Attack Defense

Number 2 of the top 14 security vulnerabilities, according to the recently released second edition of Hacking Exposed (Osborne/McGraw-Hill, $40): “Unsecured and unmonitored remote access points provide one of the easiest means of access to your corporate network. Telecommuters often connect to the Internet with little protection, exposing sensitive files to attack.”

Microsoft’s security experts appear to have overlooked this concept: It’s what seems to have happened in the company’s recent experience of being hacked from afar.

For a more readable but depressing look at just how tough it can be to maintain security, there’s Secrets and Lies: Digital Security in a Networked World (Wiley, $30), in which Bruce Schneier, a cryptographer and security consultant, describes the many ways systems can be compromised. The problem is as much human as technological. System managers often fail to install important security fixes. Users don’t like having to use passwords. Miscreants may find it simpler to ask, pay or trick someone into divulging his password rather than use sophisticated technical means.

You can minimize the risk. Keep your antivirus software updated and get yourself a firewall. ZoneAlarm from Zone Labs seems to do a good job not just of fending off outsiders but also of warning you when the kind of “malware” that apparently bit Microsoft attempts through the Net to make mischief inside your machine. Like other firewalls, ZoneAlarm will force you to make some decisions about permission. It’s free for personal and nonprofit users, $40 or less a machine for others.

Categories: Secrets & Lies, Text

Sidebar photo of Bruce Schneier by Joe MacInnis.