News

Security Roundup

• By Scott Bekker
• 02/23/2001

No matter how good you think your company’s network security is, there is a hacker out there who can weasel his way in. Making the hackers’ jobs easier, almost every day a new system vulnerability announcement is made about a major network or systems supplier. You may try to keep current with bugs, fixes, and vulnerability announcements, but there are just too many, so how is a lone network administrator expected to keep up?

You might want to start by checking out ENT’s Security Round-Up. Here we’ll try to keep you on top of what security issues have emerged in recent weeks and what tools are out there to help you defend your company -- who knows, it might just save your network.

In late February, Pilot Network Services Inc. published a survey about the number of hackers attempting to locate vulnerable domain name servers (DNS) across corporate networks. The survey revealed that about 6,000 attempts had been made in January, as compared with about 2,200 in December. Security experts attribute the rise to vulnerabilities found in the Berkley Internet Domain (BIND) serve -- vulnerabilities that hackers suspect have not been repaired since last month’s announcement. Even more disconcerting is that many hackers are now trying to cross-breed automated hacking tools with Internet worms, which could create the landscape for widespread distributed denial of service (DDOS) attacks.

Not wanting to be left out of the fun, Microsoft Corp. rolled out its Internet Security and Acceleration (ISA) server on Valentine’s Day. This latest server, a network firewall, is looking to protect its customers from hacker attacks by detecting intrusion and Web proxying. Taking away some of ISA’s credibility, however, is the recent DDOS that took all of Microsoft’s Web sites offline, as well as the Kournikova virus that plowed through Windows machines and enabled hackers to deface some large corporate Web sites using holes in Microsoft’s IIS server.  But analysts at IDC say as long as users stay on top of the latest updates to ISA they should be “relatively secure.” That poses the question of whether anyone can really keep up with all of Microsoft’s fixes and updates.

Speaking of fixes and updates, other Microsoft products have been tagged this month as having security issues. The company has released a patch to eliminate a security vulnerability in Windows NT 4.0 servers that provide secure remote sessions. This weakness could allow a hacker to prevent an affected machine from providing service. Microsoft is calling this problem a “Malformed PPTP Packet Stream” vulnerability and it affects versions of NT 4.0 but not machines running Windows 2000.

For Microsoft Outlook or Outlook Express users, a different issue must be addressed -- one that allows hackers to run the code of their choosing. This patch repairs a VCard handler that contains an unchecked buffer, and should be applied to Outlook 97, Outlook 2000, Outlook Express 5.01, and Outlook Express 5.5.

A slightly more serious security issue has been disclosed for systems administrators and affects Windows 2000 server, Windows 2000 Advanced Server, and Windows 2000 Datacenter Server. The patch available for this vulnerability should disable hackers from running DOS attacks on the servers, and should be applied to domain controllers.

While Microsoft would probably like it if it could steal the show with its security vulnerability announcements, other things are occurring in the world. Some of the most recent events include, a sweeping attack of the Kournikova virus across computers worldwide, the charging of FBI agent Robert Philip Hanssen as a spy for Russia, and the revelation that the National Security Agency (NSA) -- the spy organization in charge of listening to communications all over the world -- has run into complete network failure in the past.

Aside from the Kournikova virus, the other two security breaches sound like scenes from a James Bond film. With the Russian spy, the FBI said it could have known about Hanssen’s actions long before now had it only run more stringent computer audits. Hanssen repeatedly ran his name and his drop-off locations through the FBI’s computers to see if he was under suspicion for espionage. Finding out that he wasn’t -- and that his computer use wasn’t being audited -- Hanssen was able to continue working with his Russian cohorts for fifteen years. This should stop and make network administrators think: Should you be running audits on your users?

As for the NSA’s debilitating three-and-a-half day loss of computer power, one can only wonder how the most secret U.S. agency -- one twice the size of the CIA and even more covert -- can intercept all of the country’s radio transmissions, faxes, phone calls, and e-mails, yet lose its entire network for nearly four days. The NSA uses security devices such as finger print identification systems and retinal scanning, and it can spy on anyone who sends or receives any kind of message. But with all this technology, its computers can still experience complete failure. It makes you wonder, if the NSA can’t keep their networks up and running, what chance do you have?

Another issue that is crippling the NSA is its lag in technology arena. While it has the ability to keep out unwanted persons, it is admittedly lacking the advanced computing capabilities to monitor illicit transmissions. Even the director of the NSA admits the organization is playing catch-up with Silicon Valley and the widespread technology -- such as cell phones and high-speed computers -- that the technology industry has produced. Corporations and citizens alike may be worried about the NSA snooping on their business, but these revelations prove it is possible that we may be more technologically advanced than the NSA. The question that emerges here is, if the NSA is intent on monitoring illicit transmissions to “protect” the U.S. from wrongdoers, then why would it admit outright that its technology isn’t up to par? As evidenced in the past, when any U.S. government agency admits anything, it is usually only to benefit itself. In this instance, could it really be that the NSA wants help improving its technology, or could it be just a ploy -- masquerading as a way to better defend the American people -- to gain more funding for secret endeavors? Beware of the wolf in sheep’s clothing… - Alicia Costanza