October 2004 Network Security

DEATH TO JPEGs?Dangerous is how security experts aredescribing a weakness in the way Microsoftprograms process JPEG image files thatallows a Trojan horse, JPEG of Death.C, to compromise computer systems.Microsoft, which reported the weakness,has issued a patch; users of Windows XP,Windows Server 2003, Office XP andService Packs 2 and 3, Office 2003, andmore than a dozen other applications areadvised to get it from Microsofts website.When activated, the Trojan horse down-loads software from an FTP site that installsa back door on the computer. But it doesnot replicate. This is believed to be the firsttime graphics files, which make up some30% of Internet traffic, have been used as amalware carrier.

THE ENEMY WITHINCompanies are so focused on externalthreats that they are ignoring potentiallymore devastating attacks from insiders andoutsource business partners, audit firmErnst and Young says in its 2004 GlobalInformation Security survey. "Companiescan outsource work, but they can't out-source responsibility for security," saysEdwin Bennett, global director of Ernst &Young's technology and security risk ser-vices. Respondents rated viruses andTrojans the biggest threat with employeemisconduct second biggest. Theft of propri-etary information was lowest.

FDIC STOPS JUST SHORT OF IM BANThe US Federal Deposit Insurance Corphas stopped just short of recommendingthat banks ban the use of Instant Messagingover public media because of its lack ofsecurity. Instead it calls for much tougherpolicies and procedures, which, if followed,would limit severely the attractions of IMfor business purposes. The use of public IMmay expose financial institutions to securi-ty, privacy, and legal liability risks becauseof the ability to download copyrighted files,it warns. It suggests banks use vendors’ IMproducts that authenticate, encrypt, audit,log and monitor IM communication.“These help financial institutions use IMtechnology in a more secure environmentand assist in compliance with applicablelaws and regulations.”

NEWS

Accelerated IP v6 shiftcaught at Check PointBrian McKenna

Firewall seller Check Point has regis-tered a significant shift in its cus-

tomer base towards IP v6.The Internet runs IP v4, but has been

under strain since the early 1990s due tothe limited 32 bit scope of its addressspace. The 128 bit IP v6 increasesaddress space massively. It is also moreinherently secure, featuring authenticat-ed headers and payload encapsulation.The IETF completed the version 6 spec-ification way back in 1997, but the shiftfrom IP v 4 to 6 has so far been glacial.

Check Point confirmed that there weresix customers using IPv6 in June 2003.An increase started from July last year,and the numbers started to increaserapidly from October onwards.

Dan Sarel, VPN solutions manager atCheck Point in Tel Aviv, reported that hegot a surprise when he queried the sup-plier’s customer database at the start ofthe year. He found 300 odd customersdoing IP v6 projects. The tally nowstands at 750.

Sarel was also surprised to find thatthe customer breakdown is spread outglobally, beyond the predictable US andJapan — including 50 from the UK.

He also thought that IP v6 customerswould be confined to early adopter ISPsand telcos, but found the spread to bemore even. “The common denominator isthat they are very big companies”, he said.

While 9% of the 750 customers arefrom the government/military sector and8% are in finance, a less predictable 4%are in healthcare and 3% are in retail.

Sarel said that the company’s investiga-tions among its customers have yet toreveal a full explanation for the develop-ment. “It seems that IT managers aregetting ready for IPv6, maybe underpressure from large national ISPs, MSPsand telcos”.

"There is also pressure building upfrom the US Department of Defenseand Japan”.

The Department of Defense said inJune 2003 that it hoped to move to IPv6

by 2008. Department acquisitions takingplace after October of 2003 have to beIP v6-compatible. Version 6 is attractiveto the military because it ensures packetstravelling over a network arrive at theirintended destination. And in 2001, the Japanese government invested 8.05 billion yen in IP v6 verificationexperiments.

Sarel confirmed that most of CheckPoint’s v.6 development has been in sup-port of DoD and Japanese initiatives.Korea and China are also rich in activitydriving IP v6, he said.

"Security has been neglected becausethe promise of version 6 was that it was inherently more secure, so therewas not much attention paid to whatstill needs to be done to make it reallysecure.

"But it is now all finally happening!”

Combination tools tooust point productsBrian McKenna

IDC has predicted that multi-functionsecurity appliances will have pushed

out single-job firewall and VPN appli-ances by 2008.

Adam Stein, VP corporate marketingat Fortinet, a multi-function appliancesupplier, welcomed IDC’s finding that“firewall and VPN revenues are flat and going down”. In four years timethey will have declined from 93.4% to 42.4% of the security appliance market.

This is good news for Stein’s company,the current 'unified threat management'sector leader in IDC's view. The compa-ny has nearly 30% market share in thisnew category, representing sales of$30.9m. Meanwhile, Symantec has22.9% market share, Secure Computing21.7%, and Netscreen 5.9%.

"There are others getting into themulti-functional area”, said Stein, citingCisco’s bundling of Trend Micro andMcAfee’s acquisition of Intruvert asexamples. “But ultimately they are alltrying to build a unified threat productfrom third party offerings that werenever meant to co-exist”.

3

In brief