BindView's RAZOR Security Team Exposes Techniques Used in Latest Incidents of Cyber Attacks on Top eCommerce and Portal Sites.Business/Technology Editors HOUSTON--(BUSINESS WIRE)--Feb. 10, 2000 BindView Recommends Immediate IT Risk Assessments of All Internet Servers to Reduce Risks of Future Incidents Globally RAZOR, BindView Corporation's elite team of security gurus, today offered an analysis of the latest incidents of cyber-terrorism at the top eCommerce and portal sites Noun 1. portal site - a site that the owner positions as an entrance to other sites on the internet; "a portal typically has search engines and free email and chat rooms etc. , as well as exposed the likely technique used. BindView, the leader in IT risk management solutions, offers advice to reduce the risk of similar attacks in the future, including the need to perform immediate risk assessment of all networked servers and software solutions. No personal data or information was accessed illegally in this latest round of hacks. Rather, this hack is known as a &uot;denial of service&uot; where eCommerce and portal sites become unavailable to users as a result of a direct attack on the ISP (1) See in-system programmable. (2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. servers on which the applications are hosted. This results in loss of revenues and decreased consumer confidence. &uot;The unfortunate risk of doing business on the web is that criminals can leverage this reservoir of computing computing - computer power to create the kind of chaos we are seeing now,&uot; said Marc Camm, Vice President of Marketing for BindView. &uot;Security is not just about one company site being hacked Modified. Attacked. Having code altered. See hack and hacker. . It's also about the Internet community bonding together to protect itself. We all need to do our part to ensure our networked computers don't fall prey to this kind of activity.&uot; &uot;Denial of Service&uot; Hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. Techniques Though the groups responsible have not yet been identified, the technique is simple and straightforward. The &uot;denial of service&uot; attack has banded together thousands of networked servers, unbeknownst to their owners, and used these servers to simultaneously flood a target site with requests for the same information or page. These targeted sites only have allocated bandwidth for transactions and requests based on an average volume level. When these monumental mon·u·men·tal adj. 1. Of, resembling, or serving as a monument. 2. Impressively large, sturdy, and enduring. 3. spikes occur, they can cripple crip·ple n. One that is partially disabled or unable to use a limb or limbs. v. To cause to lose the use of a limb or limbs. these sites and render them unavailable. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. industry analysts, &uot;denial of service&uot; attacks are extremely costly and are on the rise. Results from the Computer Security Institute's (CSI CSI Crime Scene Investigator CSI CompuServe, Inc. CSI Commodity Systems, Inc. CSI Commodity Systems Inc. (Boca Raton, FL) CSI Crime Scene Investigation (CBS TV show) CSI Christian Schools International ) FBI 1999 survey indicate that losses due to denial of service attacks An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. are, on the average, up fifty one percent per year. The types of software used in this &uot;denial of service&uot; attack has existed since last year, appearing first in Asia and Europe and entering the scene in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. this summer. However, until recently the software has not appeared in the mainstream security industry, nor been found on compromised sites. &uot;This approach of banding together computing resources using the Internet to enable the cyber-attacks has not been previously executed to this magnitude against such a wide range of high visibility targets,&uot; said Camm. Neighborhood Watch Best Strategy to Guard Against Attacks Firewalls and traditional security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security are ineffective to prevent this type of attack and no solution exists today to combat them at the receiving server location. However, measures can be taken at the originating server to ensure that it will not become an unwilling participant in this kind of activity. To that end, BindView businesses assess the potential security risks up-front on their entire network. Regular scans need to be conducted in order to reduce potential risks to enterprises and e-business infrastructures. This also helps to ensure that IT resources are &uot;secure neighbors&uot; in today's computing community we know as the Internet. Many solutions exist today including BindView's HackerShield to provide this valuable function to businesses. A HackerShield trial version can be downloaded for free from BindView's website at www.BindView.com. &uot;Like other diseases, the best prevention for these attacks is inoculation inoculation, in medicine, introduction of a preparation into the tissues or fluids of the body for the purpose of preventing or curing certain diseases. The preparation is usually a weakened culture of the agent causing the disease, as in vaccination against ,&uot; said Drew Williams, a spokesperson for BindView's RAZOR team. &uot;Each and every site has the responsibility to ensure that they have taken all measures possible to ensure that their servers cannot be used as a proxy to perpetuate per·pet·u·ate tr.v. per·pet·u·at·ed, per·pet·u·at·ing, per·pet·u·ates 1. To cause to continue indefinitely; make perpetual. 2. this type of illegal and destructive activity.&uot; The RAZOR Team The BindView security team was formed in 1998 and has been credited with identifying more than 80 network security vulnerabilities to the public. This group remains in close contact with their &uot;black hat&uot; counterparts, offering insight into potential hacks and what can be done to minimize their effects. The team is comprised by the Internet industry's top security gurus and &uot;white hat hackers&uot; who play an integral role in working with companies to issue patches to these dangerous network threats as they are identified. About BindView Corporation Founded in 1990, BindView provides IT risk management solutions for managing the security, configuration and availability of network operating systems An operating system that is designed for network use. Normally, it is a complete operating system with file, task and job management; however, with some earlier products, it was a separate component that ran under the OS; for example, LAN Server required OS/2, and LANtastic required DOS. , e-services and business applications. Focusing on the critical elements of the corporate IT infrastructure, BindView's award winning products enable corporate IT professionals to effectively leverage their existing technology to achieve their organizations' business goals. More than 7 million licenses of BindView's products have been shipped worldwide to 4,700 companies, including more than 75 of the Fortune 100 and 22 of the largest 25 U.S. banks. Contact BindView via e-mail at info@bindview.com or visit BindView's World Wide Web Site at http://www.bindview.com. BindView can also be reached at (800) 749-8439 or at (713) 561-4000. Editors Note: BindView product names used in this document are trademarks, which may be registered in one or more jurisdictions, of BindView. The names of products of other companies mentioned in this document, if any, may be the registered or unregistered trademarks of the owners of the products. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion