Computer systems vulnerable when staffing levels drop
June 4, 1999
by Nancy Dillon
(IDG) -- It's a holiday weekend, and you're relaxing at home when suddenly your pager is telling you to check your network.
You try to log in to the network from home, but it doesn't seem to work. You hurry into the office and find that your computers are rebooting for no apparent reason. Your firewall keeps shutting down. The problem doesn't appear to be hardware related. And network traffic is passing through your firewall.
Suddenly it becomes clear: You're getting hacked.
That was the scenario created by Stephen Northcutt during a Webcast briefing today titled "What the Hackers Know About You: Anatomy of a Christmas '98 Attack." The Webcast was sponsored by The SANS Institute, a cooperative research and education organization in Bethesda, Md.
Holidays are "a high-risk time since systems are unattended," Northcutt said. So administrators should shut down as many nonessential systems as possible during that time, he advised.
Northcutt also warned against the common assumption that hackers are less sophisticated than administrators at Fortune 1000 companies. A typical hack job, according to Northcutt, can involve both software development and unauthorized software installation on target systems. ``Plus, hackers have a technical support structure that's probably more comprehensive than the one available to your organization."
In the event of a hacking incident, administrators should remain calm, according to presentation material supplied by the SANS Institute. The next step is to notify management. Administrators should avoid using e-mail and other network-based communications channels. They should take good notes -- good enough to serve as evidence in a court of law.
It's also important to run a backup copy of the damage for evidence before restoring systems and getting the business up and running again.
Administrators can also try implementing file integrity assessment (FIA) systems to catch hackers before they "make a kill," he said. FIA tools detect changes in file systems and alert administrators when strange things start happening in the file systems, such as shrinking log files. Tripwire Security Systems Inc. in Portland, Ore., offers such tools.
To minimize vulnerability in the future, Northcutt said, companies should take heed of SANS Institute's list of the top seven management errors that lead to computer security vulnerabilities:
Feds warn hackers will be prosecuted; pro-Mitnick protest planned
RELATED IDG.net STORIES:
Support staffers face holiday hangovers
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.