Ever since the emergence of iPod back in 2004, GFI and other experts including Gartner analysts, Ruggero Contu and John Girard have been warning that iPods are a potential danger to the corporate network. Yet, nearly one-third of medium-sized companies remain unconcerned about leaking sensitive data through devices that are highly portable with large storage capacities, according to Osterman Research.
On Oct. 18, 2006, it came to light that a number of infected Apple iPods have been rolled out of the manufacturing plant during the past month carrying a virus known as RavMonE.exe (also know as Win32/RJump.A, Worm.RJump, and Backdoor.Rajump amongst others). RavMonE.exe is a worm that opens a backdoor on Windows based systems and spreads by coping itself to portable storage drives such as USB sticks, digital cameras, external hard drives and open shares. The iPod virus threat is just one example.
Corporate repercussions
The threat that portable storage devices pose to corporations and organizations is often underestimated. Easy access to portable music players, PDAs, mobile phones and digital cameras has exponentially increased the risk of infection and drastically decreased business continuity. iPods and other portable storage devices are popular, fashionable, inexpensive, heavily promoted and freely available in today's society. These factors, plus a lack of security awareness are all major contributors to the tremendous wave of malevolent threats that are hitting corporations; making them legally liable to hefty fines or even bringing many businesses to a halt - no matter the size, no matter the industry, no matter the revenue!
This recent video iPod case has raised the alarm at how quickly a virus infection can spread on a corporate network. In order to ensure business continuity and legal compliance, corporations must counter virus infections by focusing their efforts on effective security risk management.
The days of conventional counter measures are over. Relying on voluntary compliance is not the best option anymore: Malicious insiders and gullible employees who fall for social engineering practices are the weakest link in the corporate security chain. Furthermore, anti-virus solutions are reactive rather than proactive as they usually detect issues after your system has been infected and the damage has already been done!
The proactive solution for your network
Risk management is the only effective solution to counter portable device threats by deploying software barriers that control portable storage device usage on your network. GFI Software, an international leader and developer of network security, content security and messaging software recommends the following best practices. To safeguard your corporation against RavMonE.exe and other malicious threats:
1. Don't rely on conventional systems - Ensure you deploy an endpoint security software tool which allows you to actively control (in real-time) all file transfers to and from all portable storage devices. This will enable you to avoid contagion and network-wide spreading up of malicious software that might be present on portable storage devices. Backed up by several years of network security research, GFI has developed a solution to counteract such portable storage device threats - GFI EndPointSecurity, a 24/7 vigilant eye against all risks posed by portable storage devices.
2. Don't manage security but manage risks - Make sure that your anti-virus signatures are up-to-date. This will enable you to detect dangerous files and network systems that have already been infected by RavMonE.exe and other malicious software.
3. Don't rely on luck - Make sure you scan all iPods and removable storage devices for infected files prior to allowing file uploads on to the corporate network. This will enable you to avoid network contagion by detecting malware, trojans, viruses, spyware and other malicious software that might be present on portable storage devices.
4. Don't rely on voluntary compliance - Make sure you scan your files using an anti-virus solution that supports real file-type scanning. This way, you can protect your corporation against contagious applications that have been disguised as innocuous files.
5. Don't let your workforce be the weakest security link - Make your network users aware of the threats and risks associated with the upload and propagation of malicious files on the corporate network.
- Andre Muscat is the product manager for the network security products division at GFI Software.
