Alternative Controls In 2008, CSO magazine introduced a column by Bill Brenner named the FUD Watch. The focus of the column is to dispel the FUD (fear, uncertainty, doubt) factor that entwines real security issues. Identifying real security threats and evaluating risk and risk controls are needed for an effective security program. Something of minor risk requiring significant resources to mitigate should probably be ignored. Most users prefer to patch to eliminate risk. However, the volume and complexity of some patches and the possibility that the patch may "break something" makes patching a problem in many organizations.
Patching is not the only alternative to reduce or eliminate risk.
Firewall rules may provide effective controls to thwart attacks against security weaknesses. Exploits which have successfully compromised an internal device may be blocked by a suitable firewall configuration. For example; many modern Trojans use ftp (or tftp) to download necessary components to complete their compromise of a system. By blocking outgoing access through the firewall, the malicious code will be rendered ineffective. Obviously, this is not a good solution for laptops which may be moved to other networks and allow the malicious code to complete the infection process. But it is a good solution to buy time, perhaps until your anti-virus vendor releases protection against the malicious code.
User Awareness Information security is perplexing and complicated for many users. They often struggle in that space between "getting their job completed" and following security recommendations, even if the web page is a good decoy advising of a security threat. Should they do the right thing and ignore the lure or should they do the right thing and choose to "fix" the security problem, thereby unknowingly installing malicious software on their computer? Many, many malicious objects wait patiently for some unsuspecting visitor to fall prey to their false claim. Identifying those that are a threat exceeds the capabilities of some users. However, all users are likely to act correctly given a comprehensive understanding of what valid security messages they might encounter and a procedure to follow for any other security message. So why not get users involved as a first defense?
email Controls Opening files with malicious content is often how infections are spread. Blocking files, such as .exe files in the mail server will provide significant relief against the spread of malicious email content.
Blacklists Blacklists exist for malicious web sites, malicious attack sources and malicious email content providers. Blocking these providers in your network gateway provides a first line defense against them.
Network Architecture Network appliances allow devices to communicate and perform their designated functions. However, those same appliances can be used to block unnecessary communications. For example, the crude netBIOS protocol has been used effectively to spread malicious code from one device to the next. Is there a necessity to allow netBIOS protocol to flow from one network to the next? If not, why allow it? |