This distressing story from Government Computer News focuses on government servers, but there seems to be no reason to assume what is happening isn't a danger to corporate servers as well.
Tools available to Internet browsers, the writer points out, are becoming more adept at identifying questionable Web sites and stopping phishing attempts. That's great. But it's also true that the malware community is clever and never at a loss for what to do. Its response, according to the story and the Symantec release upon which it is based, is to find loosely protected government servers and use them to host phishing sites that attack that government.
It doesn't sound like it's all that hard, either. At least some of the servers used by a government will be lightly protected. It's also particularly dangerous, since the superimposition of the fake site on a real server makes it seem legitimate.
So far, according to Symantec information, the hackers aren't using the .gov domain name in the United States. But this approach has been seen on servers in 12 nations (Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, Ukraine, China, Brazil, Bosnia-Herzegovina, Columbia and Malaysia). It seems like only a matter of time before it is attempted here.
Regardless of whether the government server attacks have reached our shores or not, the message that server security is important rings loud and clear. IT departments, therefore, should be familiar with the changing face of server security.
This IT-Director.com story describes the launch of the Forefront product family, which Microsoft says is a bookend move to the company's introduction of Windows Live OneCare in May, 2006. Security for the Internet Security and Acceleration Server (2006) is only part of Forefront, the story says. The writer also points out that this is only a partial solution, since Forefront focuses only on Microsoft products. The overall feel of the story is that Forefront is an incomplete product, both for ISA and other Microsoft products. Specific information on Forefront server security has been available since April from Microsoft.
This posting at Virtual Strategy magazine discusses the need for a new security approach altogether -- and suggests one. The writer says servers traditionally are among the most secure of IT assets, but the landscape is rapidly changing as these devices increasingly face the public and other enterprises through the Internet and related IP-based networks. Rising threats and the failure of traditional perimeter security applications make the time ripe for server shields. He adds that they are highly available, accurate and have low latency.
Whether server shields are the answer -- or even if they would have a direct impact on the illicit use of an entity's servers to host phishing sites -- is hard to say. What is clear, however, is that we are entering an era in which server security will be an increasingly vital topic.