Return-Path: <sentto-279987-2854-1002764211-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 10 Oct 2001 18:38:07 -0700 (PDT) Received: (qmail 11752 invoked by uid 510); 11 Oct 2001 01:36:42 -0000 Received: from n1.groups.yahoo.com (216.115.96.51) by 204.181.12.215 with SMTP; 11 Oct 2001 01:36:42 -0000 X-eGroups-Return: sentto-279987-2854-1002764211-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by n1.groups.yahoo.com with NNFMP; 11 Oct 2001 01:36:51 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 11 Oct 2001 01:36:51 -0000 Received: (qmail 57893 invoked from network); 11 Oct 2001 01:36:50 -0000 Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 11 Oct 2001 01:36:50 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 11 Oct 2001 01:36:49 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id SAA09358 for iwar@onelist.com; Wed, 10 Oct 2001 18:36:49 -0700 Message-Id: <200110110136.SAA09358@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 10 Oct 2001 18:36:49 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:On.The.Cutting.Edge:.Terror.Touches.Infosec] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On The Cutting Edge: Terror Touches Infosec: Attacks on New York, Washington forever changed the meaning and necessity of security. By Lawrence M. Walsh, Information Security, 10/10/2001 <a href="http://www.infosecuritymag.com/articles/october01/departments_news.shtml">http://www.infosecuritymag.com/articles/october01/departments_news.shtml> In what seemed like an infinitely long moment on Sept. 11, the meaning of security changed forever. Glued to TVs and Internet terminals, people around the world watched as two of the country's most distinct landmarks fell, taking with them thousands of lives and our national sense of immunity from terrorism. As the country struggles to come to grips with the enormity of the tragedy at the World Trade Center, the Pentagon and the four hijacked jetliners, the prevalent questions are how could this happen?, and what can be done to prevent it from happening again? "IT security people have their work cut out for them, but they also need to stop thinking of this as a purely technology issue," says Michael Wilson, managing partner of infosec consultancy 7Pillars Partners (www.7pillars.com). "The physical infrastructure is threatened, the sociology that emerges from technology poses problems and any 'weak point' is a potential target, including those that are their professional and personal responsibilities." The good news from the tragedy, if you can call it that, is that the Internet was resilient to the attacks. While the flood of phone calls overwhelmed circuit-based communications, the packet-based networks remained fully operational throughout the crisis. Although individual Web sites were inundated with connections, the main pipes--even the nodes in Manhattan--absorbed the traffic influx. "We're seeing a resilience in the IT infrastructure in connectivity," says Ira Winkler, president of the Internet Security Advisors Group (www.isag.com). "I'm not saying that it can't be brought down, but it withstood this test." Now, the challenge is protecting the nation's governmental and commercial IT assets from a terrorism campaign in cyberspace. While the notion of a cyberspace version of Pearl Harbor is hotly disputed, the threat of distributed denial-of-service (DDoS) attacks, mass malware outbreaks (such as last month's Nimda worm) and the compromise of sensitive information now seems even greater. "What's going to happen? The cyberwars are going to heat up. And it's not going to be just our enemy, but it's also going to be the people who want to take advantage of this situation," says Tom Brady, VP and director of strategic accounts for Secure Computing (www.securecomputing.com). So what's the weakest link in the IT chain? Unfortunately, it remains people. Whether out of malice, carelessness or ignorance, inside users already pose the greatest security threat to IT infrastructures. There's some speculation that the terrorists used trusted and insider relationships to avoid detection and circumvent security measures. This, some say, will undoubtedly change the way people think about trusted relationships. "The greatest threat we have is not knowing or being able to trust the people that you give physical and electronic control to," says Winn Schwartau, president of Infowar.com. Disaster Recovery From an IT perspective, the terrorist attacks proved the necessity for solid disaster recovery and business continuity planning. Ordinarily, disaster recovery planning means anticipating the conceivable--fires, natural disasters, power outages. Few IT managers could have conceived of a disaster on the scale of the World Trade Center attack, but some victimized businesses found their data recovery was made easier by having redundant systems and offsite data storage facilities. "If your business requires computers, World Trade Center or not, you'd better have some pretty good backup plans," says Schwartau. "The financial devastation to come out of this will be far worst than [the financial impact] we're seeing right now." In light of the disaster, many Wall Street and Lower Manhattan firms are reassessing their DR plans. The New York Times reported that companies in the financial district are rushing to disperse their operations to protect their data and infrastructure. "Disaster recovery requires a pretty good amount of money and the cash flow to support it, and that assumes that you've determined what's important...the personnel, equipment to keep my operation going for 60 to 90 days," says Mark Enger, VP of security operations for Digital Defense (www.digitaldefense.net). "And then you have to execute it." Due Diligence AV experts are still running down the origins of the Nimda worm, but they say with some confidence that its appearance almost one week to the minute after the WTC attack is purely coincidental. Nevertheless, the aggressive worm is lending credence to the need for good security for anyone who had previously doubted it. Had Nimda or Code Red broken out during the initial crisis, they could have crippled Internet communications. And while there was no cyberspace component to the attacks, the week following saw a sharp uptake in hacker activity as the U.S. digital underground lashed out at Arab and Islamic sites. The lesson here: routinely apply patches and update antivirus signatures, implement a defense-in-depth strategy and practice proven security procedures and policies. "I know it sounds kind of corny, but it really comes down to whether you're doing the fundamentals," says Ken Brandt, a managing director at Tiger Testing (www.tigertesting.com), who works and lives within the Manhattan disaster zone. Regulations and Government Oversight Government investigators have no doubt that terrorist groups employed IT technology to their advantage. Ironically, says ISAG's Winkler, infosecurity worked to the terrorists' advantage. In response, the Senate included in its $42 billion emergency attack recovery bill provisions for new controls on encryption technology and a relaxing of laws to make it easier to obtain warrants for tapping electronic communications (such as with the Carnivore system). "This is something that we need international cooperation on and we need to have movement on in order to get the information that allows us to anticipate and prevent what occurred in New York and in Washington," says Sen. Judd Gregg (R-N.H.). The provisions are worrisome to civil liberties advocates, who are urging Congress to be cautious in passing legislation that could impact basic privacy and Constitutional rights, while doing little to prevent future terrorist attacks. "What is really important here is to wait and see what methods were employed by the terrorists before bringing legislation that may not improve safety and may represent new attacks on our freedoms," said Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center (www.epic.org). The Future An ironic by-product of the Sept. 11 tragedies is opportunity for the security sector. When the stock markets resumed trading Sept. 17, it seemed like anything with security stamped on its forehead was hot, while the blue chips sank. For instance, the stock value of security firm Cylink (www.cylink.com) increased by more than 150 percent. Analysts don't believe the initial spike in security stocks is necessarily warranted, but they see the technology that's been used exclusively to protect networks will take on a new life in protecting physical assets, as well. The future, some say, is in access control, authentication and encryption technology. Authentication, particularly through biometrics, may become the staple of network and physical security. Some see a greater use of facial recognition systems in airports to pick terrorists out of crowds; and fingerprint readers to control the use of equipment, such as airplane controls. "We're already seeing a shift in the market in various commercial segments for large-scale biometrics deployment," says John Ticer, CEO of biometrics integrator BioNetrix (www.bionetrix.com). "The security awareness that's coming out of this is going to spread across sectors of business." One IT segment that could see a big push is distributed and mobile computing. Kevin Trosian, VP of equity research for Banc of America (www.bofasecurities.com), believes companies will look for ways to preserve business continuity (such as allowing people to work from home) and diminish travel (through teleconferencing, for example). And with that distributed computing comes security, he says. "By allowing users to work form home, it ensures that employees are always working," Trosian says. "If a bomb hits a building, or a tornado or a flood, if you can work from home, the business will be up and running." Regardless of what technologies corporations and the government adopt, Schwartau predicts security will no longer be a backburner issue. "I do know what's going to change, and it's going to change people," says Schwartau. "The security budgets are going to increase big time--the methods of security, the methods of establishing trust have got to change because they are so tied together." Freelance writer SEAN CORCORAN contributed to this report. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST