ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards





Computer systems vulnerable when staffing levels drop

June 4, 1999
Web posted at: 8:53 a.m. EDT (1253 GMT)

by Nancy Dillon

(IDG) -- It's a holiday weekend, and you're relaxing at home when suddenly your pager is telling you to check your network.

  Computerworld's home page
  Computerworld Year 2000 resource center
  Computerworld's online subscription center
 Reviews & in-depth info at's personal news page
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
 News Radio
 * Computerworld Minute
 * Fusion audio primers

You try to log in to the network from home, but it doesn't seem to work. You hurry into the office and find that your computers are rebooting for no apparent reason. Your firewall keeps shutting down. The problem doesn't appear to be hardware related. And network traffic is passing through your firewall.

Suddenly it becomes clear: You're getting hacked.

That was the scenario created by Stephen Northcutt during a Webcast briefing today titled "What the Hackers Know About You: Anatomy of a Christmas '98 Attack." The Webcast was sponsored by The SANS Institute, a cooperative research and education organization in Bethesda, Md.

Holidays are "a high-risk time since systems are unattended," Northcutt said. So administrators should shut down as many nonessential systems as possible during that time, he advised.

Northcutt also warned against the common assumption that hackers are less sophisticated than administrators at Fortune 1000 companies. A typical hack job, according to Northcutt, can involve both software development and unauthorized software installation on target systems. ``Plus, hackers have a technical support structure that's probably more comprehensive than the one available to your organization."

In the event of a hacking incident, administrators should remain calm, according to presentation material supplied by the SANS Institute. The next step is to notify management. Administrators should avoid using e-mail and other network-based communications channels. They should take good notes -- good enough to serve as evidence in a court of law.

It's also important to run a backup copy of the damage for evidence before restoring systems and getting the business up and running again.

Administrators can also try implementing file integrity assessment (FIA) systems to catch hackers before they "make a kill," he said. FIA tools detect changes in file systems and alert administrators when strange things start happening in the file systems, such as shrinking log files. Tripwire Security Systems Inc. in Portland, Ore., offers such tools.

To minimize vulnerability in the future, Northcutt said, companies should take heed of SANS Institute's list of the top seven management errors that lead to computer security vulnerabilities:

  • Pretend the problem will go away if you ignore it.

  • Authorize reactive, short-term fixes so problems re-emerge rapidly.

  • Fail to realize how much money information and organizational reputations are worth.

  • Rely primarily on a firewall.

  • Fail to deal with the operational aspects of security; instead, make a few fixes and then not allow the follow-through necessary to ensure the problems stay fixed.

  • Fail to understand the relationship of information security to the business.

  • Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job.

How do you define a hacker?

Insurgency on the Internet

Feds warn hackers will be prosecuted; pro-Mitnick protest planned
June 2, 1999
Hackers target more federal computers
June 1, 1999
Study warns of a new cyberterrorism called 'netwar'
April 26, 1999
Hackers can turn network cameras, microphones on you
April 16, 1999

Support staffers face holiday hangovers
IT staff still tied to the office
Tips for maintaining a violence-free IT staff
Want to prevent break-ins? Just ask a hacker
Anatomy of a friendly hack
(NetworkWorld Fusion)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

SANS Institute
Tripwire Security Systems, Inc.
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.