Click here to receive your FREE subscription to Campus Technology
Security Trends
SANS Flags Browsers, Botnets as Top Security 'Menaces'
1/17/2008
Research and education organization the SANS Institute this week revealed its list of the top menaces facing IT in the coming year. Echoing earlier reports from security watchdog organizations, the group's "Top-10 Cyber Security Menaces for 2008" cited Web 2.0 technologies, converged devices, botnets, and browser addons among the worst, with a heavy emphasis on consumerized technologies and the vulnerabilities they present.
Consumer Technologies
These "consumerized" technologies include a wide range of Web applications, online media, and consumer devices (like the iPhone) designed to take advantage of them. They're the sorts of technologies over which IT has very little control, as students, faculty, and staff bring their personal electronics to campus and otherwise insinuate themselves in the enterprise.
Top-10 Security Menaces of '08 1. Browser Exploits Source: The SANS Institute, January 2008 |
At the tops of the SANS Institute's list comes one of these technologies: digital media and other related technologies that users access through browser addons: Flash, QuickTime, etc.
Said the report, "Web site attacks on browsers are increasingly targeting components, such as Flash and QuickTime, that are not automatically patched when the browser is patched. At the same time, Web site attacks have migrated from simple ones based on one or two exploits posted on a Web site, to more sophisticated attacks based on scripts that cycle through multiple exploits, to even more sophisticated attacks that increasingly utilize packaged modules that can effectively disguise their payloads."
Converged consumer communications devices, like the iPhone and other types of smart phones, coming at at No. 4. Other types of consumer electronics, such as USB thumb drives, GPS systems, and others, come in at No. 10 on the list.
And, like other recent reports, SANS also names Web 2.0 and other types of Web applications as major culprits.
Back in October, Georgia Tech's Information Security Center released a report entitled "GTISC Emerging Cyber Threats Report for 2008," in which Web 2.0 was cited first as one of the threats to watch in 2008. And earlier this month, the UK's KPMG released a report for the business sector called "Risk concerns stall uptake of Web 2.0 technology in the workplace," in which more than half of the executives surveyed for the report cited security fears as major barriers to institutional adoption of Web 2.0 technologies.
Recommended Reading
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
- Data Breach Strikes U North Dakota Alumni Association
The alumni association for the University of North Dakota has gone public with a data breach that occurred when a laptop belonging to a software vendor was stolen from a vehicle. The computer contained the names of 84,000 university alumni, donors, and others, according to coverage by the Grand Forks Herald.
- Tips for Selecting a Campus CRM tool
As competition for students increases, colleges and universities are looking more and more to customer (or constituent) relationship management software for help in remaining competitive.
- Intercast Networks Goes into Beta with Kazam Video Service at Internet2 Universities
Intercast Networks has redesigned Kazam, its student Internet TV and video service based on the company's VideoXpress platform. Following a spring semester alpha trial at Columbia and Purdue University, the company redesigned Kazam's interface based on student feedback and added additional content that caters to a student audience.
- Michigan State Managing MRI Images from Africa with Acuo Tech DICOM Services Grid
Doctors at Michigan State University have begun using the Digital Imaging and Communications in Medicine (DICOM) Services Grid from Acuo Technologies to transport and manage magnetic resonance imaging (MRI) results from a hospital in Malawi, Africa in order to monitor the impact of malaria on children.
- IIT Delhi Delivers Services with Ingres Open Source
Administrators at the Indian Institute of Technology Delhi (IIT Delhi) have gone public with their installation of open source database management software from Ingres. IIT Delhi, one of seven leading institutes of technology in India, adopted Ingres Database to support administration functions such as grading, finance, human resources, procurement, and hospital administration.
