More than just protection

By | March 10, 2006

Data protection in IT security, like protection of the occupants of vehicles, can be broken down into the different areas or types of protection systems. There are active components; the set of mechanisms aimed at reducing the risk of virus infection or attack. In vehicles these are good brakes and steering, tires and shock absorbers in good condition or an engine that performs well. In IT systems these are antivirus programs, anti-spam filters, firewalls, etc.

However, elements that minimize the possible damage to the occupants of the vehicle in case of accident, such as seatbelts, airbags, crumple zones, etc. are also often defined as active protection elements.

But who is responsible for active protection in IT systems? Those in charge of IT are the ones who usually fight against hacker attacks or viruses that have gotten into the network through the carelessness of a user. There is no system that provides a truly active protection service. Only providers that understand the global protection required by their clients are capable of offering active data protection solutions.

Active solutions in the data protection world are extremely simple, yet extremely difficult to implement without total commitment to customer service. For example, some manufacturers, more concerned about selling boxed products than offering active protection, cannot afford to offer a 24-hour support service.

But IT security should go much further than these two concepts. Automotive companies are not worried about road signs or the conditions of highways. This protection stage, the preventive protection stage, is not their responsibility, but lies in the hands governments and highway constructors.

However, when speaking about preventive protection in IT, there must be someone who takes cares of this. Although it goes without saying that taking a sharp bend at over 70 mph is extremely dangerous, motorists must be clearly warned of this danger or highways should be built that do not present this danger.

Is it possible to know which points are dangerous in an IT system in order to avoid accidents? Of course it is. Whenever a new worm spreads, it uses a series of techniques that are known to all. When stealing information, spyware is going to use a number of limited and well-known techniques. It is these malware “skills” that allow “checkpoints” to be installed to control the actions carried out by the processes on computers, so that systems also have preventive protection.

This allows malicious actions carried out on a system to be blocked without needing to be able to identify the code that is carrying them out. Although it is easy to say, it is not so easy to implement, at least if we look at the IT protection currently on offer. Very few companies are capable of offering it and almost none of them are capable of implementing it effectively.

But we must go even further. For solution providers, protecting clients does not end with detecting a virus and eliminating it. True, the accident has been avoided, and everything is still working. But how did the accident happen? How did a certain code manage to spread?

In general, hackers take advantage of the opportunities offered by the Internet to easily deceive less cautious users. For example, free web hosting with the option to use services anonymously or complicated registration of domains, which makes it necessary to dig deep to find out the name of the owner of the page. By doing this, malicious code could be hosted on a website that is very difficult to shut down.

However, the protection philosophy of a particular product should not be left at software, but should go one step further. And this is exactly what some companies are doing. PandaLabs, the division of Panda Software in charge of detecting and modifying malicious code is one such example.

The work of a virus laboratory does not end with generating a vaccine. If this code uses a web server to house components or simply act as a gateway to carry out actions, the service providers will receive a call warning them of the danger that they involuntarily have in their hands.

Fortunately, in many cases the problem can be resolved with a couple of telephone calls, but in others, it is more complicated. It is quite easy to modify a DNS for example, but it is also easy for the cyber-criminal who has created the code. A closed website can be re-opened in no time by simply making a few changes.

However rapidly and effectively security experts work, they must fight against a series of processes and local incompatibilities that complicate their job. Legal systems are not adapted to the Internet and when an attempt is made to harmonize something, regulations usually conflict with one anther. Some systems are more demanding than others, some countries consider some actions more serious than others… Simply look at the ID card law under consideration in the UK, whereas it is causing controversy there, neighboring countries, like France, accept that it is perfectly normal that citizens should be able to identify themselves. And the two countries are part of the European Union!

In the end, there is no common regulation for certain activities. Therefore, cyber-crime can be included as one of the legal voids between different countries using the network with no frontiers, the Internet. All that’s left for users and administrators is self-protection, as the Internet, for the time being at least, is a world in which outlaws can survive.

Leave a Reply