Browse Definitions:
Quiz

Answers: Top 10 consumer threats to the enterprise

1. This type of Internet application allows end users to read and write personal email at work. What is it?

Answer: webmail

Threats:
The Black Hat conference is a popular venue for demonstrating webmail flaws.

Resources:
Web Application Attacks Learning Guide























 2. This term describes the practice of copying data from a computer onto a personal storage device such as a USB drive, PDA or iPod. What is it?

Answer: podslurping

Threats:
Your data may be your most precious asset. Do you really want to see next season's software, industrial design or previous intellectual property walk out the door? To protect against podslurping and other network intrusions targeting individual computers, experts recommend that administrators develop and enforce effective endpoint security policies.

Resources:
Topic: Endpoint Security
Learn how to build, implement and maintain secure procedures for keeping your network safe from potentially insecure laptops, desktops, PDAs and other endpoint machines.

 





































 3. This real-time communication technology can unwittingly become an "instant" security threat. What is it?

Answer: instant messaging

Threats: Instant messaging (IM) security risks, especially the potential for data leaks and policy breaches, are the biggest reasons businesses and organizations need to secure their IM clients. Security Expert Michael Cobb, in this Q&A, writes that:

"As one of the most widely deployed applications on the Internet, instant messaging, or IM, has increasingly become a target for attackers. Threats range from IM-borne viruses, worms, SPIM (spam over IM), malware and phishing attacks. Unfortunately, controlling the use of IM within an organization is quite difficult."
Read the rest of Cobb's answer

Resources:
IM security address both risks and compliance requirement.

Review how to secure instant messaging.

Then, try your hand at this short IM quiz from SearchSecurity.com to see if you've internalized what you've learned.

































 4. This feature, found even in the lowest-end cell phone, could be used for corporate spying. What is it?

Answer: picture messaging in camera phones

Threats:
Disgruntled employees taking pictures of confidential documents? Prototypes showing up in the background of Facebook photos and blogs? Scary. Perhaps more significant, however, is the possibility that in order to send and receive images, users will disable image filters on Outlook, allowing image spam and phishing attacks to slip through.

Resources:
Camera phones: Snapping at workplace privacy? 
Gartner: A camera phone ban is shortsighted 

































 5. Now that these portable organizational devices have large amounts of memory and wireless connectivity, there are many new ways for data to escape and for malware to sneak in. What are they?

Answer: PDAs & smartphones

Threats: Unless you've been holding onto your old Palm, the odds are that your current PDA is a BlackBerry or Treo. Losing them may be the primary concern but viruses can be transferred onto the corporate server when they synchronize.

Resources:
BlackBerry vulnerability, mobile viruses are real threats 
BlackBerry Security 
White Paper: CIO Guide to Mobile Security
Weekly Security Planner: Your PDA/PED Policy





























 6. This peer-to-peer VoIP service may be free and easy to use, but hackers have been caught trying to exploit its vulnerabilities. What is it?

Answer: Skype

Threats:
According to security expert Mike Chapple, "There are certainly some security concerns related to using services like Skype on an enterprise network. Specifically, Skype does not publish the details of its security controls, and some traffic may take place in an unencrypted fashion. Therefore, I would not recommend using the technology for confidential information."
Read the rest of Chapple's discussion of Skype dangers

Resources:
High-risk flaws in Skype
Skype Trojan: Much ado about nothing?
IM, Skype, P2P open security holes: Survey 
Can Skype phones threaten an enterprise network? 
Skype: Its dangers and how to protect against them






















 7. Downloadable desktop _____ that display weather forecasts or stock quotes have become quite popular with end users. Unfortunately, they can also provide a backdoor to your network. What are they?

Answer: desktop widgets

Threats:
Attackers have already discovered how to exploit a flaw in Yahoo!'s Widgets to run malicious code on compromised Windows computers. Few users realize that downloading, installing and running these small applications may open up a vulnerability -- and administrators may not see the issue until it's too late.

Resources:
Widgets: The next big security threat?
Are desktop gadgets a target for hackers?
Security update fixes Yahoo Widgets flaw 



























 8. Enterprise applications delivered through the cloud using this software distribution model are vulnerable to Web-based attacks. What is the software model?

Answer: SaaS applications

Threats: Web applications of any sort, including SaaS apps, are exposed to a wide variety of threats and potential vulnerabilities that can put an entire enterprise at risk. Whether it's the method used is cross-site scripting, command injection, path traversal attacks or buffer overflows, compromised SaaS applications are bad news for everyone.

Resources:
Web Application Attacks Learning Guide
SaaS apps being deployed by business units, not IT
What You Don't Know About SaaS
Burton cautions architects on SaaS

































 9. Employees attending a seminar in this popular virtual world can bring back more than just a bag of swag. What is it?

Answer: Second Life

Threats:
While phishing or identity theft scams are still in their infancy in the context of 3-D virtual worlds, the software and updates that the software client frequently requests aren't just a drag on network resources. Like widgets, automatic updates can be used by hackers to bring malware into the user's PC.

Resources:
Second Life a security risk for businesses, Gartner cautions
Web services and Second Life
Second Life job fairs boost IT prospects



































 10. Where would you find a worm on your wall? Facebook. This type of networking site is an increasingly popular target for malware distributors. 

Answer: social networking

Threats: Social networking sites so far have been hit mostly by annoying worm, adware and phishing attacks.
Read the rest of Ed Skoudis' explanation of social networking dangers

Resources:
What are the risks of social networking sites? 
Black Hat 2007: Researchers demonstrate webmail, social networking flaws
Hackers planning cyberwar on social networking sites 
Social-networking sites rife with wormable flaws 
Social networking gone bad

This was last updated in August 2008

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • PCAOB (Public Company Accounting Oversight Board)

    The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public ...

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

SearchSecurity

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher used by the U.S. government to protect classified ...

  • identity theft

    Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable ...

  • spear phishing

    Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to ...

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

  • disaster recovery as a service (DRaaS)

    One approach to a strong disaster recovery plan is DRaaS, where companies offload data replication and restoration ...

SearchStorage

  • CIFS (Common Internet File System)

    CIFS (Common Internet File System) is a protocol that gained popularity around the year 2000, as vendors worked to establish an ...

  • GlusterFS (Gluster File System)

    GlusterFS (Gluster File System) is an open source distributed file system that can scale out in building-block fashion to store ...

  • virtual memory

    Virtual memory is a memory management capability of an OS that allows a computer to compensate for physical memory shortages by ...

SearchSolidStateStorage

  • Tier 0

    Tier 0 (tier zero) is a level of data storage that is faster, and perhaps more expensive, than any other level in the storage ...

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

  • SSD caching

    SSD caching, also known as flash caching, is the temporary storage of data on NAND flash memory chips in a solid-state drive so ...

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close