Early Warning: Keeping on Top of Security Information

In his security column, Ronald Mendell offers advice on how best to educate yourself on international security issues without spending too much time.
Keeping a pulse on international developments that affect computer security is like trying to catch a subway train just leaving the station. You do a lot of running, and you probably still miss the train.

If your company does business across national borders, strange questions may arise, i.e.:

  • What are the Net risks particular to China?

  • With India being a software engineering center, are there unusual virus risks with software originating from that country?

  • How do political and cultural differences in these countries enter into the computer security equation?

These questions and many others arising from the global scale of computer enterprise may tax the resources of you and your computer security specialist. Reviewing relevant magazines, publications and Web sites for intelligence can become a full time job. With more tasks to do than hours in a week allow, intelligence gathering cannot always be a priority.

To catch political, social, technological, and military actions early is the goal of Internet intelligence work. This process involves obtaining data from diverse sources, such as:

  • Print materials (newspapers, magazines, area studies, and white papers)

  • Computer security incident reports such as those from CERT and e-mail traffic

  • Internet sources such as Web pages, newsgroups, and the results of search engine inquiries

  • Also, consider Jane's intelligence Web site (http://www.janes.com/security) as an extensive resource covering international developments.

Larger companies do well to purchase early warning services. But smaller companies do not have to be left out of the intelligence gathering process because of limited resources.

It is possible through the thoughtful use of an Internet Explorer or a Netscape browser to create folders for various intelligence sites. Such organization makes for fairly rapid scanning of intelligence news on nearly a daily basis.

Some services offer e-mail updates regarding alerts and major security events, although they aren't as timely as early warning services. The organization of e-mails into folders with appropriate parsing rules (such as are available in Outlook) will create a useful intelligence tool.

With astute use of e-mail organizers and Web browser tools, a computer security specialist can quickly move from the "alert level" to in-depth intelligence information. For example, an alert on SQL vulnerabilities will lead, through Web search engines, to other articles and Web pages on SQL. Your e-mail folders may also contain additional links and data to build on the alert's initial information.

Finally, an intelligence database using MS Access or Excel is another useful and quick tool for organizing data from diverse sources. Such a database may contain links to URLs, sources of information, e-mails, and other internal resources. Look at a spreadsheet as a launching pad to widely diverse intelligence sources; useful data will be only a click away.



Resources

NetRadarEWS
https://netradarews.com/

What Has the World of Espionage Come To?
http://www.cnn.com/TECH/computing/9911/16/easy.online.espionage.idg/index.html

Intelligence Gathering by Ronald Mendell
http://securityportal.com/topnews/intell20000125.html.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.