http://news.bbc.co.uk/1/hi/technology/3131512.stm 23 September, 2003 The huge number of day-to-day attacks that websites suffer has been revealed with the aid of two fake banking sites. Over an eight-week period the two dummy websites, one with a firewall and one without, suffered thousands of attacks. On average the unprotected website was attacked more than 2,000 times per week and the protected site more than 200 times. Many of the attacks were rated as "high risk" and, if the websites were real, could have seen data destroyed or important customer information stolen. Constant barrage The two dummy sites were set up by net provider PSINet and security firm PanSec International to demonstrate the relentlessness of online malicious hack attacks. The fake websites were made to look like they were operated by European banks. One was protected with a standard firewall but the other was left almost defenceless. Over the eight weeks that the sites were left online, the unprotected website was attacked a total of 19,128 times, roughly once every four minutes. The protected website fared better but was attacked 1,672 times, almost once every hour. More than a third of the attacks on the protected website were so severe that they crashed the site and could have resulted in the loss of data. Open door Neil Downing, a spokesman for PSINet, said that although a firewall can stop 90% of attacks, firms should not think that simply installing one is all the protection they need. "Surprisingly more than 50% of our customers do not have even the most basic of firewalls in place and that is a very conservative estimate," he said. "This is comparable to an individual not having a lock on their front door - in other words it's the most basic first line of defence." Mr Downing said firms needed to be vigilant to ensure that they are doing enough to keep malicious hackers and computer vandals at bay. Jeremy Brown, chief executive of PanSec, said many firms were more complacent about security than they should be. "They tend to think that if they have not been compromised then that means their security is adequate," he said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 24 2003 - 01:29:37 PDT