Abstract
Academic journals and trade press have explored several likely routes of malware contagion against which information security practitioners need to defend. These include traditional ‘tunnels and bridges’ that bypass the firewalled corporate perimeter, such as visitor’s laptops, VPN tunnels, encrypted & zipped email attachments, unencrypted wireless, and weak authentication. A potential threat that has not been widely documented is embedded Windows ™ based systems and appliances. Corporate networks that are otherwise highly secure often have some tens of nodes that are not generally recognized as ‘computers’, however run networkable Windows ™ operating systems (OS). These devices range from smart phones to engineering microscopes, from oscilloscopes to print stations, and many others. They may have no single owner, and frequently generic or group user accounts are established on them. They have not been purchased by the IT department and may not appear on IT’s lists of machines to patch and monitor. Vendor’s practices vary widely, with results for their customers ranging from ‘no issue’ to ‘serious risk’. This paper narrates the embedded appliance infosecurity lifecycle, to provide vendors of such systems with best-in-class precautionary measures they should take on behalf of their customers’ security, and to provide purchasers of such appliances with a checklist to enable them to select secure products. LeCroy, a leader in safe and secure Windows ™ appliance engineering, provides the reference case for best-in-class practice. Research in this field is being conducted at LeCroy and elsewhere, in August 2005, by Dr. Julia Kotlarsky of Warwick Business School, and Dr. Ilan Oshri of Erasmus.
Trojan Horse in this context denotes a hidden danger. It escapes detection because it is considered something other than a computer.
Chapter PDF
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Hirsch, C. (2005). Do Not Ship, or Receive, Trojan Horses. In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds) Security Management, Integrity, and Internal Control in Information Systems. IICIS 2004. IFIP International Federation for Information Processing, vol 193. Springer, Boston, MA. https://doi.org/10.1007/0-387-31167-X_5
Download citation
DOI: https://doi.org/10.1007/0-387-31167-X_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29826-9
Online ISBN: 978-0-387-31167-8
eBook Packages: Computer ScienceComputer Science (R0)