Security provider McAfee listed Hong Kong (.hk), China (.cn), and .info as the three most dangerous places "to surf and search on the web." Bill Detwiler examines McAfee's report and discusses why it's important to have comprehensive security policies and practices in place.
In a report released Wednesday, June 4, 2008, security provider McAfee listed Hong Kong (.hk), China (.cn), and .info as the three most dangerous places "to surf and search on the web."
According to McAfee's report, "Mapping the Mal Web Revisited," 19.2 percent of all Web sites with the .hk domain and 11 percent of all Web sites ending in .cn "pose a security threat to Web users." Rounding out the top five were Philippines (.ph) and Romania (.ro). McAfee ranked Finland (.fi) as the safest top-level country domain and .gov as the safest generic domain.
To create the report, McAfee analyzed nearly 9.9 million Web sites from 265 country and generic domains. McAfee collected the data using the company's SiteAdvisor system. SiteAdvisor conducts automated tests of Internet sites looking for behaviors such as "browser exploits, adware/spyware/Trojans/viruses, high likelihood of receiving spam, affiliation with other risky sites, and aggressive pop-up marketing." End users can also download McAfee SiteAdvisor and provide feedback on specific sites.
So Hong Kong is a dangerous domain - Now what?
Now that McAffee has armed us with this dangerous-domains list, can IT pros use this new knowledge to make their networks safer? McAfee made the following statement in a press release about the report:
"For administrators of top-level domains this study should act as a wake-up call. Last year's report spurred Tokelau's domain manager to reexamine its policies," said Jeff Green, Senior Vice President of Product Development & Avert Labs. "Not all domain managers are as accommodating so our mission is to educate consumers of the dangers and protect them in every way they enjoy the Web whether through their PC, the Web itself, or mobile phone. With our new secure search and website safety certification, we're taking the guesswork out of searching and surfing online so that consumers enjoy a safer Web experience."
Unless you're prepared to block all access to Web sites ending in .hk or .cn, or you're an administrator of a top-level domain, there's not much you can do with McAffee's information. You can however, ensure that your organization has comprehensive security policies and practices in place.
First, have an effective Internet Usage policy that employees acknowledge and sign. The following TechRepublic IT policy resources can help you build your own:
- Build Your Own: Internet Usage Policy
- TechRepublic Pro's Internet Usage Policy
- IT Security Policy Checklist
- Network Security Policy Quick Guide
- 10 things you should know about winning support for an IT policy
- How SMBs can enforce user access policies
Second, if required by your policy, restrict access to specific Web sites or types of network traffic. The resources can help:
- Block MSN Messenger with Squid
- Use OpenSSH as a secure Web proxy
- Use PuTTY as a secure proxy on Windows
- SolutionBase: Set up a Linux proxy server with ease using Webmin
- Implement Web-filtering software in your government organization
- A scalable content filtering strategy keeps your business on track
- 10 ways to monitor what your users are doing with company computers
- Monitoring software boosts employee productivity
Third, if you're going to monitor Internet traffic, ensure the every employee knows that the monitoring is taking place and be prepared for the consequences. In his TechRepublic article, "Yes, I am the Web surfing police," Tim Malone describes the dilemmas he's faced as an Internet traffic cop, including his role in ousting a CEO.