Archives For P2P

“It turned out that the botnet runners had infected computers by instant-messaging malicious links to contacts on infected computers. They also got viruses onto removable thumb drives and through peer-to-peer networks. The program used to create the botnet was known as Mariposa, from the Spanish word for “butterfly.” – From Today’s USA Today….

A few notes on this

  • These were business guys, not geeks, running a for-profit business.  Mistakes made by senior management allowed authorities to track down the people in charge.  According to the article, this is rarely the case – generally the people at the top don’t get caught.
  • The goal is profit, the tool is the botnet – this botnet has been around for years, stealing millions of credit card numbers along with other sensitive data.  Over 13Million computers are involved, and I assume the owners of these systems have no idea who they are.  Likely, some of them are our clients.
  • Instant messaging, P2P networking, and thumb drives – this is typical.  Instant messaging means people were receiving links and clicking on them to infect their computers, P2P is on more computers  than you might imagine – used by many to exchange free music among other things.  Look for people using home computers for work purposes, or taking work computers home and allowing their kids to use them.  This is a sure sign that data is at risk.
  • Thumb drives – this is the oldest trick in the book…yet hackers still win with it.

Assessments are still the number one way to create immediate justification for project work and managed services.  The question is, are you finding urgent issues?  Make sure your team is trained the find the things that lead to justification – this is not always the focus for high end security consultants.  I find companies continue to lead with policy projects, architectural issues, and highly technical rhetoric which generally lands the sales person back with (unqualified) IT people that want to fix it themselves.

One final note – this is not just about finding security project work…whatever you sell can start with risk issues.  Whether you sell storage, servers, UC, applications…it doesn’t really matter. The issue sales people are facing right now is budget constraints, and this type of risk opens the door to assess risk, upgrade core systems, modify architecture, and implement managed services over every aspect of the IT architecture – if data is present, data is at risk.  THIS is the topic of my March Teleseminar…

We

Advertisements

My two day workshop with Courion, as always in these marketing strategy sessions, was just as much a learning session for me as it was helpful to those I worked with.  As we considered the urgency of data risk as it relates to unauthorized access, undetected misuse, and the growing dilemma of unstructured data, Bob forwarded me a telling article on P2P networking that parallels one of the best cases for more security I’ve ever read… (See my post on P2P Peril – http://www.networkcomputing.com/wireless/your-data-and-the-p2p-peril.php)

The point:  Companies and institutions are using P2P networks, but many don’t understand how to manage the security side of this powerful application, and are inadvertently putting sensitive data online with unrestricted access.  Check out this recent article from The Washington Post – then head to clients and include this topic in any assessments or risk analysis.

http://www.washingtonpost.com/wp-dyn/content/article/2010/02/22/AR2010022204889.html?hpid=sec-tech

Every once in a while a great article comes out on why companies are losing their data, despite the investments they’ve made in security.  This article was published earlier in the year, and I’ve referenced it in many of my classes and executive luncheons…it’s absolutely worth reading!  I have included two links; the first is the original article, the second drills down to review the kind of data Avi Baumstein found after building his own P2P search engine.  Make sure you look at the second link – it’s not a technical article, but it contains the sound bites you need for your next security discussion!

The bottom line of both links is this; companies that allow their data to be used on home systems, or allow family users to access the Internet through your client’s work system are in big trouble.  You can’t read this and walk away feeling like “you’ve got it covered!  Great information for those selling Data Leakage Prevention Solutions.  Also great insights for assessment initiatives.

http://www.informationweek.com/news/206903416 (updated link on April 10, 2012)

http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=206903417