Friday, February 09, 2007

Not just Microsoft - Outside the OS

I just got back from a trip to Germany attending an event called IT Defense in Leipzig. It's run by a reseller for the company I work for, a company called Cirosec (www.cirosec.de) I was lucky enough to see presentations from some of the worlds great talents on Information Security including Kevin Mitnick with his excellent thoughts on Social engineering and one from Marc Maifrett from eEye Security (Marc is the Chief Hacking Officer)

As well as visually showing us a hack into Vista (well that took a long time coming didnt it??) He went into great detail about the way that attackers seem to be concentrating on non-Microsoft applications. The reason is clear, Microsoft, despite their obvious issues, have gotten better at Security. People like Apple, Symantec, McAffee, IBM and Adobe are now the applications that are being exploited, and not just by the intelligent hacker. Check out applications like Metasploit (www.metasploit.org) and you will see how easy it is to take advantage of flaws within many of the applications that have become ubiquitous on many of our desktops.

The answer is clear, update to the latest versions, install the patches that have been released and understand which of your users have these applications installed (know how many iTunes users you have?)

The tools available to you currently may not offer that, so my advice is to ensure that whatever you choose, you ensure that the following criteria are met:

  1. Does your solution provide you a real time view of the applications installed?
  2. Does it provide visibility and control in heterogenous environments?
  3. Does your solution allow you to distribute patches to non Microsoft applications?
  4. Does your solution provide you with the ability to enforce policy by allowing or dissallowing applications?

I dont mind which solution you decide to use, but if you follow these key points, you can only make your user base (and therefore your data) safer.