When a vulnerability is detected in an Internet system or service, the hope is that the person who discovers it will report it to an Internet security-oriented Web site. But depending on the severity of the issue, security reports issued by these Web sites often lag behind the discovery of the problem. This common practice gives the vendor of the product or service in question time to correct the problem. There is a continuing debate about when security issues should be publicly disclosed.
Internet security issues arise and evolve, of course. But here are three steps you can take today to help prepare for the security issues that come tomorrow.
Tip 1: Encrypt sensitive data or use an encrypted VPN
If you're concerned about security in the 802.11 protocols or any network protocol, encrypt the sensitive data before sending it or use an encrypted virtual private network (VPN) tunnel.
Although it may sound like a trivial solution, and perhaps entirely too simplistic, it's certainly effective.
For more information about the 802.11 insecurities, read this report about the "discovery" and this response from Cisco.
Tip 2: If you're using a broadband Internet connection, use a firewall
Sometimes it's possible to anticipate serious problems. When the ILOVEYOU virus was detected in May 2000, I responded quickly by taking the necessary steps to stop it and other types of nefarious attachments from spreading at work. I wrote a patch to Sendmail that tweaked some of the common attachment file extensions that disabled the ability for them to be clicked on by an unsuspecting user. This simple patch prevented our Internet service provider (ISP) and others who used our e-mail server from spreading the virus. After ILOVEYOU, Microsoft issued an update to Outlook and Outlook Express designed to combat such activity; however, many people had a less than favorable opinion of the update.
Tip 3: Pay careful attention to e-mail attachments
Don't ever launch e-mail attachments from your e-mail program. You should first save them as a file. If you're wondering when you need to be concerned and when you don't, you've just struck on one of the most puzzling questions in Internet security.
Since it's impossible to be 100 percent secure, the best advice I can offer is to be prepared for problems. You should answer these questions:
- · Do you know what software you're running? You can prevent Internet security problems by staying informed about the software you are using and by keeping your software up to date.
- · Have you patched or disabled the IIS service on your Windows 2000 machine to keep Code Red at bay?
- · What services are running on your Linux machines?
- · Did you check for an update to your antivirus software today?
What tip would you recommend?
Some IT managers focus their efforts on training end users. Is that the best way to reduce security problems? Post a comment here or send us an e-mail.