Surviving Network Attacks

Vol. 2 No. 4 – June 2004

Surviving Network Attacks

Blaster Revisited:
A second look at the cost of Blaster sheds new light on today’s blended threats.

What lessons can we learn from the carnage the Blaster worm created? The following tale is based upon actual circumstances from corporate enterprises that were faced with confronting and eradicating the Blaster worm, which hit in August 2003. The story provides views from many perspectives, illustrating the complexity and sophistication needed to combat new blended threats.

by Jim Morrison

The Hitchhiker’s Guide to Biomorphic Software:
The natural world may be the inspiration we need for solving our computer problems.

The natural world may be the inspiration we need for solving our computer problems. While it is certainly true that "the map is not the territory," most visitors to a foreign country do prefer to take with them at least a guidebook to help locate themselves as they begin their explorations. That is the intent of this article. Although there will not be enough time to visit all the major tourist sites, with a little effort and using the information in the article as signposts, the intrepid explorer can easily find numerous other, interesting paths to explore.

by Kenneth N Lodding

Network Forensics:
Good detective work means paying attention before, during, and after the attack.

The dictionary defines forensics as “the use of science and technology to investigate and establish facts in criminal or civil courts of law.” I am more interested, however, in the usage common in the computer world: using evidence remaining after an attack on a computer to determine how the attack was carried out and what the attacker did. The standard approach to forensics is to see what can be retrieved after an attack has been made, but this leaves a lot to be desired. The first and most obvious problem is that successful attackers often go to great lengths to ensure that they cover their trails. The second is that unsuccessful attacks often go unnoticed, and even when they are noticed, little information is available to assist with diagnosis.

by Ben Laurie

The Insider, Naivety, and Hostility: Security Perfect Storm?:
Keeping nasties out if only half the battle.

Every year corporations and government installations spend millions of dollars fortifying their network infrastructures. Firewalls, intrusion detection systems, and antivirus products stand guard at network boundaries, and individuals monitor countless logs and sensors for even the subtlest hints of network penetration. Vendors and IT managers have focused on keeping the wily hacker outside the network perimeter, but very few technological measures exist to guard against insiders - those entities that operate inside the fortified network boundary. The 2002 CSI/FBI survey estimates that 70 percent of successful attacks come from the inside. Several other estimates place those numbers even higher.

by Herbert H Thompson, Richard Ford

A Conversation with Brewster Kahle:
Creating a library of Alexandria for the digital age

Stu Feldman, Queue board member and vice president of Internet technology for IBM, interviews the chief executive officer of the nonprofit Internet Archive.

From This Moment On:
Divining the future of computers with computers

Science fiction seems to have spawned two divergent subgenres. One, which is out of favor, paints a bright future for us, assuming an optimistic, Darwinian "perfectability." These scenarios project an ever-expanding (or rather, a never-imploding) cosmos with ample time for utopian evolutions.

by Stan Kelly-Bootle

Security: The Root of the Problem:
Why is it we can’t seem to produce secure, high-quality code?

Security bug? My programming language made me do it! It doesn’t seem that a day goes by without someone announcing a critical flaw in some crucial piece of software or other. Is software that bad? Are programmers so inept? What the heck is going on, and why is the problem getting worse instead of better? One distressing aspect of software security is that we fundamentally don’t seem to “get it.” In the 15 years I’ve been working the security beat, I have lost track of the number of times I’ve seen (and taught) tutorials on “how to write secure code” or read books on that topic.

by Marcus J Ranum