Pioneering Security.It's a rather daunting daunttr.v. daunt·ed, daunt·ing, daunts To abate the courage of; discourage. See Synonyms at dismay. [Middle English daunten, from Old French danter, from Latin challenge to be a pioneer in the digital economy, but insurance giant MetLife has braved that test. The company was one of the first traditional businesses to build a Web presence in 1995, and it began experimenting with some early forms of electronic commerce soon thereafter. Since then, management has put a premium on security in the virtual world. That philosophy has helped them avoid serious problems during such worldwide incidents as the Melissa virus A Word macro virus that was unleashed in the spring of 1999. It sent an e-mail message with a list of pornographic Web sites to the first 50 names in the user's Microsoft Outlook address book. and more recent "love bug A famous virus that arrived as an e-mail attachment using the "double extension trick." The file name was "I LOVE YOU.TXT.vbs." The .vbs extension slipped by users who thought it was a safe text (.TXT) file. " virus attacks. "We knew we had to be proactive in terms of security," says Mike Stoico, IS security specialist for the company, of the early years of building a security infrastructure. "We had penetration testing from outside companies because we had no idea what we were up against, what kind of vulnerabilities we faced. We were also switching from a mainframe environment and undergoing lots of policy changes." The early security consisted of such tools as a firewall and an intrusion detection See IDS and IPS. scanner, Internet Scanner from Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems (ISS ISS See Institutional Shareholder Services (ISS). ). But Stoico soon realized that as more internal departments were connected to the Internet and as more e-commerce features were added to the system, additional security software was needed. Having developed a professional relationship with ISS already, Stoico decided to add its RealSecure network-based intrusion detection suite. The product works by placing sensors at strategic points on the network to view different segments. The sensors watch traffic in near real time and analyze it to determine whether it matches any known attack strings. Attack strings are stored in a database and updated regularly as new threats emerge. Traffic that matches a possible attack is flagged, and the system can be configured to respond in a number of ways. It can alert the system administrator, shut down a connection, or begin logging further activity for evidence. This technology alerted MetLife security specialists to the first incursions of a Melissa virus variant. It started with an odd traffic pattern, says Stoico. He was poring over logs and noticed that a file had been sent via file transfer protocol A communications protocol used to transmit files without loss of data. A file transfer protocol can handle all types of files including binary files and ASCII text files. See Kermit, Zmodem and FTP. (FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to ) to a known hacker's site. Since the file appeared to be a system file, it was strange to have that sent anywhere, and the destination was an obvious red flag. Stoico next determined that the computer from which the file had been sent was in a remote office. Then, in a flurry, at the IDS console, Stoico noticed what appeared to be dozens of users sending files to the same location. "Now we were all there watching, and I could see it spreading all over the place," says Stoico. "We immediately shut down all traffic to that site." Although he didn't realize it immediately, MetLife had been struck by a variant of the dangerou Melissa virus, which had heretofore unheard of capabilities of duping Duping refers to the practice of exploiting a bug in a video game to illegitimately create duplicates of unique items or currency in a persistent online game, such as an MMOG. users, snatching files, and manipulating e-mail systems. Antivirus experts hailed the powerful virus as a new breed of viral code--which has since given rise to even more deadly viruses. (MetLife was less vulnerable, in part, because it does not use Microsoft's Outlook--the e-mail program manipulated by this virus.) The virus made its way into a shared directory from which thousands of users access and exchange files. Stoico alerted McAfee, its antivirus vendor, which sent an inoculation inoculation, in medicine, introduction of a preparation into the tissues or fluids of the body for the purpose of preventing or curing certain diseases. The preparation is usually a weakened culture of the agent causing the disease, as in vaccination against posthaste post·haste adv. With great speed; rapidly. n. Archaic Great speed; rapidity. [From the phrase haste, post, haste, a direction on letters. . ISS staff also worked closely with him by phone to help his staff defuse the problem. "We had the whole thing contained within 24 hours," says Stoico. "It was all because we had the RealSecure logs to go through," which alerted us early to the problem. "It affected several hundred computers. It could have affected 40,000," he says. "Our A/V (1) (Audio/Video) Refers to equipment and applications that deal with sound and sight. The A/V world includes microphones, tape recorders, audio mixers, still and video cameras, film projectors, slide projectors, VCRs, CD and DVD players/recorders, amplifiers and (antivirus) vendor had [responded] quickly and our A/V team did an outstanding job of inoculating our mail servers on the perimeter," Stoico says. "We are using the RealSecure system to monitor the mail traffic for any signs of reoccurrence. Stoico's only gripe gripe v. To have sharp pains in the bowels. n. 1. gripes Sharp, spasmodic pains in the bowels. 2. A firm hold; a grasp. with the product is the lack of centralized reporting for all ISS products; but that capability is being developed by the company for its next generation, he says. Stoico notes that his company's experience exemplifies how important it is to have a security infrastructure in place before a crisis occurs. Although intrusion detection systems have been criticized as inadequate and avoided by some because of their newness on the market, Stoico advocates their use. "Anybody's a fool to think there's a be-all end-all security product. IDS is not a cure, but I think if you don't employ IDS, it's a foolish mistake. Look what it did for us. But more important, you need to be evaluating your system constantly, updating your policy, and doing everything necessary to maintain the highest level of security-something no product alone can do." |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion