Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Open Hotel Networks Causing Rash of US Malware Infections

Venafi : 18 May, 2012  (Technical Article)
Venafi comments on the human weakness in the security chain as open Wi-Fi networks in public places provide paths for malware infections
Open Hotel Networks Causing Rash of US Malware Infections
“Everyone with an Internet connection has a stake in understanding the critical links in the IT security chain,” said Venafi CEO Jeff Hudson, commenting on the FBI’s warning to travellers who use wireless networks in hotels.

The agency issued the warning in response to a series of incidents in which American travellers downloaded malicious software while connecting to wireless networks in their hotels. The unwitting travellers had clicked to accept what appeared to be routine, legitimate software updates. The resulting malware infestations and subsequent warning prompted Hudson to observe that humans have become the weakest link in the digital defence chain.

Part of this particular problem is the open nature of hotel wireless networks, which operate in notoriously insecure environments to provide hotel guests with easy Internet access.

“The solution is to use encryption to ensure that travellers’ Internet sessions are safe from prying eyes,” Hudson, an IT security expert, asserted. “Before downloading any software, updating existing applications or establishing a connection with a website that requires a user name and password, everyone should review the service provider’s digital certificate and license agreement.”  Hudson acknowledged, however, that expecting an assortment of business and vacationing travellers—sales professionals and other non-IT staff, for example—to understand how encryption keys and certificates work “isn’t a realistic option.”

This is where organisations’ IT and security professionals come in. “This warning is a wakeup call for IT pros who manage their organisations’ vast certificate and software-update programs,” Hudson explained.

The pros must understand that, while training end users to safeguard their organisations’ networks is important, road-weary warriors who are short on sleep, in a hurry or slightly under the influence of their nightcaps may forget to follow the correct, secure path to their companies’ email systems and intranets. Unfortunately, this too-human behaviour can jeopardize organisations’ networks and valuable data.  

To mitigate these risks, IT professionals must ally policy-enforcement technologies with their security systems, thus mitigating the risk of human error. “To compensate, they need to adopt automated security processes that eliminate the unquantifiable risks that arise from human error and misunderstanding,” Hudson explained. “Organisations that automate and centrally manage security and compliance processes significantly reduce their risks.”

Companies that have centralized IT resources complete with certificates and compliance-enforcement technologies, as most do, can use their servers to automatically enforce secure connections, Hudson further explained. This approach prevents software-update pop-us from affecting employees in their hotel rooms.

“Automated technology and key management systems should make life as easy as possible for the road warriors out there. As well as allowing easy—but secure—access to company email and the Internet, the technology can also manage reputational risk, maximise system availability and help organisations achieve the required regulatory compliance,” Hudson said.

“Factor in other advantages, such as the ability to enforce company and security policies, and secure critical information—plus the capability of recovering from certificate-authority compromises—and you have a secure remote access platform that is a win-win situation on the audit and governance front,” he added.

Concluding his thoughts on the subject, Hudson noted that the FBI’s warning provides an important vehicle for getting the word out about the significant advantages of accepting human frailty as a given and compensating for it by automating security systems—including encryption key and certificate management systems.

“It’s for this reason that we welcome the news that the FBI is alerting business professionals to this high-risk security problem,” Hudson said. “There are security solutions to these issues.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo