Return-Path: <sentto-279987-3129-1003467860-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 18 Oct 2001 22:07:11 -0700 (PDT) Received: (qmail 16924 invoked by uid 510); 19 Oct 2001 05:05:13 -0000 Received: from n8.groups.yahoo.com (216.115.96.58) by 204.181.12.215 with SMTP; 19 Oct 2001 05:05:13 -0000 X-eGroups-Return: sentto-279987-3129-1003467860-fc=all.net@returns.onelist.com Received: from [10.1.1.221] by n8.groups.yahoo.com with NNFMP; 19 Oct 2001 05:05:35 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 19 Oct 2001 05:04:20 -0000 Received: (qmail 48209 invoked from network); 19 Oct 2001 05:04:18 -0000 Received: from unknown (10.1.10.26) by 10.1.1.221 with QMQP; 19 Oct 2001 05:04:18 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 19 Oct 2001 05:04:17 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9J54HT02669 for iwar@onelist.com; Thu, 18 Oct 2001 22:04:17 -0700 Message-Id: <200110190504.f9J54HT02669@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 18 Oct 2001 22:04:17 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Internet.Security.-.Virtual.weapons.against.cyber.criminals] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Internet Security - Virtual weapons against cyber criminals Kevin James Vella, Europe Media, 10/18/2001 <a href="http://www.europemedia.net/showfeature.asp?ArticleID=6164">http://www.europemedia.net/showfeature.asp?ArticleID=6164> The internet is a human invention and is thus a mirror of our decadent society. Within our society there live various people with equally distinct personalities, and some who unfortunately take delight in spray painting other people's walls, knocking down stop signs and post-boxes, and perpetrating all kinds of scams, such as credit card fraud and embezzlement. The internet has its own version of the infamous "Bronx". People deface websites, issue phony, misleading press releases to manipulate stock prices, and break into large credit card number databases for fun and profit. Taking all of this into consideration, I have to wonder what my virtual assets are and how criminals can attack them. What virtual 'guns' should I carry to protect my cyberlife? Apart from physical removal, there are various ways and means of accessing your virtual assets, such as: 1. Via floppy-drives and CD drives 2. Via electro-magnetic emissions from your monitor 3. Via the local area network 4. Via inter-networks through e-mails and criminal attacks on servers Essentially, this report will only concentrate on the home and office environment that uses a PC or server. By focusing on these areas, I can then better reduce my security talk to address three areas, namely, viral attacks, attacks to clear fraudulent transactions, and hacking. A white paper published by Mc Afee states that "hackers and virus writers have realized that the increased use of the internet within businesses and homes has provided them with an enormous communications infrastructure to exploit. As virtually all internet users use e-mail, it has become the preferred method of virus distribution. Internet e-mail provides writers with an easy means of replication with little effort on their part. They no longer have to devise schemes for virus replication or rely on file distribution; flexible e-mail systems offer scripted methods of generating mail." Viral Attacks I believe that many people are aware of viruses and the extent of their reach, because of all the hype the media covers around this problem. My experience working for a system integrator has provided me with a rich insight into viral attacks. I have seen many examples of virus propagation, from the exchange of floppy disks to the purchase of infected original software. One of my worst virus experiences happened when a technician who was supposed to fix my mouse, unknowingly, infected my home computer with a virus. The technician, who didn't know what he was doing, told me that I had a faulty motherboard. Unfortunately, I believed him and, in my ignorance, I told him to scrap my PC so I could purchase a new one. Upon later inspection, however, I found that that the incompetent technician himself used an infected floppy disk that had effected the BIOS by disabling the floppy drive. When my PC booted up, it showed an error. Although the error was easy to fix, it was too late, as the technician had misinformed me. A virus outbreak that disrupts the flow of your organization's e-business activity is no longer merely a nuisance as it will actually affect profitability. In fact, 1999 saw more than US$12.1bn (E13.39bn) in damages as a direct result of virus infections, more than twice than of all previous years combined. The trend escalated in 2000, when the Love Bug caused more than US$6.7bn (E7.4bn) worth of damage in just two weeks. Perhaps the most tempting targets for virus writers are file servers, which warehouse your critical information and thousands of employee shared folders. Just one worm in one shared folder in the server can quickly spread throughout the network, causing irreversible damage. There are many affordable solutions that clear away obnoxious and costly attacks on your virtual assets, such as Mc Afee, Norton, Panda, among others. Visit any of these sites and you may even download a free scanner. Locally, we are on top of the problem since the anti-virus software market began to boom back in 1993/4 when the product Dr. Solomon's was pioneered. Hacking and Illegitimate Transactions Many people may have romantic representations of hackers as teen computer whiz kids sitting at their desks in the middle of the night typing away at the virtual security walls belonging to the Pentagon or the CIA servers. Yet, their actions are not very romantic as these criminals do billions of dollars of damage every year. Don Clark of the Wall Street Journal reports that "wireless links are increasingly being used by companies to connect desktop and laptop computers without using wires." Cigital, a computer security company in Dulles, Virginia, said it has identified a new way to exploit vulnerabilities that have been uncovered in a technology used for wireless local networks. The attack could allow a skilled hacker, armed with a laptop computer and a wireless modem, to view or modify e-mail, web pages or other documents being passed through the wired parts of a company's networks, according to Robert Fleck, the Cigital consultant who documented the problem. This latest security issue builds on earlier discoveries about a popular wireless technology, which is variously known by the term Wi-Fi, or the numerical designation 802.11b. Many companies ship 802.11b hardware with security settings at the lowest level. Meanwhile, companies that do not adjust these settings, broadcast unscrambled packets of data through networks, leaving them helpless against anyone eavesdropping. After this problem was publicized, researchers found that the encryption technology used to scramble those packets, when it is turned on, can be quickly cracked in an hour or so by hackers armed with some software programs that are easy to obtain. Mr. Fleck of Cigital combined those wireless vulnerabilities with an attack known as ARP poisoning, from the acronym for address resolution protocol. The attack manipulates software in the circuit boards that connect computers to corporate networks. That software contains addresses of other connected machines. Meanwhile, a skilled hacker can fool the software to make it seem like his machine has an authorized address to receive data packets on the network. An attacker who understood both techniques could use a laptop with a wireless connection to enter a company's wireless network, and then effectively tell machines on the wired portion of the network to pass all data packets through his laptop." The most obvious solution to the problem is to segregate the gateway device that acts as the front door for machines making wireless connections to a network. This can be done by using firewalls. The only way to make your computer completely hacker proof is to turn it off or disconnect it from the internet. The real issue, however, is how to make your computer '99 per cent' hacker proof. An unprotected computer connected to the internet via broadband is like leaving your car running with the doors unlocked and the keys in it. A broadband internet connection is easier to hack because it is "always-on" and often has a static IP address. This means that once a hacker finds your computer, it is easier to find it again. Most 56k dial-up internet connections use a new IP address each time you connect, which makes it much harder to find your computer again unless a Trojan horse has been installed that can phone home each time you connect. If a real hacker decides to attack your computer, you can make it difficult for the hacker to get in, but if they are good at it, they will eventually find a way in. That is why large organizations have computer security staff and consultants working non stop to protect their computer networks. Aside from the numerous firewalls sitting on our LAN, I recently downloaded a personal firewall from TinySoftware, which is an object of wonders as it tells me who is trying to send me information. In conjunction with a product called Visual Route, I can check the source and permit or deny transfer. I was shocked at how much incoming and outgoing security alerts I received after installing my first firewall. I had never imagined how many things were going on around me. Using personal firewalls, anti-virus, anti-Trojan and privacy software will protect your computer and data from most, if not all, hackers, commercial data collectors and "mal-ware" (viruses, worms & Trojan horses), as long as you install them correctly and keep them updated. If you are connecting two or more computers to the internet, you should also use a hardware router with firewall features. For corporations, firewalls are absolutely necessary nowadays. As the number of companies connected to the internet and extranets increases exponentially every month, the threat becomes even more real and dangerous. In the age of the extended enterprise, investments in firewall software and firewall appliances are increasing as a variety of vendors rush to ride the security wave. A firewall is a system utilized to enforce access control between two networked entities. In essence, the firewall uses two mechanisms: the first exists only to block traffic and the second exists to permit traffic. It allows people inside the organization, who are behind the firewall, to access information on the outside and prevents people on the outside from getting into the user's system. Meanwhile, a firewall appliance is a dedicated hardware and software system whose sole purpose is to function as the implementer of the defined access control policy. A fully featured firewall appliance will include NAT (Network Address Translation), DMZ (De-Militarized Zone), VPN (Virtual Private Network), intrusion detection and extensive audit logging with alarm condition detection and reporting. Content filtering can also be a highly desirable option to prevent pornography and specific non-work related web sites from being accessed. j A firewall is ideally a combination of hardware and software consisting of several layers of protection designed to intercept and prevent penetration by intruders. There are three basic types of firewalls: 1. The simplest type is known as a screening router or packet filter firewall. This solution screens every packet for content and decides whether to pass through or deny access. This approach provides the very minimum of security and is easily breached. 2. A second firewall approach utilizes a technique known as state-full inspection which is more efficient than packet filtering at preventing spoofing by comparing patterns of arriving data with data from previously accepted packets. 3. The third and most secure approach is known as the proxy server. The proxy server sits between the internal network and all locations outside the network and does not allow direct traffic to pass directly through. By using these methods, you can manage to keep hackers from entering your system. In my following article, I will discuss fraud screening. Kevin James Vella Kevin is now responsible for spearheading e-shore's international business goals. His work experience is mainly related to Business-to-Business marketing of IT solutions and investment services. Kevin authors educational articles on the internet in several Maltese publications and newspapers. © 2000 Europemedia. All rights reserved. Want more information? Go to Europemedia's and Industry factfiles for detailed background information and analysis. Alternatively search related articles in our archives to get a full picture. Subscribe to your own personalised europemedia.net weekly newsletter at rounding up all the major events and teends in the new media, internet, telecoms and IT industries across Europe. You chose which countries and which industry sectors you want to receive news on. <a href="http://www.europemedia.net/newsletter.asp">http://www.europemedia.net/newsletter.asp> ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST