mardi 14 juillet 2020    || Inscription
Une étude menée conjointement par PSINet et PanSec met en évidence les graves problèmes de sécurité pour les entreprises négligeantes. Deux sites bancaires factices (Honey Pots) ont été mis en service afin d´observer les attaques subies. L´un non protégé, l´autre protégé par un Firewall.

PSINet Europe, leading provider of e-business infrastructure solutions, and Pan Security International (PanSec), providers of global IT risk assessment services have conducted research showing that the risk to firms that fail to protect themselves is vast and yet despite this thousands of firms are leaving their online sites and networks massively vulnerable, regardless of the increased awareness of the threats from malicious sources.

The tests were carried out on two ?dummy? web sites set up to resemble European banking sites. One site was unprotected whilst the other was equipped with a standard firewall, and the number of hacker attacks each faced over an eight-week period was monitored and compared. The research showed that the unprotected server was attacked 19,128 times, nearly ten times more frequently than the one protected by a firewall, which was attacked 1,672 times over the two months. However, although this shows that a firewall significantly reduces the risk of hacker attacks, more than one third of the attacks on the protected server were classified ?High Risk? (i.e. attacks that could bring the system down, resulting in significant downtime), showing that there is still a need to identify and isolate further vulnerabilities.

Neil Downing, group product manager said: ?With the threat of ?cyber-terrorism? being added to the increasing impact of email viruses and hacker intrusion, online security should be a primary concern for all firms. However, surprisingly more than 50% of our customers do not have even the most basic of firewalls in place and that is a very conservative estimate. This is comparable to an individual not having a lock on their front door ´ in other words it?s the most basic first line of defence.

As the research shows, although a firewall will prevent over 90% of attacks, some will still be successful due to system vulnerabilities. Every business has weaknesses that are unique to its IT configuration. Therefore, firms require constant analysis in order to identify where they are open to attacks so they can tailor and prioritise their security according to the actual rather than the perceived risk.?

Jeremy Brown, CEO of PanSec said of the research results: ?Organisations tend to be more complacent than we would like about security. They tend to think that if they have not been compromised then that means their security is adequate. Just because a system vulnerability has not been exploited does not mean that it does not exist.?

The research follows a newly formed strategic partnership between PSINet Europe and PanSec to provide vulnerability assessment services to PSINet Europe?s customers. The non´intrusive assessment probes the network from the perspective of potential hackers, checking the entire security perimeter visible across the Internet; the local IT security, intranet, extranet, VPN, Broadband and mobile connected IP.

Neil Downing continues: ?Our partnership with PanSec will enable our managed service customers to benefit from daily, weekly or monthly risk reports giving them peace of mind that vulnerabilities can be identified, prioritised and potentially fixed before problems arise. In addition, PanSec provides ongoing assessment of our own network - making us the only managed services provider that has independent proactive network security checks on such a regular basis.?

The system architecture designed by PanSec allows thousands of automated security tests to be conducted every day. The data from these tests is used to generate accurate, easy to interpret risk reports, providing PSINet Europe customers an independent security risk assessment by identifying vulnerable IP addresses, poorly configured networks and known vulnerabilities, enabling the risks to be corrected before they lead to security breaches.

Jeremy Brown from PanSec said: ?IT managers are increasingly stretched and often don?t have time to check that all patches are up-to-date and that the threat of attack is at a minimum. What many firms don?t realise is that default settings on commonly used services come pre-configured and if they are not disabled, they give hackers useful information that can help them ?break in?. Our independent vulnerability assessment service looks at networks from the hacker?s perspective and identifies ?unlocked doors?. Our reports indicate how serious the threat is and advise customers how to best prioritise solving the problem.?

Noter cet article (de 1 = Nul à 5 = Excellent) Valider


Droit d’accès et comptes à privilèges

Jacques Cheminat 0 143031
Equifax, Deloitte, Uber, les récentes violations de données ont souvent des techniques de piratages différentes, mais un élément commun, obtenir l’accès à des applications critiques comme les bases de données, les bases clients, les informations bancaires. En général ces programmes sont soumis à habilitation et rattachés à des comptes à privilèges. leur protection est donc une nécessité dans un monde de plus en plus ouvert et insécurisé. Dossier publié avec le concours de Kleverware.

Événements SSI