Security Watch

WPA 2 security spec In the works

According to the Wi-Fi alliance, the next generation of Wi-Fi Protected Access (WPA) will be launched sometime in 2004. WPA 2, the new standard, is expected to bring higher security levels to the existing WPA standard that was launched in 2003.

This is good news for wireless security since WPA has already overtaken Wired Equivalent Privacy (WEP) as the de facto security standard for Wi-Fi alliance certification. The prime reason behind this has been the higher levels of wireless data security in WPA than WEP. WPA is a subset of the proposed 802.11i security standard from IEEE.

Improper URL display in Internet Explorer

CERT has announced a vulnerability in Internet Explorer that does not properly display the location of HTML documents. This technical glitch can be exploited by attackers to mislead users into revealing sensitive information.

An attacker can convince a user that they were viewing a legitimate site when in fact they are visiting a site controlled by the attacker. The attacker could then use additional social engineering techniques to trick the victim into disclosing sensitive information such as credit card numbers, account numbers, and passwords.

CERT recommends applying the patch (832894) referenced in Microsoft Security Bulletin MS04-004, or a more recent IE cumulative patch to solve the vulnerability. Other safety measures include entering the URL manually and using trusted bookmarks for sensitive sites. It is not advisable to click on URLs from untrusted sources like unsolicited mail or instant messages.

Checkpoint Firewall-1 vulnerabilities

Security firm Internet Security Systems (ISS) has discovered a security flaw in the recently added HTTP Application Intelligence component of Checkpoint Firewall-1. This component acts as an application proxy between untrusted networks and network servers for detecting and preventing potential attacks. Vulnerabilities also exist within the HTTP Security Server application proxy of Firewall-1 (including those prior to Application Intelligence releases).

Enabling HTTP Application Intelligence or HTTP Security Server might lead to the system getting attacked. The vulnerability may be exploited by remote unauthenticated attackers to gain super-user access to the firewall and thereby directly compromise of the server. This means that Firewall-1s running in default configuration are highly vulnerable.

The affected versions are Checkpoint Firewall-1 NG-AI R55, R54, including SSL hotfix; Checkpoint Firewall-1 HTTP Security Server included with NG FP1, FP2, FP3; and Checkpoint Firewall-1 HTTP Security Server included with 4.1. ISS and Checkpoint have released updates to patch the firewall. The updates can be found at: http://www.checkpoint.com/techsupport/alerts/index.html

StatNook: Asia sees Security investment of $1.7 billion in 2003

According to a research report by IDC, the APAC region has witnessed significant growth in terms of enterprise security solution investments during 2003.

This is a good sign of Asian enterprises becoming more aware of the need for effective security.

IDC's recent report on "Asia/Pacific IT Solutions Market Spending Analysis and Forecast, 2003-2007," reveals that among the seven major enterprise solutions examined in the Asia/Pacific region (excluding Japan), the largest investment was on storage, surpassing $4.0 billion in 2003 followed by Enterprise Resource Management (ERM) at $3.9 billion, and Security at $1.7 billion.

Based on these figures, the 2003-2007 compound annual growth rates (CAGR) for the Security, Customer Relationship Management (CRM) and e-commerce solutions are projected to reach a high of 25%, 23% and 20% respectively.

Source: www.idc.com

Security Genesis: The first PC virus

If the enterprise had an option to go back in the history of IT security and undo something, 1986 would be one of the first. This was the year that witnessed the first PC virus.

Some excerpts of the details on the first PC viruses as illustrated by IBM Research.

In 1986, the first PC virus was created. It was the Brain virus from Pakistan.

Brain was a boot sector virus and only infected 360k floppy disks. Interestingly, even though it was the first virus, it had full-stealth capability.

Source: www.research.ibm.com

A CIO's views on Information Security

A number of issues on Internal Security Threats were discussed at a Nasscom technology forum, titled 'Information Security: The Key imperatives'. Sanjay Sharma, Head-Information Technology, IDBI Bank was one of the panelists at this forum. Here are his views on various issues relating to Internal Security.

On access rights…

"You need to ensure that adequate rights are given to outsourced staff. Consider the role a particular person is performing in the organization when assigning rights. When such staff are relocated, replaced or removed, their access rights should be modified accordingly, and immediately. This needs to be factored into the security policy."

On management of IDs…

"Establish the IDs of people logging in (outsourced staff change). You need to put in (robust) infrastructure to manage identities across systems. Don't have multiple IDs (as people tend to forget these). You can set up IDs such that they are same as the employee number."

On security logs…

"Going through (lengthy) log files is a tedious task. You need to use some tools to filter the data and avoid false positives. Examine the logs for IDS, Firewalls, and anti-virus. In addition, you need to conduct external audits and arrange for ethical hacking."

--Brian Pereira