Inmates, Asylums and Heart Monitors – Server Security
Necessity is the mother of invention.
We’ve already discussed the sorry state of affairs for server security along with the related compromise of the perimeter of the network. Gartner recently predicted that 75% of enterprises will be infected by bots by the end of THIS year. Yet no one is shocked. My how the world of network security has changed as we get increasingly interconnected and hackers get increasingly sophisticated.
I suspect that at least half of the few thousand who typically read this column will have received at least one “you’ve been breached” notice. Whether the data was on a laptop, stolen via a hack attack or sold by a frustrated employee the effect is the same. Your identity is exposed. It is a sad reality that we accept these exposures as a part of our increasingly interconnected and commercial lives.
Like the boiling frog syndrome, as long as the water warms at a slow pace, we can be a very flexible lot and tolerate once intolerable realities (like invasion of privacy now going commercial). With every breach announcement, every letter we become accustomed to being violated. Our household was hit with three “you’ve been had” letters over the last 12 months. Yet things are bound to get worse before they get better.
Hackers have started to focus more on sophisticated server and database attacks capable of circumventing signature-based network defenses by leveraging a network’s permeable application and protocol layers. These layers contain patchworks of (attack) vectors often hidden from the view of traditional network security systems operating at low layers (like packet inspection and pattern matching). They are the network’s equivalent of dark, secret alleyways and hidden passages around walls and checkpoints, covertly navigable by anyone with specialized knowledge and access.