Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
The botnet world is booming
What’s driving this university to IPv6? Going green
Google takes direct aim at Microsoft
Microsoft promises to stymie hackers next week with new patches
Chrome OS spotlights rapidly changing mobile Web environment
IT pros continue to lose jobs
How ending exclusivity agreements would change the telecom industry
How to use electrical outlets and cheap lasers to steal data
EMC distances rival NetApp
Crime lab saves energy costs by turning up heat in the data center
IBM security software masks confidential info
Google Native Client provides hints on Chrome OS gambit
Ericsson signs deal to run Sprint wireless, wireline networks
Verizon helping companies assess application vulnerabilities
Internet's biggest issue? IPv6 transition, new ARIN CEO says
Security /

RSA speaker: 2002 will see uptick in security threats

Related linksToday's breaking news
Send to a friendFeedback

By Sam Costello
IDG News Service, 02/22/02

If you thought computer security was bad in 2001, you're not going to enjoy 2002. That was the message from SecurityFocus co-founder and CEO Arthur Wong in a presentation he gave at the RSA Conference 2002 in San Jose.

The 11th annual RSA Conference, which began Tuesday and ends Friday, drew over 10,000 attendees to discover details about new security products, as well as hear speeches about topics such as cyberterrorism and cryptography, to say nothing of a couple early morning songs from the rock band Cheap Trick. Wong's message to attendees, however, was likely sobering.

Despite such major security incidents as the Code Red and Nimda worms, "2001 wasn't as bad as it could have been," he said in a presentation at the start of the show.

Advertisement:

In 2001, about 30 new software vulnerabilities were discovered each week, Wong said, marking a decrease in a trend that had seen the number of new vulnerabilities doubling every year for much of the late '90s. Wong expects that 2002 will bring a return to old growth rates, predicting that 50 new software security holes will be found each week in the coming year.

Along with forward-looking figures, Wong also provided a glimpse into the raw number of attacks that companies faced in 2001. Wong's company, SecurityFocus, sells a security threat analysis and warning service that draws its data from the intrusion detection systems of about 10,000 companies in 150 countries on six continents. From those companies, Wong was able to present some interesting data.

In 2001, SecurityFocus customers experienced a total of more than 129 million network probes, often a precursor to a network attack. They also faced more than 29 million Web-based attacks, over 6 million denial-of-service attacks and about 154,000 Windows-specific attacks, he said.

The company's data also showed that, in what was likely not a surprise to some, Windows in all its versions is attacked more than any other operating system, with over 31 million security incidents in 2001. Following Windows, all versions of Unix run by SecurityFocus customers were attacked 22 million times and Cisco's IOS operating system underwent over 7 million attacks, he said.

On the Web server front, Microsoft was again the most popular target. Microsoft's Internet Information Server (IIS), the software that was exploited to spread Code Red and Nimda, was attacked over 17 million times, Wong said. SecurityFocus customers running the open-source Web server Apache were attacked only 12,000 times, he said, meaning that IIS systems are "1,400 times more frequently attacked than Apache."

Despite the large gap between the rates at which different products are attacked, "there is no way that you can buy anything, subscribe to anything, and say you're 100% secure," Wong said. "Security is a process, not a product."

That process, he said, should involve a security monitoring service, such as that offered by his company.

"We spend too much time fighting the last war when we ought to be trying to figure out what the next war is going to be," he said.

The IDG News Service is a Network World affiliate.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.