Enterprises to clamp down on downloads, predicts HP

Malicious executables unleashed by unwitting staff have become so much of a threat that enterprises will move to broadly denying PC users the right to download almost anything from the Internet, predicts a report from a security vendor.

The report this week from Hewlett-Packard Co.’s Tipping Point DVLabs, says “the future of personal computing [in organizations] will move toward a default deny model” in which everything not explicitly allowed is forbidden.

Security policies “are going to become more granular, more policy-based,” Dan Holden, the lab’s director, explained in an interview Thursday.

That means some employees may have broader download rights than others – perhaps C-level executives or those in creative jobs like reporters — but most users will see severe limits.

As an interim measure, the report recommends “strong and comprehensive configuration management” for workstations, servers, firewalls, routes and switches — including tracking exceptions.

The conclusion comes as the report, an annual list of the top cyber security risks, notes attackers are using more sophisticated techniques than ever to get behind corporate firewalls. The kind of attacks aren’t necessarily increasing – in fact the report notes some have been around for years and going after the same vulnerabilities – but their methods are getting trickier.

The number of attacks from well-known legacy threats continue, the report notes. For example, attacks on Windows XP’s cmdshell using SQL injection dramatically increased in May and June, mainly in China. Older versions of Microsoft SQL Server are vulnerable to this, the report notes. Also, while declining, the Conficker virus continues to show signs of life.

HTTP client and server attacks dramatically increased over the past six months, the report adds.

But what the report authors are most concerned about is the continued targeting of Web-based applications. That’s understandable given that so many business applications run on browsers, and co-author Mike Dausin, DVLabs’ manager of advanced security intelligence admits this isn’t new.

But, he said in an interview, the polished nature of the exploit code is “astounding.”

“We started seeing release notes in some of the code,” he said. Weapons of attackers include automated tools, botnets and search engines, he said to spread malicious JavaScripts and PHP remote file include invasions.

The report also notes a recent increase in Cross Site Request Forgery (CSRF) vulnerabilities, in which a user executes an action in one application while in a secure Web site such as a bank. The report gives an example a user reading email  and clicking on a link at the same time as he is logged into a bank Web site. The link starts an attack that leads to the transfer of money if bank doesn’t validate a transfer request. 

The disclosure rate of CSRF attacks have been increasing over the past year and a half, says Holden, who wonders when there will be a mass eruption. “When you have a vulnerability that continues to grow, at some point the attackers notice that. There seems to be a sweet spot where they start to leverage it.”

To secure organizations, the report points with approval to the SANS Institute’s Top 20 Critical Security Controls. One of those controls urges organizations have a policy that staff must log off sensitive sites before clicking on email links.

In particular, the report points to says allowing only users to download vetted and signed executables can minimize the chances of malware infection.

The report was complied from data collected by HP TippingPoint DVLabs. The TippingPoint division makes intrusion detection and other security products; Qualsys Inc., a vulnerability and Web application security maker; the SANS Institute, a security training service; and the Open Source Vulnerability Database team.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now