Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

New security threats from every which way

As virtualization, SOA and mobility projects proliferate and converge, they open the enterprise to a rash of troublesome network security problems.
By Deb Radcliff , Network World , 03/17/2008
  • Share/Email
  • Tweet This
  • Comment
  • Print

As enterprises seek out ways to reduce IT costs, optimize resources and improve operational efficiencies, three technology trends have started to dominate: virtualization, service-oriented architecture and mobility (see "Exploits on all fronts," below). More promising yet is the intertwining of these unique technologies.

Some examples: Mercy Medical Center, in Baltimore, is piloting virtual desktops rolled out on encrypted USB devices to its mobile doctors and residents. RedRoller, an online-shopping comparison service in Stamford, Conn., created an SOA to connect its small-and-midsize business (SMB) customers to best pricing at shipping carriers -- a system that's likely to go virtual down the road. Delaware Electric, in Greenwood, gives field workers with tablet PCs access to an SOA infrastructure.

Exploits on all fronts

In its annual security report, Cisco outlines likely attacks against virtualization, SOA and mobility infrastructures. Here are some excerpts:

On SOA: Malware attacks exploiting application vulnerabilities will grow and become more significant during the next several years. Expect more sophisticated attacks from professional attackers. Organizations probably will see an increasing number of infected systems attempting to access protected networks.

On virtualization: Malware rootkits that execute entirely in system memory emerged during 2007. As average RAM size continues to increase, such strategies probably will grow in popularity.

Related Content

On mobility: The huge increase during the past year in the use of multipurpose smart phones, such as Apple's iPhone, means there are more mobile devices with fully functional operating systems in use than ever before. Future mobile malware will take advantage of the richer capabilities of these operating systems. Expect future mobile-malware attacks to propagate via mobile e-mail, Short Message Service, Wi-Fi, and instant messaging applications.

More malware will target portable media and gaming devices. As more users take advantage of growing storage capacity in iPods and other flash media to store sensitive business information, expect attackers to target these devices.

Across all three technologies: Expect more multiplatform attacks.

Source: Cisco 2007 Annual Security Report

What does this mean from a security perspective? It means myriad new layers of risk being created along the stack -- all of which must be securely deployed and managed. "We're talking layers and layers you need to pay attention to, both in isolation and also where they're mixing up with unexpected interactions," says Dennis Moreau, CTO of Configuresoft, a configuration management company.

Take the virtual machine environment. This environment comprises a virtual machine manager (VMM) or hypervisor that's shimmed between the kernel and the host operating system to create a layer of layers, or as some call it, a "virtual stack." In that stack are the hypervisor and guest layers that call among themselves and cannot be monitored by most of today's tools.

"There's a whole series of security dilemmas IT professionals are facing with these new technologies," says M. Victor Janulaitis, CEO of Janco Associates, an IT and business analysis firm. "The most prevalent problems are change management and version control, all the way to the cellular phones," he says.

Best practices, standards and tools are emerging, but they're mostly piecemeal, open to interpretation and incomplete in their coverage. Today that makes comprehensive management of any of these technologies problematic.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Partner Content

Gartner 2009 Magic Quadrant for Job Scheduling

Gartner has positioned BMC CONTROL-M in the Leaders Quadrant of their "2009 Magic Quadrant for Job Scheduling." The report assesses the ability to execute and completeness of vision of key vendors in the marketplace. Read a full copy today, courtesy of BMC Software.

Download whitepaper

Dell's SMART Approach to Workload Automation

Read a compelling case study by EMA, Inc. to learn how Dell uses BMC CONTROL-M to cut cost and increase productivity with workload automation.

Download whitepaper

Workload Automation Cost Savings 2 Minute Video

A major computer manufacturer uses BMC CONTROL-M and just four people to schedule and run over 85,000 jobs every month. By switching to BMC CONTROL-M, they more than quadrupled the workload without adding a single staff member.  See how in this 2-minute video overview.

Go to video

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed