As firms resist rolling out VoIP and “Warhol Worms” threaten to wreck the Internet, Gartner advises security administrators to take a deep breath.
Relax. Gartner isn’t trying to suggest your database server will suddenly start throwing images of Campbell Soup cans up to users instead of product images from your catalog.
Instead, a “Warhol Worm” would infect every single machine on the Internet in a fifteen minute time span. That hasn’t happened yet, though some viruses like the recent Mytob variants have hit a lot of machines.
The safety of IP telephony, or rather its perceived lack of safety, has IT admins worried about eavesdropping on calls traversing the network. While they have a legitimate concern, especially in the age of SEC Regulation FD, an attacker would have to be on the same LAN as the telephony traffic.
And IP telephony can be secured like data, by encrypting the traffic. But Gartner analyst Lawrence Orans says security best practices “should not let these threats derail their plans. The benefits of IP telephony outweigh any security risks.”
Mobile malware, especially with Microsoft’s latest push into the mobile computing space with its 5.0 release of Windows Mobile and the recent announcement of the new Messaging and Security Features Pack, brings forth another concern that is probably overhyped. But wireless carriers will be required to offer over the air malware protection by the end of 2006, which should mitigate threats to mobile devices.
Some organizations see increased compliance with security regulations like those mandated by Sarbanes-Oxley as equaling better security. That isn’t the case. Mr. Orans said: “The best way to increase enterprise IT security is to buy and build software that has fewer vulnerabilities, but there has been no regulatory focus on this area.
“Companies should focus on building stronger security processes, then document these processes to demonstrate regulatory compliance.”
Lastly, there is the perception that wireless hot spots are unsafe. While an uneducated user could be victimized by a malicious wireless hacker, the common deployment of client-based firewalls and more protected access points that encrypt traffic will help stop that.
Also, corporate users generally use VPN software to protect communications between field workers and the corporate network. That’s a significant step in keeping wireless clients safe.
David Utter is a staff writer for Murdok covering technology and business. Email him here.