[ISN] Hack raises flags about small ISPs

From: mea culpa (jerichoat_private)
Date: Fri Aug 21 1998 - 15:32:55 PDT

  • Next message: mea culpa: "[ISN] First Virus Written In Java Found"

    Forwarded From: Sunit Nangia <nangiasat_private>
    
    Hack raises flags about small ISPs 
    By Jim Hu
    Staff Writer, CNET NEWS.COM 
    August 21, 1998, 4 a.m. PT 
    URL: http://www.news.com/News/Item/0,4,25526,00.html 
    
    Ever since network administrators at a small Midwestern Internet service
    provider discovered unauthorized visitors in their system, the company has
    spent nearly $100,000 and many sleepless nights trying to close its
    security holes. 
    
    For a local ISP that serves only 4,500 customers around southern Indiana
    and Louisville, Kentucky, that's a big price to pay for being the victim
    of a hacker. The plight of Aye Net underscores how vulnerable small ISPs
    are to security breaches--and how difficult it is for them to fight them. 
    
    A report by the Gartner Group last summer touted the reliability and good
    customer service offered by smaller ISPs and predicted they would survive
    the shakeout among service providers it is expecting over the next few
    years. But Aye Net's vulnerability raises questions about security issues
    and the safety of user pages among smaller companies that may not have the
    resources to purchase high-security equipment. 
    
    On Sunday, when a group of hackers broke into Aye Net through a hole in
    its operating system, the firm was forced to shut down its entire server
    operation as a defense against account compromises. 
    
    "They caused the Web server to execute an arbitrary command that allows
    them to write files or delete files on system," said Eric Paul, vice
    president of Aye Net. 
    
    Aye Net noticed that the hackers initially entered the system through an
    Internet relay chat server. In response, administrators suspended almost
    all dial-up customer functions for its users, except for customer
    authentication, to try to force the intruders off the service. 
    
    However, the situation got worse when, on Monday, the perpetrators were
    able to enter Aye Net's internal network by exploiting parts of the
    operating system, using what the company considered an advanced method. 
    
    The company is still unsure about the exact details of the second hack,
    but it was serious enough for Aye Net to suspend its service. Although
    user home pages were saved while the company shut down the servers, Aye
    Net's own page did not survive the hack. And the hackers' intention
    apparently was to go beyond that front gate. 
    
    "They expressed that their intention was to go in all our user home pages
    with something possibly pornographic," said Camille Allman, director of
    operations. 
    
    Administrators at Aye Net said the problem may have been the fault of its
    Silicon Graphics IRIX server operating system, which they said is known
    for being susceptible to exploits. 
    
    "We have followed all Silicon Graphics' recommendations about all the
    exploits they all knew about," Allman said. "If you go to [network
    security newsletter] Rootshell on IRIX, you can find about 30 different
    exploits." 
    
    Whether the attack was the fault of the ISP's operating system remains
    unknown. But Aye Net isn't taking any chances. It has since replaced its
    operating system with FreeBSD, which is a version of Unix with
    strengthened security measures. 
    
    Nevertheless, investing heavily in defending servers from hackers is no
    simple task, and many local ISPs don't have the luxury of such resources.
    In addition, given the necessary exchange in information between ISPs and
    users, heavy firewalls cannot be employed because they would restrict
    service. 
    
    "An Internet provider cannot get behind a firewall like NASA," Allman
    said, adding that fighting against hackers is like a game of cat and
    mouse. The best way for an ISP to fight hackers is to know their game by
    studying their techniques and then making necessary changes to their
    network configurations. 
    
    "We can only go out to these hack sites and see what's the most
    vulnerable," she said. 
    
    Moreover, security breaches may not be isolated to technology. Some see
    the problem as an underlying deficiency in security policies. 
    
    Chris Roeckl, research manager for market research firm Inverse Network
    Technologies, thinks the problem is not related to the ISP's size. "I
    don't believe there's any way to generalize to say that smaller service
    providers are less secure," he said. "It has very little to do with
    technology and has far more to do with personnel dealing with the network,
    and policies put in place to make sure the network is fast and secure." 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:02:00 PDT