[iwar] [fc:Are.Hacking.Defenses.Winning.the.War?]

From: Fred Cohen (fc@all.net)
Date: 2002-07-22 20:47:06


Return-Path: <sentto-279987-5023-1027395916-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 22 Jul 2002 20:49:07 -0700 (PDT)
Received: (qmail 30342 invoked by uid 510); 23 Jul 2002 03:44:25 -0000
Received: from n34.grp.scd.yahoo.com (66.218.66.102) by all.net with SMTP; 23 Jul 2002 03:44:25 -0000
X-eGroups-Return: sentto-279987-5023-1027395916-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.199] by n34.grp.scd.yahoo.com with NNFMP; 23 Jul 2002 03:45:16 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 23 Jul 2002 03:45:16 -0000
Received: (qmail 94839 invoked from network); 23 Jul 2002 03:45:16 -0000
Received: from unknown (66.218.66.218) by m6.grp.scd.yahoo.com with QMQP; 23 Jul 2002 03:45:16 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 23 Jul 2002 03:45:15 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6N3l6W05637 for iwar@onelist.com; Mon, 22 Jul 2002 20:47:06 -0700
Message-Id: <200207230347.g6N3l6W05637@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 22 Jul 2002 20:47:06 -0700 (PDT)
Subject: [iwar] [fc:Are.Hacking.Defenses.Winning.the.War?]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: ***

Are Hacking Defenses Winning the War?
<a href="http://www.newsfactor.com/perl/story/18663.html">http://www.newsfactor.com/perl/story/18663.html>
Newsfactor Network

By Tim McDonald NewsFactor Network  July 18, 2002

DoS attacks remain the most common threat. But, according to security
experts, DoS attacks do not necessarily present the same kind of threat
to national infrastructure that they once did.


Learn how the right management practices can speed the enablement of
e-business enterprises, while providing continuous availability,
flexibility and scalability. Get a copy of the IBM white paper,
"Infrastructure Resource Management: A Holistic Approach" today at
www.ibm.com.


The problem with hack attacks these days is that they are no longer
easily recognizable. Like snipers, they hide in the shadows. They can
also disguise themselves as something else.

"We can no longer say, OK, there's a neat box called viruses and there's
a neat box called hackers and there's a neat box called spam," Sam
Curry, security architect of antivirus company McAfee (Nasdaq: MCAF)
told NewsFactor.

"All the tools are available to anybody out there who wants to
potentially hurt people, companies or the Internet at large."

Of course, security companies have vested interests in publicizing
computer crimes, hoaxes and scams, but there are a number of independent
confirmations that computer crime continues to grow.

'Incidents' Soaring

The federally funded Computer Emergency Response Team (CERT) reports
that "incidents" -- which includes anything from a single host computer
being hacked to hundreds of thousands of affected sites -- are on the
upswing.

Reported incidents have increased from six in 1988 to more than 52,600
in 2001, and we are on pace to break that again this year. Already in
2002, more than 26,800 incidents have been reported.

Vulnerabilities reported last year numbered 2,437, twice that of the
previous year. And in the first quarter of this year, 1,065
vulnerabilities were reported. Security alerts are also up, from 26 in
2000 to 41 last year, with nine in the first quarter of 2002.

Methodologies Improving

DoS attacks remain the most common threat. These involve brute force and
require more than a simple firewall to mitigate them. Experts point out
that network processors using separate hardware devices are needed to
blunt high-speed DoS attacks.

Still, DoS attacks don't necessarily present the same kind of threat to
national infrastructure that they once did.

"They continue, but the methodologies for mitigating them have
improved," Stephen Nesbitt, a NASA computer crime investigator, told
NewsFactor.

"DoS [attacks] require a variety of systems to target a domain," Nesbitt
said. "Usually, systems are compromised for the purpose of creating a
network. The larger the network, the larger the bandwidth, the more
danger they can do downstream. And you can compound that by adding other
kinds of attacks."

Web Services Vulnerable

Consumer security companies maintain the threat is growing. "NASA is
thinking of national critical systems and their exposure," McAfee's
Curry said. And as they grow in popularity, Web services are
particularly vulnerable.

"If you're a business, you cannot afford to have transactions slowed,"
said Curry. "If you're a home user, you can't afford to have bandwidth
unavailable."

"Web services can't be riding really close to the line," Curry said.
"They have to be very careful they're not near their maximum capacity
most of the time, because if they get [a DoS attack] their service will
go down, their servers will be damaged and their revenue will get hit."

Hybrids on Rise

The Nimda virus, which hit last September 18th, drove Internet traffic
levels up worldwide -- in some places to the point where Internet
service providers and broadband  providers could not secure service.

"As people turn more and more to the Internet to do more things, their
computers are doing more than just e-mail and Internet," Curry said.
"They're doing file-sharing, chats, interacting in more ways and they're
doing it faster. I would say the more you interact and the faster you do
it, the more likely you are to get infected or attacked."

Curry said hackers are using more tools to daze and confuse victims.

"We're seeing more hybrid threats, combinations of virus tools and
hacker tools that can potentially take over systems," he said. "They're
part virus/worm, part remote control Trojan. We're starting to see that
spam is more than just a nuisance now -- it's also a major security
threat."

Spammers are Cheap

Perpetrators of fraud send fake virus alerts, posing as antivirus
companies. When users click to get protection, they find themselves
giving their credit card numbers to buy nonexistent virus protection.

"The expense of doing spam is so low, criminals anywhere in relative
anonymity can use that as a tool to take advantage of people, steal
their identification, harass them and potentially steal from them," said
Curry.

And Kevin Houle, one of the authors of a CERT white paper on the subject
of DoS attacks, told NewsFactor, "The problem of denial-of-service is
fundamentally ingrained in the way that the Internet is built."

"The Internet is comprised of limited, consumable resources. Thus, it's
possible [for hackers] to consume those resources. That's not likely to
change any time in the near future."

According to the experts, then, the safest course of action is to assume
that DoS and similar attacks are here to stay, to take the appropriate
defensive measures -- however ineffective they may prove to be.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Free $5 Love Reading
Risk Free!
http://us.click.yahoo.com/NsdPZD/PfREAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT