Forecast & Review: Security
There are so many areas of concern regarding Windows security that it's hard to point a finger at any particular one. So here are five:
Virus attacks will rise. The trend has increased yearly and 2002 will be no different. This highlights the importance of having virus protection software installed on your e-mail gateways and on e-mail client machines. Make sure the virus signatures are updated periodically.
E-mail continues to be a weak spot.We will see an increase of macro-based virus attacks as well as Trojan horses. It is important to adopt the following policy: Do not auto execute email attachments unless you verify the source of the email and the contents of the attachment.
How safe is Windows XP? The jury is still out on this one, but be prepared for vulnerability announcements for the newest operating release from Microsoft.
Increased disaster planning. The September 11th attacks served as a wake up call for companies without an adequate business continuity and/or disaster recovery plan. This coming year, companies will begin to take a hard look at their business processes and critical IT systems to see if they offer adequate protection.
What is steganography? Steganography is the science of hiding data in different sources including text, audio, and video. Osama Bin Laden reportedly used steganography to hide sensitive information on Web page images. I predict we will see more news on this technology in 2002.
Mark Edmead CISSP, SSCP, is president of MTE Software, Inc. and has more than 22 years' experience in software development, product development and network systems security. He was managing editor of SANS Digest (Systems Administration & Network Security) and contributing editor to the SANS Step-by-Step Windows NT Security Guide and is currently developing the SANS Business Continuity/Disaster Recovery Plan Step-by-Step Guide. Mark has pbulished books on network security and numerous articles for technical publications. He is currently writing a book on Internet Security Certifications (CISSP, SANS-GIAC, CIW, ICSA).