Many corporations feel confident in their security measures, but more often than not, “security holes” are left open for the bad guys to sneak in. John Brandon has listed 6 of the biggest security leaks found in companies for ARN, and enlisted Winn to help explain a couple of them.
P2P networks just won’t go away. In a large company, it’s not uncommon to find employees using peer-to-peer systems to download illegal wares or setting up their own servers to distribute software.
“P2P networking should, as per policy, be completely blocked in every enterprise,” says Winn Schwartau, CEO of The Security Awareness Company, a security training firm. “The P2P ports should be completely shut down at all perimeters and ideally at the company’s endpoints. P2P programs can be stopped through white/black listings and filters on the enterprise servers.”
“In our proof-of-concept work, we showed how a rootkit could turn on a phone’s microphone without the owner knowing it happened,” says Schwartau. “An attacker can send an invisible text message to the infected phone telling it to place a call and turn on the microphone.” That would be an effective tactic if, for example, the phone’s owner was in a meeting and the attacker wanted to eavesdrop, he notes.
Schwartau says there are ways to filter SMS activity, but that’s usually done through the wireless carrier, since SMS isn’t IP-based and therefore isn’t usually controlled by company admins. The best option for blocking such attacks is to work with carriers to make sure that they’re using malware-blocking software, SMS filters and redirects for those kinds of attacks.
Read through the full list here: http://www.arnnet.com.au/article/364061/six_enterprise_security_leaks_should_plug_now/