Surviving Network Attacks

Vol. 2 No. 4 – June 2004

Surviving Network Attacks

Articles

Blaster Revisited

What lessons can we learn from the carnage the Blaster worm created? The following tale is based upon actual circumstances from corporate enterprises that were faced with confronting and eradicating the Blaster worm, which hit in August 2003. The story provides views from many perspectives, illustrating the complexity and sophistication needed to combat new blended threats.

Blaster Revisited

A second look at the cost of Blaster sheds new light on today's blended threats.

Jim Morrison, Symantic Security Services

The following tale is based upon actual circumstances from corporate enterprises that were faced with confronting and eradicating the Blaster worm, which hit in August 2003. The story provides views from many perspectives, illustrating the complexity and sophistication needed to combat new blended threats.

THE STORY LINE

Mona is a single mother with two small children. She frequently falls short of money before the end of each month, and this month was no different. She was struggling to prevent the electricity from being disconnected at 5 p.m. She had to skip lunch again to pay the utility bill at the corner convenience store near where she works. The store had a payment station provided by the local electrical utility as a convenience to its customers and for people like Mona who had to juggle the struggles of barely surviving. She waited in line and presented her bill and cash to the store clerk. The clerk began to key in the account number and the payment. “That’s strange,” she remarked. “This has never happened to me before!” Mona asked what the problem seemed to be. She was running short of time and had to have the payment recorded to beat the disconnect deadline. “This system just froze up then restarted on its own,” related the clerk. She asked her coworker about what had just happened.

by Jim Morrison

The Hitchhiker's Guide to Biomorphic Software

The natural world may be the inspiration we need for solving our computer problems. While it is certainly true that "the map is not the territory," most visitors to a foreign country do prefer to take with them at least a guidebook to help locate themselves as they begin their explorations. That is the intent of this article. Although there will not be enough time to visit all the major tourist sites, with a little effort and using the information in the article as signposts, the intrepid explorer can easily find numerous other, interesting paths to explore.

Hitchhiker's Guide to Biomorphic Software

The natural world may be the inspiration we need for solving our computer problems.

Kenneth N. Lodding, Nasa

While it is certainly true that “the map is not the territory,” most visitors to a foreign country do prefer to take with them at least a guidebook to help locate themselves as they begin their explorations. That is the intent of this article. Although there will not be enough time to visit all the major tourist sites, with a little effort and using the information in the article as signposts, the intrepid explorer can easily find numerous other, interesting paths to explore.

by Kenneth N Lodding

Network Forensics

The dictionary defines forensics as "the use of science and technology to investigate and establish facts in criminal or civil courts of law." I am more interested, however, in the usage common in the computer world: using evidence remaining after an attack on a computer to determine how the attack was carried out and what the attacker did.

Network Forsensics

Good detective work means paying attention before, during, and after the attack.
BEN LAURIE, A. L. DIGITAL

The dictionary defines forensics as “the use of science and technology to investigate and establish facts in criminal or civil courts of law.” I am more interested, however, in the usage common in the computer world: using evidence remaining after an attack on a computer to determine how the attack was carried out and what the attacker did.

The standard approach to forensics is to see what can be retrieved after an attack has been made, but this leaves a lot to be desired. The first and most obvious problem is that successful attackers often go to great lengths to ensure that they cover their trails. The second is that unsuccessful attacks often go unnoticed, and even when they are noticed, little information is available to assist with diagnosis.

Obfuscation after a successful attack

by Ben Laurie

Perfect Storm: The Insider, Naivety, and Hostility

Every year corporations and government installations spend millions of dollars fortifying their network infrastructures. Firewalls, intrusion detection systems, and antivirus products stand guard at network boundaries, and individuals monitor countless logs and sensors for even the subtlest hints of network penetration. Vendors and IT managers have focused on keeping the wily hacker outside the network perimeter, but very few technological measures exist to guard against insiders - those entities that operate inside the fortified network boundary. The 2002 CSI/FBI survey estimates that 70 percent of successful attacks come from the inside. Several other estimates place those numbers even higher.

The Insider, Naivety, and Hostility: Security Perfect Storm?

Keeping nasties out if only half the battle.

Herbert H. Thompson, Security Innovation, and Richard Ford, Florida Institute of Technology

Every year corporations and government installations spend millions of dollars fortifying their network infrastructures. Firewalls, intrusion detection systems, and antivirus products stand guard at network boundaries, and individuals monitor countless logs and sensors for even the subtlest hints of network penetration. Vendors and IT managers have focused on keeping the wily hacker outside the network perimeter, but very few technological measures exist to guard against insiders—those entities that operate inside the fortified network boundary. The 2002 CSI/FBI survey estimates that 70 percent of successful attacks come from the inside.1 Several other estimates place those numbers even higher.2

Attacks that come from within an organization are not very well understood, and although standard security principles such as discretionary access control and least privilege are simple to understand, their application can be problematic and unsystematic. The issue is trust. Insiders must be trusted to do their jobs; applications must be trusted to perform their tasks. The problem occurs when insiders—be they users or applications—intentionally or unintentionally extend trust inappropriately. There is often a large gap between the rights we believe we are extending to another person, application, or component and the rights that are actually granted. Online trust seems to be an all-or-nothing affair, quite unlike the trust we extend in the nonvirtual world.

by Herbert H Thompson, Richard Ford

Interviews

A Conversation with Brewster Kahle

Stu Feldman, Queue board member and vice president of Internet technology for IBM, interviews the chief executive officer of the nonprofit Internet Archive.

A Conversation with Brewster Kahle

Creating a library of Alexandria for the digital age

Curmudgeon

From This Moment On

Science fiction seems to have spawned two divergent subgenres. One, which is out of favor, paints a bright future for us, assuming an optimistic, Darwinian "perfectability." These scenarios project an ever-expanding (or rather, a never-imploding) cosmos with ample time for utopian evolutions.

From This Moment On

Divining the future of computers with computers

Stan Kelly-Bootle, Author

Science fiction seems to have spawned two divergent subgenres. One, which is out of favor, paints a bright future for us, assuming an optimistic, Darwinian “perfectability.” These scenarios project an ever-expanding (or rather, a never-imploding) cosmos with ample time for utopian evolutions.

by Stan Kelly-Bootle

Articles

Security: The Root of the Problem

Security bug? My programming language made me do it! It doesn't seem that a day goes by without someone announcing a critical flaw in some crucial piece of software or other. Is software that bad? Are programmers so inept? What the heck is going on, and why is the problem getting worse instead of better? One distressing aspect of software security is that we fundamentally don't seem to "get it." In the 15 years I've been working the security beat, I have lost track of the number of times I've seen (and taught) tutorials on "how to write secure code" or read books on that topic.

Security: The root of the problem

Why is it we can't seem to produce secure, high-quality code?

Marcus J. Ranum

 

It doesn’t seem that a day goes by without someone announcing a critical flaw in some crucial piece of software or other. Is software that bad? Are programmers so inept? What the heck is going on, and why is the problem getting worse instead of better?

by Marcus J Ranum