[ISN] Computers - IT - To Arms!

From: mea culpa (jerichot_private)
Date: Mon Oct 26 1998 - 14:31:39 PST

  • Next message: mea culpa: "[ISN] Script Kiddies - Problem with WORMS in MIRC"

    [Moderator: He mentions the NYTimes being hacked twice. Does anyone have
     information about the second attack? I have posted article pertaining to
     one of them but would like more information on the other.]
    Forwarded From: Nicholas Charles Brawn <ncb05t_private>
    Hackers may be targeting your corporate network as you read this. DAVID
    BRAUE reports on the latest ways to protect your precious digital data. 
    Your mobile phone has filled up with SMS messages alerting you to a
    problem with the network. You're getting paged every few seconds, and as
    you drive to work support staff keep ringing to report that users are
    complaining that their files have disappeared. 
    Clouds of worry in your head, you arrive at work to find several key
    servers have stopped functioning, and, on rebooting them, you find the
    volumes have been wiped clean. 
    We all have one: that awful image of things going wrong, which motivates
    us to do all we can to make sure nothing does go wrong. For network
    administrators, one of the most terrifying is the fear that their networks
    will be hacked into. 
    The Internet provides many advantages, but its biggest problem is that it
    provides an open path to the front door of your network. Tens of thousands
    of hackers now patrol the Net, targeting specific corporate networks or
    just randomly looking for some "fun". 
    While in many cases their idea of fun is taking down a corporate network,
    in even more frightening circumstances the intrusion may go unnoticed
    until your company's competitors begin releasing products that are
    curiously similar to your own. 
    Or perhaps large volumes of your company's stock are bought just before
    secret merger negotiations are completed. In whatever form it comes,
    hackers are out there and their threat is real.  Indeed, a string of
    high-profile Web site break-ins in the past year have shown that nobody is
    immune from the threat of hackers.  The security-conscious CIA was hit
    earlier this year, while in August hackers scrawled politically-motivated
    messages across several Indonesian Web sites. 
    A fortnight ago, hackers inserted the words "torture" and "massacre" into
    an Indian Army Web site intended to inform the world about events in the
    Kashmir region that it is disputing with Pakistan. 
    Although such hacks are often flamboyant and politically motivated, they
    can have more subtle effects, such as were seen after The New York Times
    Web site was hacked this year - twice. For companies where reputation is
    everything, simply being perceived as insecure can be the worst damage
    "There's nothing that gets an MIS manager's attention more than knowing
    they had a hack on their network," says Paul Muller, Australia/New Zealand
    country manager with the security firm Network Associates. "Even though
    there's no real damage done in most instances, they will still have a lot
    of egg on their face. Anyone working in an IT capacity is going to be
    pretty keen to make sure that's not them." 
    Still, network security is breached alarmingly often. In the 1997 Computer
    Crime and Security Survey sponsored by the Office of Strategic Crime
    Assessments (OSCA) and the Victoria Police Computer Crime Investigation
    Squad, 300 surveyed Victorian companies reported they had experienced some
    form of intrusion or unauthorised computer use in the previous 12 months. 
    Of those respondents, 90 per cent had been attacked by someone within the
    organisation, while 60 per cent had been breached from the outside -
    particularly through the Internet. Expect this trend to increase in the
    future: the report predicted that "within the next few years the hacker
    threat is likely to equal, if not exceed, the threats posed by employees". 
    Sealing the gates THE question, then, is how to build a hack-proof network
    that will keep intruders out while allowing your own employees access to
    the data they need. The answer? 
    "There is no such thing as a hacker-proof network, purely and simply," 
    Muller says. "We can only talk about minimising the chances of an attack
    happening in the first place." 
    Even doing this can be a full-time job, with new security holes regularly
    being discovered in corporate software from vendors such as Microsoft,
    Netscape and others. 
    Some of the bugs are so obscure as to defy comprehension, yet all
    introduce a hole through which wily hackers - and there are some very
    malicious geniuses out there - can invade your network and damage or steal
    critical data. 
    Fortunately, because the Internet is such a large community such bugs are
    quickly spotted and fixes distributed. Subscribing to daily newsletters
    from www.wired.com, www.news. com, www.pcweek.com or any of the other
    myriad IT news services will let you know when a new breach has been
    detected and how to fix it. 
    Novell and Microsoft often post patches to their respective operating
    system, as do many Unix vendors. 
    The Queensland-based AUSCERT (Australian Computer Emergency Response Team) 
    maintains a database of security holes and known fixes at its Web site
    (www.auscert.org.au). The key is to make the effort to ensure you are
    always running the most up-to-date security patches. 
    There are ways to check up on your network's security health. Tools such
    as the freely available SATAN can pick out common security problems in
    Unix servers, while applications such as Security Dynamics' Kane Security
    Analyst can pick up configuration problems with NetWare and Windows NT
    If you're really concerned about your network security, you may want to
    enlist the auditing services of a company such as PricewaterhouseCoopers
    or Andersen Consulting. 
    Audits not only pick up potential security problems, but they are required
    for what may become an increasingly common trend: hacker insurance. 
    Although not yet available in Australia, the American insurance firm CIGNA
    has set what will likely become a common trend by introducing CIGNA Secure
    Systems Insurance, a policy which provides US$25 million ($40 million) in
    coverage against attacks on networks that have previously passed a CIGNA
    If you've got the cash, you might try tracking down one of the so-called
    "tiger teams" which, Sneakers-style, quietly break into your network and
    present some trophy data proving where they have been. While hard to find,
    they do exist - and odds are it won't take them long to come up with the
    goods. Minimising the risk THERE is, admittedly, one way to make your
    network completely hack-proof from the outside: grab a pair of wire
    cutters and snip your Internet connection. Barring this, says Muller, the
    key is damage control. 
    "If you're unfortunate enough to be hacked, you want to minimise the
    potential for hackers to do damage." 
    Just as a prison is surrounded by many layers of barbed-wire fence, so,
    too, is a layered security model your best chance of keeping hackers from
    going where they shouldn't. 
    There are several different technologies you can use to create a layered
    security model. Most notable is the firewall, a modest piece of software
    that filters incoming and outgoing content to ensure only authorised users
    are allowed onto the network. 
    In the past few years, firewalls have grown from a niche technology into
    an industry that is expected to surpass US$1 billion in sales over the
    next couple of years. 
    Check Point Firewall-1, NetGuard Guardian, WatchGuard Firebox and Network
    Associates Gauntlet (developed by Trusted Information Systems, but
    acquired by Network Associates earlier this year) are just a few of the
    products that help control the entry of intruders through your network's
    front door.  However, while firewalls continue to get smarter and smarter,
    insecurities in the structure of IP networks are well known and continue
    to be relatively easily exploited by hackers who assume the identity of an
    acceptable network user. 
    Prisons have solid steel doors throughout their interior, which enable
    tight control over the movement of prisoners. To accomplish this same
    effect in your network, consider deploying multiple firewalls protecting
    sensitive network segments - those belonging to finance, human resources
    or other departments, for example. 
    That way, even if a hacker manages to break into your network he or she
    won't be able to do much while there. 
    Of course, installing multiple layers of protection can be a hassle for
    legitimate employees, and this is the trade-off any network administrator
    faces when implementing a security infrastructure. 
    "We're an information-driven society and employees need information to get
    their job done," says Peter Sandilands, the regional manager for Australia
    and New Zealand with the security firm Check Point Software. "On one side
    is security and confidentiality, and on the other side is ease of use and
    Some companies have investigated the concept of providing a single sign-on
    that provides a user with access to all the systems he or she needs, an
    approach that has been used by companies such as Qantas, which uses
    single-sign technology from Unisys to provide quick access to its systems
    by employees working on the ground at several airports. 
    Using passwords in conjunction with smartcards containing digital
    certificates unique to each employee, workers prove their identity at
    log-on while providing a digital certificate that individual applications
    can use to query digital certificate authorities until they are satisfied
    that the employee has presented valid identification. 
    Combining hardware tokens - including both smartcards and devices from
    vendors such as Racal TrustMe and Security Dynamics SecurID which generate
    once-off access numbers - with traditional password entry is the best
    technique available for access control, according to Bob Hey, the security
    manager at network integrator Com Tech Communications. 
    "The best security solution is a good, strong authentication process that
    is globally controlled for different organisations," he explains. "If you
    then tie that back into a single log-in structure, there's very little
    opportunity where even network administrators can do damage to a network
    under an alias or masquerading as another individual - which is the
    biggest type of service damage [our customers] are seeing." 
    Access control is just one part of security, however. Recognising that
    even authorised users can go where they're not supposed to, vendors are
    now pushing the merits of "intruder detection" technology - including
    Cisco Systems's NetRanger and Network Associates' CyberCop - which
    monitors users' activities for anything that looks suspicious. 
    Such technology provides a valuable backup to ensure that any users
    sneaking through firewalls can still be monitored on the network.  With
    major security companies now acquiring start-up companies to assemble the
    various pieces of a security infrastructure, interoperable security
    solutions from companies like Network Associates and Axent (handled in
    Australia by Global Business Solutions) make sense for companies looking
    for a centrally manageable, integrated security solution. 
    For its part, Check Point is promoting OPSEC (Open Platform for Secure
    Enterprise Connectivity), an interoperability standard that should enable
    tighter integration between various vendors' products in the future.
    Laying down the law WHILE software vendors now offer more security
    products than you can shake a stick at, any security expert worth his salt
    will point out that no company can even hope to be secure without having a
    formal security policy in writing. 
    Consulting firms and vendors such as Network Associates will be happy to
    help you formulate such a policy, which should ideally cover a broad range
    of issues such as preventing employees from having modems on their desks; 
    formalising user administration procedures and making sure employees use
    password-protected screen savers and shut off their PCs at night. 
    No matter how careful you are, the important thing to remember is that
    there will always be another hacker online who'd like to break into your
    network. As in many things, vigilance is the key.
    SYDNEY MORNING HERALD 27/10/1998 P1 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:56 PDT