-----Original Message----- From: NIPC Watch To: Daily Distribution Sent: 3/22/02 4:49 AM Subject: NIPC Daily Report 22 March 02 NIPC Daily Report 22 March 2002 The NIPC Watch and Warning Unit compiles this report to inform recipients of issues impacting the integrity and capability of the nation's critical infrastructures. Preventing and detecting insider attacks using IDS. Insider attacks pose unique challenges for security administrators because the attacker requires access in order to fulfil their obligations to the victim organization. Because many organizations' security is focused on protecting the perimeter of the network, little attention is paid to what is occurring within the system. The main issues that need to be addressed in preventing and detecting insider attacks include: what the basic problems of insider attacks are, how IDS systems can help solve this problem, and finally how an internal IDS system should be deployed using various IDS technologies. A combination of the following systems can be deployed to assist in combating against insider attacks: network intrusion detection systems (NIDS), network node intrusion detection systems (NNIDS), host-based intrusion detection systems (HIDS), anomaly-based intrusion detection systems, and the analytical powers of the distributed intrusion detection system (dIDS). By utilizing these systems, attacks can not only be detected; they can also be properly investigated by identifying attack trends and patterns. The IDS systems that allow these goals to be accomplished must also be protected against attacks as well, to prevent the corruption of attack data. It is only through identifying attack trends and patterns, and keeping logs un-corrupted that insider attacks can be thwarted from the IDS part of the security spectrum. (Security Focus, 20 Mar). Feds take information off of Web sites. On 21 March, White House Chief of Staff Andrew Card sent a memo to the heads of all agencies and executive departments, directing them to immediately safeguard any government records that could help terrorists by removing any sensitive information such as locations of nuclear materials from web sites and public documents. Agencies are to provide progress reports to the Office of Homeland Security within 90 days. (Associated Press, 21 Mar) Aid workers say millions at risk from tainted water. A British development agency issued a report claiming that a lack of sanitation will kill 20 million of the world's poorest children over the next decade unless governments take urgent action. Published to coincide with the United Nations World Water Day, the report said 2.4 billion people, or 40 percent of the world's population were without adequate sanitation. The report urges governments to promote and secure a global agreement and action plan to halve the number of people without adequate sanitation by 2015, and for everyone by 2025. (Reuters, 22 Mar) Poor nations warn rich: If you want security, you need to pay for it. Monterrey, Mexico - Leaders of poor nations warned their rich counterparts that if they want a world free of terrorism, they would need to pay for it. Drawing a direct link between poverty and violence, leaders at a UN summit in Monterrey, Mexico said increased aid to the world's neediest is more urgent than ever in the post - 11 September world. President Bush arrived in Monterrey on 21 March and is scheduled to address the summit 22 March before the leaders consider a consensus that urges rich nations to increase development aid and poor nations to use the funds more efficiently. While both the US and Europe have promised billions of dollars more in aid in coming years, their pledges fall short of the $100 billion a year the United Nations has said is needed to halve poverty by 2015. (Associated Press, 22 Mar) Potential Outlook 2002 vulnerabilities. Bugtraq postings indicate that the latest client offerings from Microsoft for corporate email and media are vulnerable to potential abuse by future virus writers. The first Bugtraq posting highlighted multiple potential problems in the methods that Outlook 2002 handles incoming email attachments and HTML encoding. A second post demonstrates how some functionality in Windows Media Player can also be abused to run arbitrary javascript. (Bugtraq, 20 Mar)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:31 PDT