Network security: as the worms turn.

Code Red. Nimda. MSBlaster. SoBig. Love Bug A famous virus that arrived as an e-mail attachment using the "double extension trick." The file name was "I LOVE YOU.TXT.vbs." The .vbs extension slipped by users who thought it was a safe text (.TXT) file. . The simple and colorful names given to "worms" and other viruses unleashed against computers around the world only hint at the damage they can do, primarily in knocking out systems and costing corporations big sums in down time and emergency restoration.

While it's commonly agreed that corporations have become considerably more sophisticated about computer security in recent years, the Years, The

the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109]

See : Time universality of the viruses' target--Microsoft systems--makes defense difficult. Worms, "Trojan horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.

AIDS
Beast Trojan
Bifrost
Generic8.

" and other viruses use new and different techniques to destroy the hosts' code, making it difficult for businesses to anticipate and block them. And things aren't getting better.

"There's been a significant increase in the rates, the types and the voracity of attacks over past year," says Tina LaCroix, vice president, Integrated Services In computer networking, IntServ or integrated services is an architecture that specifies the elements to guarantee quality of service (QoS) on networks. IntServ can for example be used to allow video and sound to reach the receiver without interruption. and Technology Solutions (ISTS ISTS Institute for Security Technology Studies
ISTS Individual Sewage Treatment Systems
ISTS Institute for Space and Terrestrial Science
ISTS Intel Science Talent Search
ISTS International Sea Turtle Society
ISTS Ion Source Test Stand ) Information Security, at Aon Services Corp. "Part of what we face is really an inverse curve. It used to be that 10 years ago, you had to have significant knowledge about computers [to be a hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. ]. Now, you only need rudimentary rudimentary /ru·di·men·ta·ry/ (roo?di-men´tah-re)
1. imperfectly developed.

2. vestigial.

ru·di·men·ta·ry
adj.
1. knowledge. You can go to 10,000 Web sites and put together the necessary components--an average 10 year-old can exploit these."

Some hackers may have altruistic al·tru·ism
n.
1. Unselfish concern for the welfare of others; selflessness.

2. Zoology Instinctive cooperative behavior that is detrimental to the individual but contributes to the survival of the species. motives, she says, but many are political activists (so-called "hacktivists") or teenagers following Internet "scripts." Then there is "underground and underworld Underworld
See also Hell.

Unfaithfulness (See FAITHLESSNESS.)

Ungratefulness (See INGRATITUDE.)

Unkindness (See CRUELTY, INHOSPITALITY.)

Aidoneus

epithet of Hades. [Gk. Myth. activity" coming from countries like Brazil and China.

"Any kind of development is open to someone to prove it's vulnerable," says James Wade James Wade (born 6 April 1983 in Aldershot, Hampshire) is an English darts player for the Professional Darts Corporation (PDC). He is nicknamed 009, a take on James Bond's 007. , chief information security officer at KeyCorp, the regional bank based in Cleveland. "We are seeing increased sophisticated attacks from anywhere in the world. We know security is critical to our infrastructure, and the opportunities to attack are really increasing almost daily."

"Today, lots of people are probing and monitoring networks to launch automated exploits," says Louis J. Carpenito, vice president of information security/business strategies for Symantec Corp., a provider of the popular Norton antivirus A popular antivirus program from Symantec. The AntiVirus function is available as a separate product for home and business users or as part of various packages that contain other utilities such as Norton SystemWorks and Norton Internet Security. See Norton Utilities. software, as well as network security software appliance A software environment that inclues the operating system and application. It is designed for installation in standard hardware that will be dedicated to running that single application. A "hardware appliance" is the software appliance and computer packaged as a single product. products to enterprises and service providers.

"There's a lot of external activity, much more than internal," he adds. "But the success rate is significantly less. Most organizations have a layer of protection, but there may be other channels into the organization." In fact, studies show that while outside attacks are far more common, 60 percent to 80 percent of successful attacks come from inside, a sort of soft underbelly of information security.

Which is the bigger threat, denial of service--caused when systems go down--or the actual ability to steal secrets or corporate account information? "They're both very real threats," LaCroix says. "Denial of services A condition in which a system can no longer respond to normal requests. See denial of service attack. precludes you from doing business; it forces you to shut down."

More than anything, she believes, "For companies to improve, they need to have a baseline. You need to start with a point in time; you need to put a stake in the ground and measure." Consultants may be helpful here, she says, because it may be easier for an outsider to establish a plan and gain consensus.

"The hardest part is to have a knowledge base. Most companies are five years behind, in my opinion," LaCroix adds. "Then, you need to have a plan and stick to it, and not move with every development."

When it comes to protection against hacking See hack and hacker. or intrusion from anywhere. experts say, think "perimeter." It's not unlike a military encampment, where sentries are posted along the perimeter to detect and deal with invaders Generically speaking, invaders are those who participate in an invasion, often in a militaristic context. Other uses of the word include:

Invaders (comics), a Marvel Comics group of World War II superheroes created in 1975 by Roy Thomas.

. In this case, of course, the invaders are electronic; viruses often are transmitted through attachments or downloads, which individuals inadvertently bring onto their desktops.

"Most people would agree that a defensive posture starts with a perimeter. You need to create a control environment," says Bruce Moulton, also a vice president of information security/business strategies for Symantec. "Perimeters can be dynamic, and they can vary from strong to weak."

The common concept of a perimeter "firewall" is well described, Moulton says, though the term is being blurred because other functions, such as intrusion detection See IDS and IPS. technology, are being integrated with firewalls. Antivirus applications and virtual private networks (VPNs) are among the controls that work at the perimeter, he adds.

Within the perimeter, defense is typically not created in code. "The process we use is called defense in depth," says LaCroix. "It involves multiple layers of protection--you look at the pending threat, the types of risk--you look at other technologies. You ask what controls can we add to things like the firewall. You don't simply need all the latest and greatest."

Firewalls differ, and filter different depths of information that pass through the perimeter, Carpenito says. "The cover may look okay, but there could be something very malicious inside. There is a movement toward firewalls going deeper into content."

Another trend is to look at systems more holistically. "Integration of protection mechanisms that had previously been used in a silo approach can be put on an appliance, which is less costly to deploy and maintain," Carpenito says. That reduces the total cost of ownership and provides better security.

"The ability to monitor networks from a worldwide perspective is key--you have sensors that detect activities that can be profiled into individual hacker attacks," Carpenito adds. Yet he warns that organizations tend to be too trusting of their own people--a lesson that has been harsh for a number of financial services The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. organizations.

"The lesson is that the people you need to watch the closest are those with privilege--and you need to watch as well those that are trying to gain privilege," he says.

As the pace of attacks has increased, so, generally, has company response time. LaCroix, who has been at Aon for 2-1/2 years, says that during the first year, she helped put together an Internet response plan that went into action when the worm-meisters went on the attack. "When Microsoft alerts us to [code] patches, where we would have taken that seriously and looked at responding in three to four months, we're now doing a much more thorough assessment of the patch and the vulnerability," she says. "We try to get a sense of the danger, what code the exploits [hackers] are passing among themselves."

The company's ability to respond has changed dramatically, LaCroix says, and in the past six months, Aon has proactively done patching, which "cost us millions on the front end." That means pulling people together from across the organization, which she calls "a huge balancing mechanism," given Aon's base of 53,000 employees and the need to "do a lot of testing and disruption of core operations."

The result, however, has been worth the stress and strain. "We have been able to weather those storms," she says, and the company is committed to being proactive, given the rule of thumb that it costs four times as much to remediate re·me·di·a·tion
n.
The act or process of correcting a fault or deficiency: remediation of a learning disability.

re·me a security breach than to install patches to prevent one.

Cost is an issue that financial executives clearly understand and focus on, but it can't be the primary focus of an IT security program. "The issues around integrity of information, reliability and privacy are now right on the desktop of senior executives," says Symantec's Moulton. "There's been debate about how much they need to know and care. We would say that internal control harks back to key definitions. While security controls may not be not explicitly discussed, most security professionals want security controls understood"--and made an organizational priority.

COPYRIGHT 2003 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	special section
Author:	Marshall, Jeffrey
Publication:	Financial Executive
Geographic Code:	1USA
Date:	Dec 1, 2003
Words:	1232
Previous Article:	Making sensible investments in security.(special section)
Next Article:	Internet security: you don't get what you pay for.(special section)
Topics:	Internet security Management Network security software Usage Security software Usage

Related Articles
Worming into a computer's vulnerable core. (computer virus)
"Blue code": worm that fights "Code Red" and IIS-servers. (VIRUS NOTES).
Contagion on the Internet. (Letters).
Bacterial diet quiets worm genes. (Genetics).
Computer virus year 2003 started with a bang.
"Randon" threatens port 445! (Security).(Brief Article)
Fizzer--a multi-threat worm that attacks via e-mail and KaZaA. (Virus Notes).
Welchia offers insecurity--Kaspersky.(Security News)
Good worms back on the agenda.(DATABASE INTELLIGENCE)(Computer viruses)(network performance analysis)
July virus top 20: old timer NetSky squeezes out Mytob.(Security)