[iwar] [fc:ITxpo:.Net.devices.worsen.IT.security.problems]

From: Fred Cohen (fc@all.net)
Date: 2001-10-13 01:58:00


Return-Path: <sentto-279987-2893-1002963480-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 13 Oct 2001 02:00:08 -0700 (PDT)
Received: (qmail 14762 invoked by uid 510); 13 Oct 2001 08:57:48 -0000
Received: from n27.groups.yahoo.com (216.115.96.77) by 204.181.12.215 with SMTP; 13 Oct 2001 08:57:48 -0000
X-eGroups-Return: sentto-279987-2893-1002963480-fc=all.net@returns.onelist.com
Received: from [10.1.1.223] by n27.groups.yahoo.com with NNFMP; 13 Oct 2001 08:58:00 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 13 Oct 2001 08:58:00 -0000
Received: (qmail 61620 invoked from network); 13 Oct 2001 08:58:00 -0000
Received: from unknown (10.1.10.27) by 10.1.1.223 with QMQP; 13 Oct 2001 08:58:00 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 13 Oct 2001 08:58:00 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id BAA01489 for iwar@onelist.com; Sat, 13 Oct 2001 01:58:00 -0700
Message-Id: <200110130858.BAA01489@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Sat, 13 Oct 2001 01:58:00 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:ITxpo:.Net.devices.worsen.IT.security.problems]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

ITxpo: Net devices worsen IT security problems  
By Juan Carlos Perez, InfoWorld, 10/11/2001
<a href="http://www.infoworld.com/articles/hn/xml/01/10/11/011011hndevices.xml">http://www.infoworld.com/articles/hn/xml/01/10/11/011011hndevices.xml>

ORLANDO, FLA.  -- Companies increasingly deliver their content and
services via the Internet to a variety of new devices, such as personal
digital assistants, television sets, gaming consoles, MP3 players, and
smart phones, creating a situation that makes it more difficult for IT
departments to protect internal systems from attacks and prevent data
theft, a Gartner analyst said this week. 

"It's a frightening world for security specialists," said analyst Rich
Mogull at the company's Symposium/ITxpo here.  "For years we had a lot
of control over our systems.  Not anymore."

Many of these devices are inherently insecure, lacking solid and proven
security technology.  To compound the situation, IT departments often
find themselves pressured by users to support these devices.  The
hurried adoption of these devices and the creation of new mechanisms to
deliver data to them water down the protection of internal systems,
Mogull said. 

Users' demands for access to their content and services across all these
devices promotes a confusing set of standards, platforms, and delivery
mechanisms, according to Mogull. 

Moreover, many of these new devices have short lives because they are
quickly replaced by more advanced models, so security measures adopted
by IT departments to deal with these devices rapidly become obsolete, he
added.  And a "killer" device that provides a wide variety of functions
will not appear until at least 2005.  Thus in the meantime, users will
continue to connect to the Internet and to internal systems with a
variety of devices, Mogull said. 

So-called "fixed devices," such as gaming consoles and digital
satellites, have proven prone to hacking, which can lead to stolen
services and intellectual property.  Mobile devices are even more
vulnerable because not only can they be physically lost or stolen but
their transmissions can be easily intercepted, a breach that could
enable data theft and virus infections. 

"Multiple access devices, convergent solutions, and new delivery
mechanisms create a more complex environment and increase possible
points of vulnerability," he said. 

The best way to deal with the problem of granting multiple insecure
devices access to internal systems is to deliver data and services to
these devices via a browser in a typical thin-client architecture.  The
browser will continue to be the most popular, most tested, and safest
interface for these purposes, as opposed to these devices' proprietary
interfaces.  In fact, until at least 2005, the browser will be a
supported user interface in 80 percent of new access devices that
connect to the Web, according to Gartner estimates. 

ITxpo ends Friday.  More information about the event is at <a
href="http://symposium.gartner.com/news">http://symposium.gartner.com/news>. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST