Hacker tools are growing more sophisticated and automated. Hackers can now quickly adapt to new security vulnerabilities as they are uncovered and distribute the fruits of their exploits more widely with the help of automated toolkits. And they're employing an ever-increasing range of methods to find individuals' and companies' private information and use it to their own advantage.
And yet many of us have a false sense of security about our own data and networks. We install a firewall at the perimeter, put anti-virus and anti-spyware tools on our desktops, and use encryption to send and store data. Microsoft and the big security companies provide ever-improving tools and patches to protect us. Although others who are less careful might be at risk, we're safe, right?
Maybe not. Take a look at these seven security myths and see if your data is as secure as you think.
Myth #1: Encryption guarantees protection
Encrypting your data is an important component of data protection, but it's not infallible. Jon Orbeton, senior security researcher with Zone Labs, which makes ZoneAlarm firewall software, is a proponent of encryption, but he warns that sniffers are getting more refined and can intercept SSL and SSH transactions and grab the data after it's encrypted. While encryption helps protect the captured data from being read, encryption standards do have several points of vulnerability that can be exploited by a determined hacker armed with the right tools. "Hackers are finding ways to circumvent the security mechanisms," Orbeton said.
Myth #2: Firewalls will make you bulletproof
"A lot of people say, 'We have a firewall,'" says Steve Thornburg, an engineer with Mindspeed Technologies, a developer of semiconductor networking solutions. Thornburg deals frequently with security issues. "But you can read the entire IP trail through the best firewalls and sniff out these systems." By tracing the IP trail, which shows the network addresses of systems, hackers can learn details about the servers and the computers connected to them and use the information to exploit vulnerabilities in the network.
It's clear, then, that firewalls and encryption aren't enough. Network administrators must not only make sure they have the latest and most secure versions of the software they are running, they must also stay up to date with reports about loopholes in popular operating systems and stay on top of monitoring their networks for signs of suspicious activity. In addition, they need to enforce smart usage practices among end users on the network to discourage them from installing new and untested software, opening executable e-mail attachments, accessing file-sharing sites, running peer-to-peer software, and setting up their own remote access programs and unsecured wireless access points.
The problem, says Thornburg, is that very few organizations are willing to put forth the money and effort it takes to maintain security. "They know it won't be popular," he says. "It will downgrade efficiency. Cost is the big issue, because these companies are all looking at the bottom line."
Myth #3: Hackers ignore old software
Some of us think that if we're running legacy systems, we're not a target for attack because hackers only go after the most widely used software, which is more recent than our own.