to improve the way in which they use it from a security perspective.

I'm the last person to want to put an end to the Christmas cheer, but experience warns us that this time of year can be responsible for causing a lot more than just a headache for companies needing to clear up in the aftermath.

- article available at http://www.vnunet.com -


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »