This whitepaper titled "Where Online Hackers Are Headed in 2007: "Coming Soon" to a Website Near You (and Your Hard Drive)!" by Kevin Prince (Chief Security Officer for Perimeter eSecurity) from Feb 2007 is posted front-and-center on the Thursday, 12/6/07 ZDNet Must-Read News Alert email. It's in the section "White Papers from our partners". I looked at it, and thought for a second. Why am I getting this in December? And more importantly... did Kevin get it right?
Well, while I can't tell you what ZDNet's motivation was for sending me this "must read" WhitePaper from Feb '07 (maybe they're out of sponsors so they're re-hashing some of the old crap?) but I'll pull some points out of it for you to analyze and think over. [Sorry Kevin, I'm really not picking on you].
For the most part, the first few sections hit the nail on the head in reference to history, and what the past few years have brought us in terms of attacks. Yes, the past used to be people attacking us at the desktop/server level with an outside-in attack... things have changed, and that is rightly pointed out. I love the sentence "Stopping new attack types demands strong security posture" uhmm... yea?
Here are the main points I think Kevin makes (Kevin, please reply if you feel I've mis-interpreted your paper).
- Attacks for 2007 will move from exploiting vulns to social-engineering people into exploiting themselves -- check!
- Attacks for 2007 will be browser-based -- check!
- Malicious websites will lure users using SPAM, messaging and hijack-redirection -- check!
- A layered approach will be required to reduce malware threats -- duh!
- Intrusion Detection/Prevention: Old news! 2007 saw IDS/IPS become yesterday's technology. Yes, everyone should have this on the desktop by now and I realize few do but that doesn't mean it's the next big thing - in fact... IDS is the last old thing in my humble opinion. The buzz words for 2007 were "extrusion detection"...
- URL Filtering: Yes - I have to agree there... this is a big frontier that in 2007 we didn't address enough, but should have. I think that stretching into 2008-2009 we as security professionals should be utilizing web filtering technology a lot more to save our desktops from attacks
- SPAM filtering: Obviously. The horse is dead, and we're still kicking it - SPAM rules the SMTP gateways, and I saw some statistic yesterday that the UK gets something like 50% of the world's SPAM? SPAM filtering should be done at every company, and if you're not going to do it yourself, hire someone to do it for you that's better at it... next!
- Policies& PC Restrictions: I lumped these together even though Kevin kept them separate because they're essentially the same thing. You can't do one without the other... you should be restricting your users from hurting themselves... after all - there is still no patch for the ignorant end-user.
- Gateway A/V: In 2007 I think we as security pros did more of it, but aren't utilizing the technology enough. I agree with Kevin, it should have been an initiative in 2007 - but we're still burning resources at the desktop doing this... why?
- Vulnerability Scanning: Remember, if you're not scanning for vulnerabilities on your network and perimeter, someone else with bad intentions is. I'll leave that one alone.
Good luck out there.