Early Warning: Keeping on Top of Security Information

From SecurityPortal

Keeping a pulse on national and international developments that impact computer
security is like trying to catch a subway train just leaving the station. You
do a lot of running, and you probably still miss the train. If your company does
business across multiple political borders, strange questions may arise.

  • What are the Net risks particular to China?

  • With India being a software engineering center, are there unusual virus
    risks with software originating from that country?

  • How do political and cultural differences in these countries enter into
    the computer security equation?

These questions and many others arising from the global scale of computer enterprise
may tax the resources of you and your computer security specialist. Reviewing numerous
magazines, publications and websites for intelligence becomes a full time
job in itself. And, with more tasks to do than hours in a week allow, intelligence
gathering cannot always be a priority.

To catch political, social, technological, and military actions early is the
goal of Internet intelligence work. This process involves obtaining data from
diverse sources. These sources include:

  • Print materials (newspapers, magazines, area studies, and whitepapers)

  • Computer security incident reports such as those from CERT, email traffic

  • Internet sources such as Web pages, newsgroups, and the results of search
    engine inquiries

  • Also, consider Jane’s intelligence Web site (http://www.janes.com/security)
    as an extensive resource on international developments.

Larger companies do well to purchase early warning services, but smaller companies
do not have to be left out of the intelligence gathering (IG) process because
of limited resources.

It is possible through the thoughtful use of an IE or a Netscape browser to
create folders for various intelligence sites. Such organization makes for fairly
rapid scanning of intelligence news on nearly a daily basis. Some services offer
email updates regarding
alerts and major security events, although they aren’t as timely as early warning
services. The organization of emails into folders with appropriate parsing rules
(such as are available in Outlook) will create a useful intelligence tool.

With astute use of email organizers and Web browser tools, a computer security
specialist can quickly move from the "alert level" to in-depth intelligence
information. For example, an alert on SQL vulnerabilities will lead, through
Web search engines, to other articles and web pages on SQL. Your email folders
may also contain additional links and data to build on the alert’s initial information.

Finally, an intelligence database using MS Access or Excel is another useful
and quick tool for organizing data from diverse sources. Such a database may
contain links to URLs, sources of information, emails, and other internal resources.
Look at a spreadsheet as a launching pad to widely diverse intelligence sources;
useful data will be only a click away.



What Has the World of Espionage Come To?

Intelligence Gathering by Ronald Mendell