Threats
abound
From
organized crime to honeypots, our security gurus share additional
thoughts on cyberterrorism.
<
Back to Thwarting cyberterrorism
Network World assembled a team of experts to discuss security issues. Joining in were Mike Hager, vice president of network security and disaster recovery for Oppenheimer Funds in Englewood, Colo.; John Pescatore, research director for Internet security at Gartner in Stamford, Conn.; Paul Raines, global head of information risk management at investment bank Barclays Capital in London; Michael Vatis, former director of the National Infrastructure Protection Center (NIPC) and now director of the Institute for Security Technology Studies at Dartmouth College, a counterterrorism technology research and development institute, and an attorney with the law firm of Fried, Frank, Harris, Shriver & Jacobson, in New York and Washington, D.C.; and Chris Wysopal, director of research and development at @stake, a computer security consulting firm in Cambridge, Mass. Paul Desmond, editor of the eSecurityPlanet.com, moderated the discussion.
Michael Vatis on the cyberthreat from
organized crime:
There is an increase in the number of attacks that are happening
as a result of organized crime groups. When I was [director
of] the National Infrastructure Protection Center, through
2000 and the beginning of 2001 we saw a significant increase
in attacks by groups operating largely from former Soviet
countries. They were breaking into banks, financial institutions
and e-commerce companies, and stealing credit cards or confidential
client information and then either selling the credit card
numbers or extorting the system owners. So we're seeing now
a confluence between hackers and organized crime groups, which
is a relatively new phenomenon.
Paul Raines on past examples of organized cyberthreats:
If you go back to some of the recent crises that our nation has gone through, particularly with the bombing in Serbia, there were groups at that time that were certainly targeting the U.S. infrastructure, particularly some of the military Web sites, hammering them with propaganda messages and denial-of-service-type attacks. It escalated with the bombing of the Chinese embassy, with a lot of attacks coming from groups in China.
John Pescatore on a
reverse effect the Sept. 11 tragedy has had on IT security:
Since Sept. 11, due to fear about travel and the like, a lot
of companies have actually been opening up their firewalls
to videoconferencing and Webinars. In many cases, there's
almost a ripple effect. Businesses changed some ways of doing
business because of the fear of real-world, physical terrorist
attacks that are causing them to take more risky behavior
[in terms of IT security] - videoconferencing, more remote
access, more telecommuting and the like.
John Pescatore on
honeypots, which are systems designed to look like unprotected
machines and are intended to trap hackers and track their
movements:
Putting a honeypot on your extranet reminds me of those termite
traps that are supposed to trap termites, then kill them.
My philosophy is, 'How do I know I'm not just attracting termites
toward my house?' But using one of those inside your internal
environment as kind of a sticky pest strip to see if you have
an internal problem, I've seen some clients do that pretty
effectively. They can't secure every server or monitor all
22 Lotus Notes servers, but they can put a honeypot inside
and find employees experimenting or doing things they shouldn't
be doing.
Chris Wysopal, on the
hacker's practice of finding and opening file servers in corporate
systems and using them to leave secret messages for one another,
without the knowledge of IT folks:
That's extremely common. You're always going to find machines
that are sitting outside of the firewall and someone had a
really good reason for it. Or you find machines that are set
up for interorganizational sharing of information, like an
anonymous FTP server, and they're just not managed properly.
If you're looking for a place where you can anonymously trade
information back and forth by using someone's resources, you
can find it in about a half-hour given today's environment.
Desmond is editor of eSecurityPlanet.com. He can be reached at paul_desmond@king-content.com.
Related links
Thwarting cyberterrorism
Are cyberterrorists trying to crack your network? Five security gurus assess the threat.
Special Report: Safety nets
Case studies, how-tos and information on the disaster recovery, business continuity and security concerns and plans companies face post Sept. 11.
Network World, 11/26/01.
Disaster recovery planning audio primer
How to start the disaster recovery planning process, what needs to be included in a plan and some of the options that are available.
Disaster recovery and business continuity planning research page
Links to resources, tutorials and other sources of information on business continuity planning and disaster recovery.
Security breaking news page
Keep up to date on the latest threats to your net.
Network World's Security and Bug Patch Alert newsletter
Get the latest information on security and bug alert announcements and fixes from major vendors.
Network World on Security newsletter
Stay current on security challenges and solutions, and get strategic insight into the future of information security.
Security research page
Get up to speed on security issues, including intrusion detection, hackers and other subjects.
Apply for your free subscription to Network World. Click here.
 
Request a reprint or permission to use this article.
|
