[ISN] How do you know if you've been hacked?

From: mea culpa (jerichot_private)
Date: Mon Jul 13 1998 - 01:04:58 PDT

  • Next message: mea culpa: "[ISN] Another firm offers hacking insurance."

    How do you know if you've been hacked?
    by Laura DiDio
    (IDG) -- The average corporate network is attacked by hackers 12 to 15
    times each year, according to a survey by the Computer Security Institute
    and the FBI. 
    Of the 563 users polled, 73% said hackers had penetrated their networks.
    But 18% said they had no idea if, or how often, their systems had been
    In response, many security consulting firms are training their clients to
    recognize the tell-tale signs of a system or network invasion. 
    In some companies, up to 98% of attacks go undetect-ed, according to the
    Defense Information Systems Agency (DISA) in Washington. Even in
    security-conscious government agencies, more than 70% of the test hacks
    DISA conducted went undetected. 
    Attacks such as E-mail bombs and viruses are obvious, but few companies
    can detect a logical attack -- a planned invasion of the network,
    according to Winn Schwartau, a partner at The Security Experts, Inc. in
    Seminole, Fla. The consultancy attacks the networks of its clients to find
    security holes. "In the last six years, we've performed about 2,300
    sanctioned hacks for our clients, and we've only failed to penetrate the
    networks twice," Schwartau said. 
    Gary Loveland, a partner at Price Waterhouse LLP's Information Security
    Risk Management Group in Los Angeles, said there are several obvious
    things to look for. They include unknown accounts added to the system and
    file server, an excessive number of log-on failures and dial-in attempts,
    any unexpected system or network crashes, unauthorized changes to system
    software and system files or high system activity when no users are logged
    on, especially during off-peak usage hours. 
    "Once they've successfully penetrated your system, hackers frequently
    create accounts for themselves so they can continue to get back in.  And
    they typically will also attempt to give themselves administrator-level
    backdoor access into the network," Loveland said. 
    Bob McKee, director of information management security at The Hartford
    Insurance Co. in Hartford, Conn., said his firm has a "very formal" set of
    policies and procedures and makes those policies a part of every new
    employee's orientation. On the product side, The Hartford proactively
    monitors and tracks all network activity via a series of firewalls and
    intrusion detection and auditing packages that can detect "attacks in
    McKee's group of 22 security managers also performs regularly scheduled
    audit and inventory checks and maintains strict password controls. 
    For further protection, the company has established a demilitarized zone
    for its World Wide Web servers to effectively isolate the corporate
    networks from the Internet. "There is no such thing as being too alert or
    vigilant," McKee said. 
    "If you don't have at least a basic detection mechanism, [for example]
    audit trails, intrusion detection, behavioral anomaly detection, you'll
    never know if your systems are hit," Schwartau said. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:35 PDT