subscribe: Daily Newsletter

 

Web 2.0 pushes the boundaries of IT security

0 comments

The emergence of Web 2.0, an extension of the first-generation Web, promotes collaboration and sharing between users, writs Mike Hibbert, director: MEA and emerging markets at Marshal. It’s the foundation for Web applications such as Facebook, MySpace, Wikipedia and others.

The problem with that is, due to the fact that it actively promotes collaboration and sharing, it will increasingly be used by hackers and others to push malicious software on to people’s computers. The biggest current threat in that department is collecting people’s personal details for financial gain.
The threat stems from the fact that people feel comfortable in their Web application environments. People accustomed to adding applications to their Facebook sites lower their suspicions to installing potentially malicious software and phishing attempts. Phishing is when one person tricks another into divulging confidential information.
Web-based software services, like Google Docs, are becoming common targets and are attacked on a regular basis.
More targeted spam and phishing attacks will begin to emerge that target specific personnel in organisations to gain access to IP or commercial espionage data.
There will be more complex blended attacks using e-mail, websites, instant messaging and call centres to lull and fool users into revealing personal information or installing compromising software on their computers.
Spammers are unfortunately a problem that won’t simply go away as they generate huge revenues from the operation.  
There will be advances in blocking spam in the future, but there will also be advances in spamming technology.
The international community will have to collaborate to curb spam and phishing attacks with international legislation to control the attacks and clamp down on criminals.
However, action must also be taken to start closing down botnets. This is the most urgent issue since 65% of spam is sent from botnets that spammers rent to use, according to research by the Multi-State Information Sharing and Analysis Center in the US.
Instant messaging is also being targeted by spammers and virus coders to infiltrate users’ computers as its use has increased dramatically.
Spam over Internet telephony (SPIT) is also becoming a real nuisance; voicemail boxes can be a potential denial-of-service hazard as disk space and networks are filled with thousands of calls from malicious callers who have automated callouts.  
These constantly evolving threats mean that businesses must up their game. The days of keeping simple anti-virus software up to date on each person’s computer are old history. Firewalls in isolation also no longer hack it.
Layered security is the new watch phrase, and it means that busi0nesses will need constantly updated anti-virus software to defeat inter-office e-mail viruses on pervasive Microsoft Exchange servers and Web browsing protection and policy enforcement for responsible Web use; hardware- or software-based firewalls; gateway-based content filtering to reduce spam, virus propagation and improve general e-mail security.