- By Scott Bekker
No matter how good you think your company’s network security
is, there is a hacker out there who can weasel his way in. Making the hackers’
jobs easier, almost every day a new system vulnerability announcement is made
about a major network or systems supplier. You may try to keep current with
bugs, fixes, and vulnerability announcements, but there are just too many, so
how is a lone network administrator expected to keep up?
You might want to start by checking out ENT’s
Security Round-Up. Here we’ll try to keep you on top of what security issues
have emerged in recent weeks and what tools are out there to help you defend
your company -- who knows, it might just save your network.
In late February, Pilot
Network Services Inc. published a survey about the number of hackers
attempting to locate vulnerable domain name servers (DNS) across corporate
networks. The survey revealed that about 6,000 attempts had been made in
January, as compared with about 2,200 in December. Security experts attribute
the rise to vulnerabilities found in the Berkley Internet Domain (BIND) serve
-- vulnerabilities that hackers suspect have not been repaired since last
month’s announcement. Even more disconcerting is that many hackers are now
trying to cross-breed automated hacking tools with Internet worms, which could
create the landscape for widespread distributed denial of service (DDOS)
Not wanting to be left out of the fun, Microsoft Corp. rolled out its Internet
Security and Acceleration (ISA) server on Valentine’s Day. This latest server,
a network firewall, is looking to protect its customers from hacker attacks by
detecting intrusion and Web proxying. Taking away some of ISA’s credibility,
however, is the recent DDOS that took all of Microsoft’s Web sites offline, as
well as the Kournikova virus that plowed through Windows machines and enabled
hackers to deface some large corporate Web sites using holes in Microsoft’s IIS
server. But analysts at IDC say as long
as users stay on top of the latest updates to ISA they should be “relatively
secure.” That poses the question of whether anyone can really keep up with all
of Microsoft’s fixes and updates.
Speaking of fixes and updates, other Microsoft products have
been tagged this month as having security issues. The company has released a
patch to eliminate a security vulnerability in Windows NT 4.0 servers that
provide secure remote sessions. This weakness could allow a hacker to prevent
an affected machine from providing service. Microsoft is calling this problem a
“Malformed PPTP Packet Stream” vulnerability and it affects versions of NT 4.0
but not machines running Windows 2000.
For Microsoft Outlook or Outlook Express users, a different
issue must be addressed -- one that allows hackers to run the code of their
choosing. This patch repairs a VCard handler that contains an unchecked buffer,
and should be applied to Outlook 97,
Outlook 2000, Outlook Express 5.01, and Outlook Express 5.5.
A slightly more serious security issue has been disclosed
for systems administrators and affects Windows 2000 server, Windows 2000
Advanced Server, and Windows 2000 Datacenter Server. The patch available for
this vulnerability should disable hackers from running DOS attacks on the
servers, and should be applied to domain controllers.
While Microsoft would probably like it if it could steal the
show with its security vulnerability announcements, other things are occurring
in the world. Some of the most recent events include, a sweeping attack of the
Kournikova virus across computers worldwide, the charging of FBI agent Robert Philip Hanssen as a spy for
Russia, and the revelation that the National
Security Agency (NSA) -- the spy organization in charge of listening to
communications all over the world -- has run into complete network failure in
Aside from the Kournikova virus, the other two security
breaches sound like scenes from a James Bond film. With the Russian spy, the
FBI said it could have known about Hanssen’s actions long before now had it
only run more stringent computer audits. Hanssen repeatedly ran his name and his
drop-off locations through the FBI’s computers to see if he was under suspicion
for espionage. Finding out that he wasn’t -- and that his computer use wasn’t
being audited -- Hanssen was able to continue working with his Russian cohorts
for fifteen years. This should stop and make network administrators think:
Should you be running audits on your users?
As for the NSA’s debilitating three-and-a-half day loss of
computer power, one can only wonder how the most secret U.S. agency -- one
twice the size of the CIA and even more covert -- can intercept all of the
country’s radio transmissions, faxes, phone calls, and e-mails, yet lose its
entire network for nearly four days. The NSA uses security devices such as
finger print identification systems and retinal scanning, and it can spy on
anyone who sends or receives any kind of message. But with all this technology,
its computers can still experience complete failure. It makes you wonder, if
the NSA can’t keep their networks up and running, what chance do you have?
Another issue that is crippling the NSA is its lag in
technology arena. While it has the ability to keep out unwanted persons, it is
admittedly lacking the advanced computing capabilities to monitor illicit
transmissions. Even the director of the NSA admits the organization is playing
catch-up with Silicon Valley and the widespread technology -- such as cell
phones and high-speed computers -- that the technology industry has produced.
Corporations and citizens alike may be worried about the NSA snooping on their
business, but these revelations prove it is possible that we may be more
technologically advanced than the NSA. The question that emerges here is, if
the NSA is intent on monitoring illicit transmissions to “protect” the U.S.
from wrongdoers, then why would it admit outright that its technology isn’t up
to par? As evidenced in the past, when any U.S. government agency admits
anything, it is usually only to benefit itself. In this instance, could it
really be that the NSA wants help improving its technology, or could it be just
a ploy -- masquerading as a way to better defend the American people -- to gain
more funding for secret endeavors? Beware of the wolf in sheep’s clothing… - Alicia Costanza
Scott Bekker is editor in chief of Redmond Channel Partner magazine.