Local Web server attacks double in number: survey

TruSecure, which surveyed 2500 organisations as part of its 2001 Information Security Industry Survey, said almost half of them were hit by a Web server attack in 2001 -- nearly double the number in 2000.

The survey also found that although corporate spending on computer security is increasing, cyberattacks and viruses frequently cripple organisations, with 90 percent of survey respondents being infected by viruses, worms and Trojans despite 88 percent of them already having antivirus protection in place.

According to filtering software provider SurfControl one in every 300 emails now virus-infected.

-The growth in email-borne viruses has been phenomenal. According to MessageLabs, one in 300 emails is now likely to be virus infected, as against one in every 700 in October last year - that's a 133 percent increase in just 12 months," SurfControl Australia MD Charles Heunemann said.

And with the number of emails sent on an average day expected to hit 10 billion this year -- a figure which is expected to triple by 2005, according to IDC - email, one of the most important business communications tools, also presents one of the greatest organisational security risks, Heunemann added.

Janteknology's Glenn Miller believes the recent Nimda virus - which attacks through email, through servers or through Internet browsers and also constantly reinfects an entire network from any infected workstation -- heralds the arrival of a new type of malicious code for which there is no single counter measure.

-To protect their systems from such a sweeping attack, companies need to urgently put in place equally intensive counter measures," Miller said. -There is no single counter measure to protect against this multiple attack class of code.

According to Miller, filtering software should be installed to protect against viruses being transmitted via emails and an application-specific firewall, which has an in-built intrusion detection system and egress filtering, is -the most comprehensive protection for the IIS server".

Furthermore, where Web site infection occurs, there must be immediately accessible measures in place to recover and restore the Web site and network configuration to pre-attack status, Miller added.

-This is very nasty stuff we are seeing now. Nimda has achieved, if achieved is the right word, the damage that we all feared possible from Code Red but which did not eventuate in that case."

• Related stories

• Alerts

Add your opinion

IIS is not safe. If security i ...Anonymous -- 10/10/01

IIS is not safe.

If security is an issue than don't use IIS.

>According to Miller, filtering software should be installed to protect against viruses being transmitted via emails and an application-specific firewall, which has an in-built intrusion detection system and egress filtering, is “the most comprehensive protection for the IIS server”.

• Reply to comment
• Reply to story
• Report offensive content

No platform is inherently secu ...Damon Wynne -- 11/10/01

No platform is inherently secure. If you are saying use something else just on these reasons, then thats like saying, don't connect to the internet because someone will try and hack you, so just don't do it. Thats why people use firewalls and IDS systems. So they can still perform some task, with some level of security.

IIS/Windows NT/W2K generally has around 4-6 flaws on average found a month.

Linux based systems have about ten times that a month.

The trouble is, more people use IIS, hence it being such a huge risk.

Basically if you want the functionality of IIS, the ease of setting up and the support for it, then you use it.

Tier-3 offer a free IIS blocking tool as part of their main huntsman software. It surely can't be too hard to install that and have some greater peace of mind?

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials