Guarding Your Gateway.Deflect hackers with a cybersecurity strategy. "The future of Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. is not very good. New methods are being invented--new tricks--and every year it gets worse. We are not breaking even. We are losing the battle. "--Cryptographer, internationally renowned security technologist, and author Bruce Schneier on the opening day of the 2001 RSA Security RSA, The Security Division of EMC Corporation, is headquartered in Bedford, Massachusetts, and maintains offices in Ireland, the United Kingdom, Singapore, India, and Japan. RSA organizes the annual RSA conference. Conference, San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden IT IS EASY TO CONVINCE YOURSELF THAT YOUR association is immune to serious hacker attacks. You imagine perhaps a random push at the network defenses, but not a full-scale attack. After all, the association is a nonprofit organization Nonprofit Organization An association that is given tax-free status. Donations to a non-profit organization are often tax deductible as well. Notes: Examples of non-profit organizations are charities, hospitals and schools. . It doesn't have major assets to raid. No major corporate secrets. In fact, were it not for an IP (Internet protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. ) address or two and a Web site, you'dhardly know the association network even existed. But the reality is that your network is under serious assault every minute of every day. For example, my home computer log recently showed 14 blocked attacks in the span of less than one second. And the situation is growing worse. In early May, for instance, a pseudonymous Refers to a pseudonym, which is a fictitious name or alias. Pronounced "soo-don-a-miss." Contrast with anonymous, which means nameless. hacker launched a Web graffiti spree, defacing with a pro-Napster message Web sites of organizations ranging from the National Aeronautics and Space Administration National Aeronautics and Space Administration (NASA), civilian agency of the U.S. federal government with the mission of conducting research and developing operational programs in the areas of space exploration, artificial satellites (see satellite, artificial), to the Communications Workers of America Communications Workers of America (CWA) is the largest communications and media labor union in the United States (the union also has locals in Canada), representing over 700,000 workers in both the private and public sectors. . During a flare-up between Israel and Palestine last year, a small cadre of Israeli loyalists set up a Web site to conduct a pre-emptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. propaganda strike against the Web pages of Hezbollah and other pro-Palestinian groups. After an effective bombardment shut down six sites including www.Hamas.org, a furious Arab counterattack Attacking an attacker. Even though a criminal hacker or other agent is attempting to penetrate a security perimeter or damage systems, the counterattack must not violate applicable laws. sent several Israeli government sites offline and then attacked the Web sites and networks of pro-Israeli lobbying groups in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. . Increasingly, the attacks are part of cyberwarfare intended to sow confusion and disrupt electronic commerce. In May of 2001, Chinese hackers waged a weeklong battle against Web sites in the United States, defacing some sites and crippling others with denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DOS) attacks. Responses to the "2001 Computer Crime and Security Survey," conducted by the Computer Security Institute, San Francisco, with participation of the San Francisco FBI Computer Intrusion An incident of unauthorized access to data or an automated information system. Squad, confirm that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting. Findings based on a survey of 538 computer security practitioners in American corporations, government agencies, financial institutions, medical institutions, and universities indicated Internet connections a more frequent point of attack than internal systems. Seventy percent of the respondents had suffered attacks to their organizations' connections to the Internet. Sixty-four percent acknowledged financial losses due to computer breaches. As in previous years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time most serious financial losses occurred through theft of proprietary information. Hacker heritage Hackers have been a part of the online industry since the first computer networks were forged. But the advent of a global Internet has dramatically increased the number and types of people seeking to penetrate the computers of organizations. The threat was initially directed toward government and corporate computers that might yield data that could be sold, or that might offer direct access to financial accounts. As more individuals connected to the Internet, however, there also emerged a cadre of wannabes Wannabes is an online interactive soap and game created for the BBC by Illumna Digital. Wannabes follows on from Jamie Kane, the BBC's previous foray into online interactive drama. The show/game consists of 14 10 minute episodes released twice a week. who do not have sophisticated hacking skills but are capable of using hacking tools to break into networks. Many of these novice hackers do it for recognition and peer support. One 1993 report to the FBI referred to the three classes of hackers as "hippies, kids, and thieves." That is, those who did it were either people having the necessary skills, kids seeking recognition, or professionals looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. money and data. But these are no longer the only threats. Within the past few years, a new kind of hacker has emerged. "They are a new generation of 'hacktivists,"' says Jim Basara, chief operating officer Chief Operating Officer (COO) The officer of a firm responsible for day-to-day management, usually the president or an executive vice-president. of security services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the firm PromiseMark, a computer security company in Fairfax, Virginia Fairfax is an independent city forming an enclave within the confines of Fairfax County, in the Commonwealth of Virginia. Although politically independent of the surrounding county, the City of Fairfax is nevertheless its county seatGR6. . "They are social or political activists who spread their message by defacing the Web sites of others, or penetrating and disrupting the computer networks of those they oppose. And while their acts have been limited until now to fairly simple acts of hacking, new tools are giving them unprecedented power to cause damage." Hacktivism Hacktivism (a portmanteau of hack and activism) is often understood as the writing of code, or otherwise manipulating bit, to promote political ideology - promoting expressive politics, free speech, human rights, or information ethics. emerged in the mid-l990s, and most of the early attacks were directed toward governments. But the techniques of this digital vandalism have spread to private-sector and nonprofit targets. Recent attacks have been launched by animal rights activists and supporters of the online music service Napster. Preferred methods of attack Though new tools and threats arise almost daily, most attacks on a network or site fall into one of seven categories: 1. E-mail relay See anonymous remailer. . Virtually every mail server has the capability to redirect to another server or destination the e-mail that it receives. This capability allows organizations greater efficiency in the way they handle e-mail, breaking the load among several servers for large or geographically separated operations. But this is also a common capability exploited to use an organization's servers to send unwanted messages. Most servers turn off the relay function by default, but this may not be the case in older servers. The server software is generally the culprit. And while the software usually can be replaced inexpensively depending on the number of users of the system, sometimes patches and quick fixes have been known to reenable this relay. 2. Virus attack. One of the simplest forms of hacker attack, this method uses a computer virus that is sent as part of a file (document, e-mail, or other) with the intention of extracting information or destroying segments of the network. The Chernobyl virus works in this way. More recent versions such as Melissa and Pictures for You are capable of hiding from antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. or sending themselves to others on the network or across the Internet. These more insidious incarnations of the computer virus are known as computer worms Name Alias(es) Type Subtype Isolation Date Isolation Origin Author Notes Badtrans Bagle Blaster Brontok Code Red Code Red II Dabber Doomjuice ExploreZip Father Christmas HI. . (See companion article, "Computer Parasitology Parasitology The scientific study of parasites and of parasitism. Parasitism is a subdivision of symbiosis and is defined as an intimate association between an organism (parasite) and another, larger species of organism (host) upon which the parasite is ," for descriptions and preventions of these latest invaders.) 3. Denial of service. A DOS attack See denial of service attack. occurs when legitimate users are prevented from accessing and using a Web site or network service. This style of hacker attack has become increasingly popular in the past year, with such high-profile companies as CNN CNN or Cable News Network Subsidiary company of Turner Broadcasting Systems. It was created by Ted Turner in 1980 to present 24-hour live news broadcasts, using satellites to transmit reports from news bureaus around the world. Interactive, Yahoo!, Amazon.com, and eBay coming under fire. Two primary methods are used to mount the attack. One is a mail bomb, in which thousands of email messages are used to overwhelm a news, e-mail, or chat server. The other is the use of continuous hypertext markup language (hypertext, World-Wide Web, standard) Hypertext Markup Language - (HTML) A hypertext document format used on the World-Wide Web. HTML is built on top of SGML. "Tags" are embedded in the text. A tag consists of a "<", a "directive" (in lower case), zero or more parameters and a ">". (HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. ) requests, which tie up a Web site as it tries to respond to thousands of simultaneous requests for the downloading of a Web page. Associations are vulnerable to either type of attack, which would deny staff and members access to critical resources for the duration of the attack. Some sites have been inoperable inoperable /in·op·er·a·ble/ (in-op´er-ah-b'l) not susceptible to treatment by surgery. in·op·er·a·ble adj. Unsuitable for a surgical procedure. for days or even weeks. 4. Defacing of a Web site. This is an increasingly popular form of attack due to the low security of many Web sites and inherent weaknesses of the World Wide Web architecture. In this form of attack, the hacker penetrates the Web server and replaces the existing Web page with one of his or her own. While relatively easy to fix--by closing the security hole and reinstalling the original pages--the attack can create embarrassment and may go unseen if the altered pages are buried within the site. 5. Theft of intellectual property. One of the most damaging attacks is one in which the hacker penetrates a Web site to steal stored member information (address, credit card number, and so on) or penetrates a network to steal sensitive documents and internal memos. Particularly vulnerable are the databases used in evergreen renewal models, which store credit card or bank account information for members in order to automatically renew the membership or selected purchases on a regular basis. 6. Snooping attack. This intrusion is designed to capture information or reset server functions to make a greater hack possible at some future date. The goal of the attack is to place a Trojan horse See Trojan. Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse (a special program that looks like something else in order to fool antihacker systems) on the server that can sniff out user names and passwords or reset server defaults to allow for easier penetration of the network. 7. Destructive attack. This attack is one of the most problematic because its sole purpose is to destroy the network. In this form of attack, hard drives and backups may be destroyed, settings altered to prevent operation of the network, and devices used to burn up resources--such as sending continuous print commands to use up printer paper. Hacking prevention tools A wide range of hardware and software tools may be used in an effort to thwart attempts to hack the network. Four are in common use: 1. Firewalls. Firewall is a generic term for a spectrum of technologies intended to provide protection from communication attacks. Screening routers, application gateways, proxy servers, and authentication servers are all examples of firewalls in use today. It is possible and often desirable to combine these different technologies according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the needs of the organization and its budget limitations. The term firewall refers to the class of antihacking tools that are used to manage the traffic on each port on the server, accepting or rejecting access by specific IP addresses or remote users. Most firewall systems work at the router. However, a proxy server is a form of firewall that resides on a workstation or server, allowing the proxy to front for the hardware and manage access through the ports. A firewall in and of itself is not sufficient to stop a hacker, but it will close off many of the easiest methods of penetrating the network. It serves, as much as anything, to weed out the attacks of real hackers from those of the wannabes. Hardware and software firewall products are available from a number of vendors, including Check Point Software Technologies Ltd., Cisco Systems “Cisco” redirects here. For other uses, see Cisco (disambiguation). Cisco System,Inc. (NASDAQ: CSCO, HKSE: 4333 ) is an American multinational corporation with 54,000 employees and annual revenue of US $28.48 billion as of 2006. , Intel, Zone Labs, McAfee, and Symantec. 2. Secure socket layer. SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. is a protocol that is inserted between the application protocol and the transmission control protocol (TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. ) used for transmission of data. In simple English Simple English usually refers to a simplified form of English such as:
3. Virtual private network. VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. technology brings an additional level of security to remote access to the network. It creates a tunnel across the Internet through which data can move securely between remote users and the network. VPN technology offers protection, but does not affect the inherent weaknesses at the access point to the network. A VPN is recommended if the remote user is sending or retrieving information that is sensitive in nature--it is not needed for routine communication. There is a form of software-based VPN built into Windows operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. that provides adequate information. For more serious security, consider a hardware-based VPN solution, available from a number of vendors. 4. Intrusion detection system This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. . The IDS is a step up from the firewall, and serves to analyze network traffic against known hacker signatures, or techniques that are associated with a particular hacker or hacker group. The system is usually outsourced, and is operated on a 24/7 basis to provide immediate alerts when penetration of the network is attempted. Once considered a tool only of larger organizations, IDS systems are becoming as indispensable as firewalls. "This is a tool needed particularly by associations that take positions on public issues, or that are opposed by international or activist groups," says PromiseMark's Jim Basara. "If I were the National Rifle Association National Rifle Association (NRA) Governing organization for the sport of shooting with rifles and pistols. It was founded in Britain in 1860. The U.S. organization, formed in 1871, has a membership of some four million. Both the British and the U.S. , for example, I would not operate without an active IDS system." In addition to hacker-specific preventions, it pays to develop a consistent and ongoing methodology for keeping your association's Web site safe. (See sidebar, "Fortification fortification, system of defense structures for protection from enemy attacks. Fortification developed along two general lines: permanent sites built in peacetime, and emplacements and obstacles hastily constructed in the field in time of war. Framework," for more details.) As Patrice Rapalus, director, Computer Security Institute, San Francisco, remarked with regard to the results of the annual Computer Crime and Security Survey, now in its sixth year: "The survey results over the years offer compelling evidence that neither technology nor policies alone really offer an effective defense for your organization. Intrusions take place despite the presence of firewalls. Theft of trade secrets takes place despite the presence of encryption. Net abuse flourishes despite corporate edicts against it. Organizations that want to survive in the coming years need to develop a comprehensive approach to information security, embracing both the human and technical dimensions. They also need to properly fund, train, staff, and empower those tasked with enterprisewide information security." Dave McClure is president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of the U.S. Internet Industry Association, Washington, D.C., and a member of ASAE's Technology Section Council. Email: dmmcclure@usiia.org. Fortification Framework It is a fact of life that some acts are impossible to prevent. And just as it is impossible to always stop an assassin determined to strike, it is equally impossible to ensure that an association's network or Web site will be hacker-proof. But there are steps that the association can take to better the odds. (1.) ANALYZE THE THREAT. One of the major problems with network and Internet security is that most organizations focus their attention outside, when the greatest security threat lies within the organization. Disgruntled dis·grun·tle tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles To make discontented. [dis- + gruntle, to grumble (from Middle English gruntelen; see employees and former employees are a major threat. And one of the most common ways to penetrate network security is to bribe members of a building cleaning crew to look for passwords--many users have their user name and password taped to their keyboard or monitor. When considering the network and Web site, look for points that are vulnerable to attack--gateways to the Internet, remote access servers, Web sites, and so on. And consider as well how much damage may be done if these are penetrated. Remember that enhanced security may be as simple as moving some intellectual property away from less secure parts of the network. (2.) CREATE AND USE A SECURITY POLICY. A written policy is the first line of defense, covering such topics as user access, software updates, and antivirus protection. A well-written policy should cover not only what should be done under normal operations, but what must be done in the event of a virus or a denial of service (DOS) attack. Make sure that the policy is covered during orientation for new employees, and that it is reviewed frequently by the information technology staff. (3.) STRICTLY ENFORCE SECURITY MEASURES. Train employees to remember their passwords rather than writing them down, and to change passwords on a regular basis. While this will cause some inconvenience as employees forget their passwords, the work involved in restoring a password pales in comparison to the job of restoring a hacked system. (4.) ENSURE REDUNDANCY IN ALL SYSTEMS. While this is difficult for small associations on a tight budget, it is critical that network devices, servers, and power systems have some form of backup. At the very least, this should mean the use of an uninterruptible power supply See UPS. (hardware) Uninterruptible Power Supply - (UPS) A battery powered power supply unit that is guaranteed to provide power to a computer in the event of interruptions in the incoming mains electrical power. ; a backup hard drive for the server, with current copies of both the server software and all of the data and applications on the server; and extra copies of devices such as modems that may be needed for remote access. Track the potential failure points in the network and plan for their backup. It is also helpful to maintain a hot spare-a machine that can be quickly pulled into service to replace the main server if that machine goes down. 5. PROTECT THE SYSTEM WITH A FIREWALL. While this seems an obvious point, many small associations do not use even a simple firewall-leaving themselves open to random attacks. Install firewall software that not only protects P addresses and Web server functions, but also analyzes the incoming Web access data stream to filter out embedded threats. 6. KEEP DATA TO A MINIMUM. The truth is, most associations retain data that they have no use for--records of long-gone members, credit card information for renewals, documents, and records that long ago should have been destroyed or moved to secure storage. A critical step in network security is to reduce the amount of intellectual property that is lying around waiting to be stolen, Likewise, much sensitive information is kept in e-mail. Set an e-mail disposal policy and enforce it. 7. KEEP THE SYSTEM SIMPLE. By default, Microsoft NT server and other commercial packages turn on all of their Internet services-including unused and potentially deadly services such as Telnet. This makes the default configuration of the server insecure. Turn off unused services and remove any access points or devices that are not in active use. 8. KEEP CURRENT WITH UPDATES AND SECURITY BULLETINS. As new security threats are identified, software companies release patches that must be installed to keep the system secure. Likewise, a number of security organizations and firms send regular security bulletins and alerts to keep pace with evolving threats. It is critical that the association keep abreast of developments and keeps its network system up to date. 9. HIRE A SECURITY CONSULTANT. The cost of a good security expert is minimal compared to the value of the intellectual property that is at risk. Such experts are available both locally and nationally, and can assist in the analysis of the network, evaluation of security needs, plan preparation, and budgeting. 10. INSURE THE NETWORK. Until a year ago, the idea of insuring a Web site against hacker attacks was virtually unheard of. But as the number of attacks have risen, insurance companies have responded with suites of risk management and insurance products designed to help prevent attacks and to deal with the financial devastation of the aftermath. Resources For Internet Security A number of resources can help association managers understand and deal with network and Internet security issues. Here is a brief roundup of Web sites: www.symantec.com The Symantec site offers white papers and information as well as protection products that include firewall and intrusion detection systems. Of particular note is a security check that will scan a home, computer and report deficiencies in hacker protection, antivirus protection, and protection of personal data. www.cert.org The CERT Coordination Center The CERT Coordination Center was created by DARPA in November 1988 after the Morris worm struck. It is a major coordination center in dealing with internet security problems. is an international center for Internet security expertise based at Carnegie Mellon University Carnegie Mellon University, at Pittsburgh, Pa.; est. 1967 through the merger of the Carnegie Institute of Technology (founded 1900, opened 1905) and the Mellon Institute of Industrial Research (founded 1913). , Pittsburgh. CERT is not only the authority for hacker and virus threats, but also the source of an excellent self-assessment system for security entitled OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation). www.zdnet.com/zdhelp/filters/subfilter/0,7212,6001787,00.html This Ziff Davis company Web site covers the essentials of bugs, viruses, and security alerts. Aimed at the individual power user, this site covers security basics and offers software to facilitate security. Csrc.ncsl.nist.gov The Computer Security Resource Center at the National Institute of Science and Technology The National Institute of Science and Technology (abbrv NIST) is an engineering college in Pallur Hills Orissa, 12 km from the city of Berhampur. It was started in 1996 by a few NRIs, some of whom belonged to Orissa. , Gaithersburg, Maryland, is an excellent source of news, information, and training in Internet security issues. www.promisemark.com PromiseMark is a company that gives organizations and individuals low-cost protection against data loss, viruses, and hacker attacks. Using a combination of alerts, protective software, and security plans, the company offers an effective line of defense, especially for home users and telecommuters. www.hdains.com The Hamilton Sorsey Alston Company is an insurance firm that specializes in risk management and insurance programs to protect computer networks and Web sites. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion