Moving your network from IPv4 to IPv6 can be risky if you don’t close security holes
In February 2011, the last blocks of IPv4 Internet addresses were allocated, highlighting the need for organizations everywhere to plan their transition to IPv6, the next generation Internet protocol. Because the move to IPv6 is happening gradually, applications will support both Internet protocols for some time—and so must your network. During the transition from IPv4 to IPv6 your network could become vulnerable to new security risks, so it’s critical that you phase in the new protocol as securely as possible.
The axiom “Quality, not quantity” has been adopted by everyone from stock pickers to those trying to successfully navigate the online dating scene. Now cybercriminals are also putting this philosophy to practice.
Specifically on the issue of spam, Cisco’s research reveals that mass spam volumes dropped from 300 billion daily spam messages to 40 billion between June 2010 and June 2011. Although 40 billion is still a huge number, signifying that spam is still an issue, the trend that’s most alarming is the threefold increase in spearphishing and the fourfold increase in personalized scams and malicious attacks such as malware.
Recently sample code was posted publicly that exploits a denial of service vulnerability in the Apache HTTP Server. This particular vulnerability is receiving considerable industry attention given the popularity of Apache httpd and amid reports that exploitation has been seen in the wild. This vulnerability has been assigned CVE ID CVE-2011-3192 and currently scores a 7.8/6.3 using CVSS.
By combining inefficiencies inside the web server software with a protocol design peculiarity, an attacker could consume substantial server CPU and memory by issuing requests that contain many overlapping Range or Request-Range values. Successful exploitation would consume server resources to the point of starving those needed to field legitimate requests from other users.
Business-critical data should be secured at each point along its path—from remote devices to its destination
Although some security incidents are caused by malicious individuals, many data breaches are actually the result of a careless mistake or simple forgetfulness on the part of an employee that is then exploited by a hacker. An unsecured smartphone lost in the airport can allow anyone access to email accounts, for instance. Or a laptop with outdated antivirus software can easily be compromised by new attacks.
Regardless of how it happens, a data breach can suddenly put your company’s business-critical information at risk. With more information now in the cloud and places other than your own network, to fully protect your data, you need to make sure it’s secured in three places: on your employees’ devices, while in transit between those devices and the Internet, and at its destination, including possibly a service provider’s environment. Read More »