Next message: mea culpa: "[ISN] Script Kiddies - Problem with WORMS in MIRC"
[Moderator: He mentions the NYTimes being hacked twice. Does anyone have
information about the second attack? I have posted article pertaining to
one of them but would like more information on the other.]
Forwarded From: Nicholas Charles Brawn <ncb05�t_private>
27Oct98 AUSTRALIA: COMPUTERS - INFORMATION TECHNOLOGY - TO ARMS!
By DAVID BRAUE.
Hackers may be targeting your corporate network as you read this. DAVID
BRAUE reports on the latest ways to protect your precious digital data.
Your mobile phone has filled up with SMS messages alerting you to a
problem with the network. You're getting paged every few seconds, and as
you drive to work support staff keep ringing to report that users are
complaining that their files have disappeared.
Clouds of worry in your head, you arrive at work to find several key
servers have stopped functioning, and, on rebooting them, you find the
volumes have been wiped clean.
We all have one: that awful image of things going wrong, which motivates
us to do all we can to make sure nothing does go wrong. For network
administrators, one of the most terrifying is the fear that their networks
will be hacked into.
The Internet provides many advantages, but its biggest problem is that it
provides an open path to the front door of your network. Tens of thousands
of hackers now patrol the Net, targeting specific corporate networks or
just randomly looking for some "fun".
While in many cases their idea of fun is taking down a corporate network,
in even more frightening circumstances the intrusion may go unnoticed
until your company's competitors begin releasing products that are
curiously similar to your own.
Or perhaps large volumes of your company's stock are bought just before
secret merger negotiations are completed. In whatever form it comes,
hackers are out there and their threat is real. Indeed, a string of
high-profile Web site break-ins in the past year have shown that nobody is
immune from the threat of hackers. The security-conscious CIA was hit
earlier this year, while in August hackers scrawled politically-motivated
messages across several Indonesian Web sites.
A fortnight ago, hackers inserted the words "torture" and "massacre" into
an Indian Army Web site intended to inform the world about events in the
Kashmir region that it is disputing with Pakistan.
Although such hacks are often flamboyant and politically motivated, they
can have more subtle effects, such as were seen after The New York Times
Web site was hacked this year - twice. For companies where reputation is
everything, simply being perceived as insecure can be the worst damage
imaginable.
"There's nothing that gets an MIS manager's attention more than knowing
they had a hack on their network," says Paul Muller, Australia/New Zealand
country manager with the security firm Network Associates. "Even though
there's no real damage done in most instances, they will still have a lot
of egg on their face. Anyone working in an IT capacity is going to be
pretty keen to make sure that's not them."
Still, network security is breached alarmingly often. In the 1997 Computer
Crime and Security Survey sponsored by the Office of Strategic Crime
Assessments (OSCA) and the Victoria Police Computer Crime Investigation
Squad, 300 surveyed Victorian companies reported they had experienced some
form of intrusion or unauthorised computer use in the previous 12 months.
Of those respondents, 90 per cent had been attacked by someone within the
organisation, while 60 per cent had been breached from the outside -
particularly through the Internet. Expect this trend to increase in the
future: the report predicted that "within the next few years the hacker
threat is likely to equal, if not exceed, the threats posed by employees".
Sealing the gates THE question, then, is how to build a hack-proof network
that will keep intruders out while allowing your own employees access to
the data they need. The answer?
"There is no such thing as a hacker-proof network, purely and simply,"
Muller says. "We can only talk about minimising the chances of an attack
happening in the first place."
Even doing this can be a full-time job, with new security holes regularly
being discovered in corporate software from vendors such as Microsoft,
Netscape and others.
Some of the bugs are so obscure as to defy comprehension, yet all
introduce a hole through which wily hackers - and there are some very
malicious geniuses out there - can invade your network and damage or steal
critical data.
Fortunately, because the Internet is such a large community such bugs are
quickly spotted and fixes distributed. Subscribing to daily newsletters
from www.wired.com, www.news. com, www.pcweek.com or any of the other
myriad IT news services will let you know when a new breach has been
detected and how to fix it.
Novell and Microsoft often post patches to their respective operating
system, as do many Unix vendors.
The Queensland-based AUSCERT (Australian Computer Emergency Response Team)
maintains a database of security holes and known fixes at its Web site
(www.auscert.org.au). The key is to make the effort to ensure you are
always running the most up-to-date security patches.
There are ways to check up on your network's security health. Tools such
as the freely available SATAN can pick out common security problems in
Unix servers, while applications such as Security Dynamics' Kane Security
Analyst can pick up configuration problems with NetWare and Windows NT
servers.
If you're really concerned about your network security, you may want to
enlist the auditing services of a company such as PricewaterhouseCoopers
or Andersen Consulting.
Audits not only pick up potential security problems, but they are required
for what may become an increasingly common trend: hacker insurance.
Although not yet available in Australia, the American insurance firm CIGNA
has set what will likely become a common trend by introducing CIGNA Secure
Systems Insurance, a policy which provides US$25 million ($40 million) in
coverage against attacks on networks that have previously passed a CIGNA
audit.
If you've got the cash, you might try tracking down one of the so-called
"tiger teams" which, Sneakers-style, quietly break into your network and
present some trophy data proving where they have been. While hard to find,
they do exist - and odds are it won't take them long to come up with the
goods. Minimising the risk THERE is, admittedly, one way to make your
network completely hack-proof from the outside: grab a pair of wire
cutters and snip your Internet connection. Barring this, says Muller, the
key is damage control.
"If you're unfortunate enough to be hacked, you want to minimise the
potential for hackers to do damage."
Just as a prison is surrounded by many layers of barbed-wire fence, so,
too, is a layered security model your best chance of keeping hackers from
going where they shouldn't.
There are several different technologies you can use to create a layered
security model. Most notable is the firewall, a modest piece of software
that filters incoming and outgoing content to ensure only authorised users
are allowed onto the network.
In the past few years, firewalls have grown from a niche technology into
an industry that is expected to surpass US$1 billion in sales over the
next couple of years.
Check Point Firewall-1, NetGuard Guardian, WatchGuard Firebox and Network
Associates Gauntlet (developed by Trusted Information Systems, but
acquired by Network Associates earlier this year) are just a few of the
products that help control the entry of intruders through your network's
front door. However, while firewalls continue to get smarter and smarter,
insecurities in the structure of IP networks are well known and continue
to be relatively easily exploited by hackers who assume the identity of an
acceptable network user.
Prisons have solid steel doors throughout their interior, which enable
tight control over the movement of prisoners. To accomplish this same
effect in your network, consider deploying multiple firewalls protecting
sensitive network segments - those belonging to finance, human resources
or other departments, for example.
That way, even if a hacker manages to break into your network he or she
won't be able to do much while there.
Of course, installing multiple layers of protection can be a hassle for
legitimate employees, and this is the trade-off any network administrator
faces when implementing a security infrastructure.
"We're an information-driven society and employees need information to get
their job done," says Peter Sandilands, the regional manager for Australia
and New Zealand with the security firm Check Point Software. "On one side
is security and confidentiality, and on the other side is ease of use and
simplicity."
Some companies have investigated the concept of providing a single sign-on
that provides a user with access to all the systems he or she needs, an
approach that has been used by companies such as Qantas, which uses
single-sign technology from Unisys to provide quick access to its systems
by employees working on the ground at several airports.
Using passwords in conjunction with smartcards containing digital
certificates unique to each employee, workers prove their identity at
log-on while providing a digital certificate that individual applications
can use to query digital certificate authorities until they are satisfied
that the employee has presented valid identification.
Combining hardware tokens - including both smartcards and devices from
vendors such as Racal TrustMe and Security Dynamics SecurID which generate
once-off access numbers - with traditional password entry is the best
technique available for access control, according to Bob Hey, the security
manager at network integrator Com Tech Communications.
"The best security solution is a good, strong authentication process that
is globally controlled for different organisations," he explains. "If you
then tie that back into a single log-in structure, there's very little
opportunity where even network administrators can do damage to a network
under an alias or masquerading as another individual - which is the
biggest type of service damage [our customers] are seeing."
Access control is just one part of security, however. Recognising that
even authorised users can go where they're not supposed to, vendors are
now pushing the merits of "intruder detection" technology - including
Cisco Systems's NetRanger and Network Associates' CyberCop - which
monitors users' activities for anything that looks suspicious.
Such technology provides a valuable backup to ensure that any users
sneaking through firewalls can still be monitored on the network. With
major security companies now acquiring start-up companies to assemble the
various pieces of a security infrastructure, interoperable security
solutions from companies like Network Associates and Axent (handled in
Australia by Global Business Solutions) make sense for companies looking
for a centrally manageable, integrated security solution.
For its part, Check Point is promoting OPSEC (Open Platform for Secure
Enterprise Connectivity), an interoperability standard that should enable
tighter integration between various vendors' products in the future.
Laying down the law WHILE software vendors now offer more security
products than you can shake a stick at, any security expert worth his salt
will point out that no company can even hope to be secure without having a
formal security policy in writing.
Consulting firms and vendors such as Network Associates will be happy to
help you formulate such a policy, which should ideally cover a broad range
of issues such as preventing employees from having modems on their desks;
formalising user administration procedures and making sure employees use
password-protected screen savers and shut off their PCs at night.
No matter how careful you are, the important thing to remember is that
there will always be another hacker online who'd like to break into your
network. As in many things, vigilance is the key.
SYDNEY MORNING HERALD 27/10/1998 P1
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 13:08:56 PDT