About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store
InfoWorld HomeNewsTest CenterOpinionsProduct GuideTechIndex
 COLUMN ARCHIVE  FORUMS
 

COLUMN

 
Security Advisor
Stuart McClure & Joel Scambray

Are the recent denial of service attacks the security industry's 15 minutes of fame?

THE SMATTERING of DDoS (distributed denial of service) attacks during the week of Feb. 7 was a wake-up call for much of the media, but from our vantage point they were simply par for the course. We've long been writing about the importance of security, explaining that in an instant your business can be brought to a screeching halt by a bored teenager looking for a little fun. The recent security events have only supported our claims.

   ADVERTISEMENT
  

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

RELATED LINKS
»  IE 7 bug reopens debate over patch responsibilities
»  Woman ordered to pay for file-sharing will appeal
»  McAfee to buy SafeBoot for $350M
»  Security RSS feed 

IDG ENTERPRISE NETWORK
Research Reports  (CIO)
Ask the Expert  (CIO)

TOP NEWS 


IT SOLUTION SEARCH
In case you missed the newscasts and headlines, what started out as connectivity problems for Yahoo and Buy.com quickly escalated into full-fledged panic. Yahoo and Buy.com, as well as EBay.com, CNN.com, Zdnet.com, Etrade.com, and Amazon.com, experienced the wrath of one or more individuals apparently enjoying pointing out one of the many weaknesses in businesses' e-commerce armor: denial of service.

But is the sky falling? Many security experts would like you to believe it is because that kind of fear sells more products and services. But the answer is never so simple. DDoS attacks can be enormously effective at clogging up the pipes to a Web site, but that's all they can do. As a result, customers can't reach your Web site. Besides soft-dollar losses, DDoS attacks don't exactly signal Internet Armageddon.

But in the bigger security picture, business leaders have much to fear. We think that for every denial of service attack trumpeted in the media, another 50 attacks pass unnoticed. We hear about dozens of attacks every week. Although some of them are founded more in paranoia than fact, the vast majority of attacks are legitimate.

Just take the DDoS attacks as an example. This attack requires the breaching of various systems by gaining root (on Unix systems) or Administrator (for Windows NT systems) access and then installing a daemon or server application to perform their denial of service (or other) bidding. For this attack alone, more than a hundred computers were intimately compromised, and no one at those sites knew about it. If this doesn't scare you, you may want to get a warm-blood transfusion.

If a computer has been compromised, attackers using it as a denial of service slave should be the least of your worries. At this point, the attackers can perform any whimsical desire. They can capture network traffic to and from the compromised system (even on a switched network) by setting up sniffers on the network interface cards. They can collect database information, including credit cards and social security numbers. They can spoof someone's identity to gain access to additional systems. They can deface your Web page. And they can even affect the stock market by posting erroneous information on your Web site or intranet announcing a merger, for example.

But worse than the initial system compromise is the subsequent ones. Once attackers gain access to a system, they rarely stop there, often using it as a jumping off point for further attacks into your internal network, including exploiting trust relationships such as .rhosts and /etc/hosts.equiv settings. Worse, they can use the system as a port forwarder for attacking alternate operating systems behind it. If a Unix system is hacked and internal NT systems are accessible from this system that weren't available from the outside, an attacker can install port redirectors, such as datapipe and rinetd, to attack NT systems as if they were on the outside network.

The last thing we want to do is to shine the spotlight of blame. Everyone -- ISPs, e-commerce companies, the government, universities, and consumers -- has to take responsibility for security attacks. Without easy pickings on the Internet, attacks would hold little ferocity. The consciousness of every Internet participant must be raised before we as an industry can expect to truly defend ourselves against attack.

So was the media attention to the DDoS attack all there is for the security industry? Will the mainstream media pick up on the other, more viscious attacks that go on every day? Let us know at security_watch@infoworld.com.


Stuart McClure is president/CTO and Joel Scambray is a managing principal at Rampart Security Group ( www.ramsec.com ).




RELATED SUBJECTS

Security
MORE >


SPONSORED WHITE PAPERS
EMC - Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust - Are you ready for Sobig.G? Learn how to protect your email systems.
CDW - Personal attention. CDW. The Right Technology. Right Away.
EMC - Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel - Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco - FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc. - "Mass Consolidation Hits the Web-Search Market"
McDATA - Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies - Overcoming Common Firewall Limitations
Lucent Technologies - Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia - Get the scoop! Mobilizing business white papers & case studies.
BMC Software - Maximize the Potential of Enterprise Data: Free white paper!
Network Associates - Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust - Manage identities across applications. Improve productivity.
Stalker Software - CommuniGate Pro - Transform your Email and Calendaring
Remedy - A NEW Gartner Research Note:Producing Quality IT Services

Search the IDG White Paper Library:


SPONSORED LINKS

INFOWORLD MARKETPLACE


» IT Compliance Conference: Nov. 5-7 in San Diego
Best Practices, Peer Experiences, & Expert Advice for Building a Defensible IT Compliance Program
» FREE Sophos Threat Detection Test
Is your AV catching everything it should? Free virus, spyware and adware scan.
» IT Audit Checklists
Prepare for your next internal IT audit. Checklists cover security, risk management, PCI, and more.
» FREE White Paper: Mitigating Rock Phish Attacks
Standard anti-phishing methods cannot defeat complex Rock Phish attacks. Learn how to fight back...
» Apply BPM and ITIL at your IT Help Desk
ServiceWise brings BPM to complete IT service while eliminating integration cost. Learn more here.

 HOME  NEWS  TEST CENTER  OPINIONS  PRODUCT GUIDE  TECHINDEX   About : Advertise : Subscribe : Contact Us : Awards : Events 

Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy

All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

Computerworld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no