Skip Links

Blocking and Stopping Network Intruders

By Mark Edward Soper, CIO
March 26, 2008 09:30 AM ET

CIO - Data thieves aren't always the black-clad hackers typing away in a dark room a la The Matrix, either: Data center employees with a chip on their shoulders and the technological savvy to put something over on "the man" are often at fault as well. (Compare Data Leak Protection products)

So, what can you do about it? Whether you're responsible for your own computer or manage a fleet of hundreds (or thousands) of PCs, PCs are vulnerable to a variety of threats, including:

* P2P clients
* Insecure wireless networks
* Phishing
* Spyware
* Viruses
* Insecure work at home environment
* Social engineering

Here's how to stop them.

Just Say No to P2P File Sharing

Peer-to-peer file transfer clients such as Gnutella, BitTorrent, Kazaa, LimeWire and others enjoy an almost virus-like popularity as an easy means of sharing music and video files with other media enthusiasts. Unfortunately, they can also share sensitive corporate and personal data with strangers around the block, the country or the world. Recent studies of P2P file sharing at banks and the federal government have demonstrated how easy it is for programs intended for media sharing to gain access to confidential and secret information. In Dartmouth University's Tuck School of Business study of P2P file sharing at America's top thirty banks, P2P file sharing searches for text in song or video filenames found matching information of all types, including company names, addresses and much more. A study by security firm Tiversa found over 200 classified documents in just a couple of hours of searching with P2P client LimeWire.

Why is P2P file sharing so potentially dangerous? Depending on the client, P2P file sharing is usually keyed to file types, not folders. Consequently, a music or video file in the same folder as confidential information can expose the entire folder's contents to a P2P search. What's worse is that some P2P clients make it easy to share an entire drive rather than just specified folders. P2P clients pop up everywhere, including corporate PCs, as well as your children's PCs or other home PCs.

To stop the threat of P2P file sharing at work, corporations should configure security to block P2P clients. If you're telecommuting, use file encryption on work folders and make sure you never, ever set up a P2P client to monitor work folders. Stay on top of the P2P game with resources such as a P2P and file-sharing resources search at TechRepublic.

Securing Insecure Wireless Networks

Wireless networks are easy to set up--especially if they're insecure. Your office may have a wireless network that's locked down with WPA or WPA2 encryption and Radius authentication servers; if you work from home or in a public area on an insecure wireless network, you might expose sensitive information. What kinds of threats are out there? (Compare WLAN Security products)

-- If a restaurant or other retail establishment uses an insecure wireless network for its point-of-sale system, war drivers in the parking lot can grab credit card numbers from business credit cards and sell them, or use them for unauthorized shopping sprees.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News