Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Stewart Twynham's IT security diary - The next big thing

by
22nd Jun 2007
Save content
Have you found this content useful? Use the button above to save it to your profile.

It’s rare I get chance to catch up with old colleagues, however a children’s party proved such an opportunity this week. So what do web security specialists talk about amongst the jelly and ice cream? Armageddon, of course.

The idea of a major security catastrophe causing Internet meltdown isn’t new. The SQL Slammer worm took out tens of thousands of unpatched servers worldwide in 2003, and in 2004 millions of u-patched and unfirewalled home PCs were shut down by the Sasser worm. But it’s now 2007 - the Internet has more users (including major but less experienced adopters such as China) and the world is clearly overdue for something big.

Whilst the speculation at our gathering over exactly what and when caused much heated debate, we were all pretty much in agreement as to where the next cyber war was most likely to be launched from – the millions of small office/home office networks up and down the country.

As one close friend, head of IT security for a major retail bank, pointed out, the average home is an ideal breeding ground. Consumers are filling their homes with PCs and digital gadgets such as Apple TV (which received its first critical update this week), along with popular Media Centre PCs running Windows XP and Vista.

The demand for on-line access to music and movies also means that many homes are now able to access broadband reaching 10 or 20 times the speed found in most offices. Yet these ultra-fast internet connections are often headed up by routers and wireless networks installed by amateurs and never maintained.

Manufacturers have certainly improved upon previously laughable security in the consumer-grade routers that power most homes (and a frightening number of small businesses), yet security is still purposely weak out of the box - otherwise home users simply wouldn’t be able to get their home networks working. And despite the widespread publicity surrounding hijacked home PCs and their role in criminal and spam networks, internet service providers still appear more concerned about offering the cheapest phone + TV + broadband packages to worry about something as boring as security. Yes, your average UK ISP might offer some bundled security software, but that’s not the kind of “in-built” protection these networks need.

Add into this mix a teenager with a penchant for YouTube, or a spouse wishing to share some files online as in the case of one unlucky Pfizer employee, and you’ve a recipe for disaster.

Of course, it will be the smallest businesses that are most affected - those that rely on a single home PC, which doubles up as a homework station and/or games machine.

Thankfully, there are some security products new to the market that don’t cost the earth and could offer the kind of protection that home and mobile workers need.

Over the coming weeks and months I plan to look at some of these less well known alternatives and report back. Then hopefully we’ll all come through the next big thing unscathed.

Tags:

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.