Internet security holes abound

Internet security holes abound

Abstracts of Recent Articles and Literature infected file, thereby signing it. ‘Clipper’ scrambles all of the data on a hard drive, thereby rendering...

130KB Sizes 1 Downloads 24 Views

Abstracts of Recent Articles and Literature

infected file, thereby signing it. ‘Clipper’ scrambles all of the data on a hard drive, thereby rendering it useless. ‘Lecture’ deliberately formats the hard drive, destroying all data and then scolds the user for not catching it. ‘Clinton’ is designed to infect programs, but it then eradicates itself when it cannot decide which program to infect. ‘SPA’ examines programs on the hard disk to see whether they are properly licensed. Ifillegally copied software is detected, the virus seizes the PC’s modem and automatically dials 211 and asks for help. Datnmation, April 1, 1995, p 22. Internet security holes abound. Recent breaches of Internet security include renewed outbreaks of ‘IP spoofing’ and reports of yet more bugs and insecurities in sendmail. Companies are advised to spend some time thinking about their security budgets, policies and procedures. However, the Internet isn’t solely to blame. Voice mail systems, careless or disgruntled employees and other threats pose equal or greater risks. Also, don’t ignore non-Internet potential security holes, such as admin passwords on voice-mail systems and even the paper recycling process. Nertuork Computing, May 1, 1995,p. 38. Security alert. The Internet is not secure and it poses a security risk for companies that use it. So how can you protect your LAN and valuable data from Internet intruders? Security can come in a number of different forms. It is possible to use access control lists (ACLs) on routers, which can control access to the network, either by filtering on IP address or by defining TCP port numbers. A firewall is probably the highest level of security available at present. Firewalls protect LANs by filtering all network packets that pass through the connection. However, all firewall tools should be used to implement a carefully planned security policy. Without planning it is easy to make mistakes and cause more damage than good. There are generally two schools of thought on the type of protection firewalls can provide: port level and application level filtering. In port level filtering, a firewall examines every packet header against its ACL. This method causes some latency in a network since the sofmare has to check every packet that crosses the gateway. Application level filtering is considered more secure. The firewall authenticates every packet that goes through the network at the application level. This is a much higher level of security. Whichever method of

216

protection you chose, make sure that you have a wellthought-out security plan before purchasing any security tools. PC Magazine, May 16, 1995, p. NEIO. New computer system causes chaos, Hans G/is. Twelve hours after being set into operation the brand new computer system “Bar 16”, designed for traffic steering and control of Hamburg’s important station Altona, stopped all long distance traffic at 7 am on a Monday morning. The reason for this denial of service could not be found before the following Wednesday. Thursday morning, after three days of breakdown, the nightmare was over. The new Siemens system detected a severe, but in reality non-existent, security threat, and consequently interrupted any operation at the station which during the week is used by 100 000 travellers daily. Of that number, 20 000 are long distance travellers. The railway company Deutsche Bahn AG immediately set their contingency plan into force in order to mitigate the situation: Hamburg’s Public Transport took the extra capacity and travellers were brought to Hamburg Central Station fi-om where they could continue their journeys. With the enforcement of these plans the incident only caused “minor chaos”, but a fifth of Germany’s country-wide railways connections were directly or indirectly affected. It was disclosed that a previously undetected software bug in the DM63 million computer system was the reason for the problem. At the same time, the question of product reliability was raised. Computer Fraud G Scclrriry Bulletin, May 1995,p.3. Hacker-trackers hunt electronic cybercrooks, L44u~qeuer A414nro. The growth of the hacker ‘industry’ has led to the birth of a new breed - the hacker-tracker. Hacker-trackers are busy working with police, government agencies and private industries. Hackers, depending on their ability, leave electronic tracks or footprints, but finding and tracking them is a time consuming business. It took the Royal Canadian Mounted Police (RCMP) months to find a 22-year-old computer programmer Mikko Woodroffe who in April pleads guilty to a charge of mischief-to-data for hacking into SFU’s computer in 1993. He was fined $1000 and out on probation for a year. More recently, the work of Sgt. Doug Dzurko of RCMP has led to charges against a Vancouver youth who is due to appear in court on charges of mischief-to-data and unauthorized use of