|
 |
 | | | | | ||||||||||||||||
| | You are in: Sci/Tech | ||||||||||||||||||
 | | Saturday, 23 February, 2002, 08:53 GMT Tipping the balance on net security  Warning about the Nimda web worm Net security is going to get a lot worse before it gets better. So says Peter Tippett, the computer security pioneer who now runs TruSecure, a company dedicated to spotting the next big security problem before the vandals and malicious hackers exploit it. Although good technologies are emerging to help companies tackle problems such as web worms, denial of service attacks and website defacements, too little attention is paid to working out new threats and educating people in the basic steps they can take to protect themselves. As a result, said Mr Tippett, many organisations were taking action that did little to help them tackle the real risks and security problems they faced. Flight plan Peter Tippett was co-author of Vaccine, one of the first anti-virus programs released in the days when viruses spread via floppy disks rather than race around the world in e-mail. But although the net had grown up, the allied security industry had not, said Mr Tippett. He likens the net now to the early days of aviation when there was little co-ordination of knowledge about the safest way to fly a plane, how to repair them or the basic standards of airworthiness to which aircraft should be built.
The net desperately needs something similar, believes Mr Tippett. "In internet security there's no-one that can tell you what are the 20-30 things organisations should do that are essential for security," he said. "There's also no mechanism for distributing information about problems and what must be done to solve them." Instead, said Mr Tippett, the net had a vast array of security experts, software companies and hacker groups pumping out information about security vulnerabilities that often overwhelmed the people inside companies trying to protect their networks. Under attack As a result, many companies do a poor job of addressing the real threats. Most employees are told to change their passwords regularly and to ensure they contain a mixture of numbers and letters. But, said Mr Tippett, few companies tackled the much bigger security problem caused when one employee used another unattended terminal to damage a company's network or commit a crime. Now, said Mr Tippett, companies were spending more money than ever on security but the problem was only getting worse.
Many of TruSecure's clients avoided Nimda thanks to the early warning system set up by the company. Mr Tippett said TruSecure monitors the activity of 800 hacker groups and collects 200 gigabytes of net traffic per day to try to work out what the next big threat was going to be. It regularly issues guidance to its clients about what they can do to protect themselves from these future attacks. This monitoring system helped it spot that something like Code Red and Nimda would happen months before the virulent, malicious programs actually struck. Often, said Mr Tippett, a few simply steps could vastly reduce the chance of a particular attack succeeding. Now, TruSecure is working with many governmental groups to try to spread information about the basic things that companies can do to protect themselves, and to ensure that when significant threats emerge the right people are told about them quickly enough. | | See also:  Internet links: The BBC is not responsible for the content of external internet sites Top Sci/Tech stories now:  Links to more Sci/Tech stories are at the foot of the page. | ||||||||||||||||
|
Links to more Sci/Tech stories |
 | | ^^ Back to top News Front Page | World | UK | UK Politics | Business | Sci/Tech | Health | Education | Entertainment | Talking Point | In Depth | AudioVideo ---------------------------------------------------------------------------------- To BBC Sport>> | To BBC Weather>> ---------------------------------------------------------------------------------- © MMIII|News Sources|Privacy  |
E-mail this story to a friend