Wake-up call

Wakeup call

The recent distributed denial-of-service attack (DoS) against the Internet’s root servers (“DDoS attack highlights ‘Net problems”) should stand as a wake-up call for the entire computing industry.

In the U.S. alone, there are an estimated 43 million home computers with Internet access, and this number is growing every day. Currently the onus for securing these systems is on the home users, who have little skills to perform this task. Richard Clarke, special adviser to the president for cyberspace security,, has proposed that the software companies that make our core operating systems (Microsoft, Apple, and the various *nix flavors) make their products secure “out of the box.” Clarke also recommends that ISPs implement software or hardware products that would provide home users with a “standard” level of security. Minimum recommendations would be many-to-one network address translation that would provide a basic level of protection while including a software firewall and antivirus software so end users could further control their systems’ security levels. Add to this ISP-provided updates (included in the cost of service), and you have a basic solution that provides average home users with a level of protection they have never seen before.

Universities, colleges and other learning institutes also need to find a method of providing access to information, while ensuring that their systems, networks and other assets are not used to attack the fabric of the Internet. While this idea has been struck down by many higher learning organizations, it is time to make someone accountable. As is the case today for e-mail, there should be a public list of the offending source networks for these distributed DoS attacks that businesses and other entities can check. Then, corporate firewall administrators, root domain server administrators, federal and state governments, and concerned individuals can block traffic from those networks until they resolve their security shortcomings.

Finally, wireless vendors need to be held accountable for their products’ lack of security. Currently, the only way to do this as an industry is with our dollars: Stop deploying wireless. If you are using wireless LANs, see if your access point has been found by logging on to www.wigle.net and searching for your access point’s name. If your access point has been found, it has been mapped and tagged, and you should expect visitors to your network. Because you have employed wireless in a unregulated frequency range, those who find your network might not be breaking any laws. And because wireless is simple to use, a majority of the networks today are wide open to “drive-by” attacks.

Solving these problems will not be easy or inexpensive. But universities and ISPs have the funds to make an effort. Many large universities have deployed strong firewall systems (Cisco, Check Point Software, NetScreen), but have neglected to enforce strong rules upon the students who reside behind them. ISPs state that they do not wish to deploy the solutions listed, as doing so would raise the entry cost of their always-on high-speed solutions (xDSL and cable modems). Currently the cost of home xDSL service [in the U.S.] is about $50 per month. With the hundreds of thousands of U.S. homes connected via this method, the ISPs have recouped their expenditures in this technology. If ISPs were to redirect a minor amount of that $50 per month to the security of Internet-connected home users, they could pay for all of the infrastructure and software necessary to perform the recommended security functions.

– Jim Noble

Network and security director

INFO1

Norcross, Ga.