Security Web Digest: Internet Attacks Up, Secure Web Servers, Oracle and the TSA ... and More

VPNs and Wi-Fi a perfect match... WS-I security standards on the way... Oracle to provide transportation security software... and more from around the web


The number of security incidents and confirmed attacks detected by businesses rose by 37% in the first three months of the year according to a report made public on Monday by Internet Security Systems. In the same time frame, the total number of reported security events, which range from relatively minor activities such as automatic probing to full-scale onslaughts by worms, jumped tenfold over the previous three months, according to ISSs quarterly "Internet Risk Impact Statement." ISS pointed out that worms increasingly are able to cause dramatic damage worldwide with a minimum of effort on the part of the attacker.

WholeSecurity on Monday announced Web server software designed to prevent remote-access Trojans or eavesdropping software from penetrating networks during e-commerce or employee interactions over the Internet. The company says its Confidence Online helps guard against identity theft and network compromise by detecting and blocking any action by harmful Trojans such as BackOrifice and Subseven, as well as legitimate remote-administration tools such as Symantecs PCAnywhere. The goal is to prevent any potential entryway from desktops into corporate networks during interaction over the Web, says Tony Alagna, founder of WholeSecurity.

Barry Fougere, president and CEO of Colubris Networks, says VPN technology is the best solutiuon to Wi-Fi security. "This is because the market is comfortable with VPN technology, which has come as a result of common practices in more wired settings," he said. "People use VPNs to access the corporate network from the road or from home over their broadband connections, so this is a technology with which network managers are becoming increasingly comfortable in wireless settings. Using VPNs is a proven method for securing networks, unlike proprietary systems, in which you are only taking the vendors word that its product is secure,"he said.

The Web Services Interoperability Organization on Monday said it established a working group to sort through overlapping proposals aimed at adding security to Web services applications. The announcement is the latest milestone in the WS-Is long-term plan for Web services security. Last month, the organization said that it intends to publish guidelines to show software companies and their customers how to use Web services security tools to ensure interoperability across different products. Web services is both a programming method and a series of protocols for building applications that can easily exchange data and processes. Some businesses are already using Web services, along with existing security software, as a way to integrate computing systems.

Homeland Security

Oracle on Monday announced a contract with the Transportation Security Administration to supply the federal agency with call center software and other information technology infrastructure. The TSA, which is part of the recently formed U.S. Department of Homeland Security, is responsible for security screening at commercial airports across the country. Under the contract, the TSA has agreed to use Oracles database management, application server and customer relationship management (CRM) software to allow the public to file complaints andcomments to the agency online.

(Editors Note: This story has been modified since its original posting to correct a statistical error in the ISS report.)