Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Bye 2011, Hello 2012, what will you have in store for us?

Published: 2011-12-31
Last Updated: 2011-12-31 06:57:26 UTC
by Mark Hofman (Version: 1)
2 comment(s)

With the last day of the year well and truly on the way in most parts of the world and almost finished in my part of the world it is probably a nice time to reflect a little bit on the year that was.  Seems to be popular on the various news channels so it is only fair that we have our own.

On the vulnerabilities front there were of course the usual Microsoft one, culminating in MS11-100 yesterday which ensured all admins have a wonderful day.  I guess the good news is that it is 6 less than last year? Adobe had its fair share throughout the year and is still a very popular target. 

We saw some waves of different types of attacks. A lot of SSH brute force attacks as well as FTP attacks.  We had quite  a few reports of DDOS attacks throughout the year, some in the Gbps range.  Malware of course is still one of the bigger problems and whilst users can and do click "yes" and Security products primarily use blacklists that will remain a problem. 

We had some interesting issues with SSL throughout the year, Apache and of course in the last few days ASP.net. 

So what will 2012 bring us?

IPv4 allocations are no longer, so whether we like it or not IPv6 is going to be featuring on many of our future projects list for 2012. If you haven't looked at it yet, now is a good time to start reading and playing in the labs.  Many security tools are not all that cool with IPv6 yet and some won't be until consumers start asking the question.

On the malware front I predict more of the same.  The basic things are still working, so why change.  Until the basic security controls are in place in most organisations as well as home computers most of the malware will continue to function without too much change in 2012.  We might see more tailored attacks on oranisations and breaking in is as simple as one click in many cases. 

On the security product front I can't see to many changes.  No doubt there will be more products in the "cloud". Cloud computing will remain sexy in 2012 and until there is a major, major insertfavouritewordhere-up there probably will not be too many changes on that front.  Don't get me wrong there is a place for cloud computing, but not for everything or everyone.  There will probably be more of a push by firewall vendors into application awareness in their products. AV vendors already are and will continue to push into whitelisting applications rather than blacklisting. Hopefully people will start considering switching it on. 

Anyway that is enough of my predictions.  If you have a significant event for 2011 that you would like to contribute or a prediction for 2012 feel free to comment or submit via the contact form. 

From all of us here at the Internet Storm Center all the best wishes for the new year.

Mark H

Keywords:
2 comment(s)
Diary Archives