|
 |
 |
Key facts:
On average, 60 per cent of organizations suffered a security breach in the last two years1
During 2001, the number of emails containing viruses detected
by a leading scanning service rose above the one per 400 mark2
Unchecked viruses ( malware) could cost businesses
£907 (USD 1,280) billion world-wide by the end of 20023
One survey found that 90 per cent of sampled businesses experienced computer breaches
in a 12-month period - up from 62 per cent in the previous year4
Security breaches are often caused by poorly implemented internal processes,
lack of staff awareness and lax controls on contractors
40 to 60 per cent of breaches in security are due to (internal) operator errors5
Operational continuity safeguard investments . . .
can help sustain your business's integrity, improve the reliability
of your service and give greater confidence to your customers.
DTI Information Security Breaches Survey 2000.
Message Labs, reported
in the Guardian newspaper, August 2001.
Price Waterhouse Coopers. (PwC)
Internet Security Investor Handbook
– Lehman Brothers, March 2001.
DTI Information Security Breaches Survey 2000.
|
HIGHLIGHTS 10-01
November 10, 2001
Editors:
Linda Garrison
Martin Grand
Source:
http://www.nipc.gov/publications/highlights/2001/highlight-01-10.pdf - _blank
Connect It and They Will Come: No Grace Period for Internet-connected Hosts
New Internet victim or host computers can be located by malicious parties in a short period
of time. Computer systems (with high-speed connections) which are NOT properly secured
may be compromised within days or even minutes of connecting to the Internet
due to the increased usage of automated scanning tools.
The hypothesis that newly connected Internet hosts can be quickly found by hackers has been
confirmed by researchers from the Honeynet Project, a computer security research group.
In a study published earlier this year, the group reported these observations:
One of the project’s research computer systems was compromised
just 15 minutes after being connected to the Internet.
Seven computers running default installations of a popular Linux distribution
were attacked within three (3) days of connecting to the Internet.
A default Microsoft Windows 98™ system was compromised five (5) times in under four days.
These and other observations challenge common misconceptions many users
and some system administrators have about connecting systems to the Internet:
Misconception 1: "I won’t tell anyone about my computer,
so no one will ever even find it."
Misconception 2: "There are millions of computers connected to the Internet,
so the odds against anyone targeting my computer are very low."
Misconception 3: "With all the other important and high-profile servers on the Internet,
no one would want to break into my computer."
The impact of automated scanning tools allows individuals to scan tens of thousands
of Internet addresses in a short time. Like many home systems, the computers used
in the Honeynet Project @ IWS were NOT advertised or associated with a particular company.
No one knew the systems were connected to the Internet except by discovering them
through scanning ranges of Internet addresses, looking for vulnerable hosts to exploit.
After compromising the targets, intruders can examine the victimized computer for exploitable information such as personal information that can be used for identity theft, or they can utilize
the host to attack other systems on the Internet.
- Many users hook up to the Internet with the intent of later implementing security measures.
It is imperative that users implement & test security before connecting their computers
to any public network.
- Some good starting points for identifying
potential problem areas are these online resources:
·
Quick Intro to CyberCrime Fighting for All Stakeholders
at www.acctts.com/dimens-1.html#A11A & ACCTTS-CiberPAC-Tips
·
The SANS/FBI list of the Twenty (20) Most Critical Internet Security Vulnerabilities
at http://66.129.1.101/top20.htm - _blank Version 2.500 October 10, 2001
Copyright 2001, The SANS Institute
·
NIPC’s CyberNotes via www.nipc.gov
·
The Honeynet Project -- http://project.honeynet.org
Cyber Crime vs. Malicious Hacking
Cyber crime is loosely defined in suggested
readings for Capella PDC TS5070.
However, cyber terrorism is defined more clearly by Dr. Dorothy Denning.
Dr. Denning’s cyber terrorism definition suggests that any illegal activity conducted against a computer, network or the data it manages is a case of cyber terrorism. From that perspective, the cyber criminal and Malicious hacker are members of different subsets within a common cyber terrorist’s profile.
A Malicious Hacker includes those on "intellectual curiosity" excursions or
hacktivists. These are any person who is doing the crime without any attempt to profit. This person operates with the intent to further a social or personal cause (as stated by Vincent Weafer) or a person who gets a rush proving their intelligence or craftiness by compromising the security of either a person or company.
A cyber criminal is more interested in personal gain than making a statement. This is a person who is stealing, committing fraud or destroying another person’s reputation or disrupting networks
or altering decision support systems for financial gain.
- How can we classify differences between these two behavior profiles?
It is all relative. . . despite different motives, a Malicious Hacker, Cyber Criminal or Cyber Terrorist
may use similar tools and techniques to gain entry to, steal, deface or otherwise disrupt the performance or integrity of your network. Both have similar impacts on operational continuity!
Imagine the Cyber Terrorist as a parent, the big bad daddy of cyber crime. Assuming this is the case, both the Cyber Criminal and Malicious Hacker become the Cyber Terrorists’ two felonious offspring
who (haven’t) grown to fill the shoes of their terrorist parent . . . yet!
Adapted from workshop discussion draft by
Christopher E DeCamp
"Chris" <cdecamp@shastacollege.edu>
'You might not see things yet on the surface, but underground, it's already on fire.'
Indonesian writer Y.B. Mangunwijaya,
July 16, 1998 (taken from No Logo)
http://www.iwar.org.uk/hackers/index.htm
- Use effective software protection from
malware.
A - Have it correctly installed on your workstation,
B - Check for new virus signature updates DAILY . . .
C - Scan ALL files either incrementally or periodically.
Click here for
NDU KnowledgeNet Glossary . . .
Also scan
NCMS Trusted Access & www.humanfirewall.com
To learn more about . . .
Tips, Tricks and Traps to AVOID
CyberTerrorism - Fact or Fancy?
by Mark M. Pollitt (FBI Laboratory)
http://www.cs.georgetown.edu/~denning/infosec/pollitt.html
Alt-Source:
http://www.soulcare.org/Geopolitical-Terroism.html
________________________________________
Cyber Terrorism
- A Vulnerability That Makes Global Security Inevitable
** Georgetown University - Cybercrime, Infowar, and Infosecurity
(This Georgetown site has an index to a vast array of related links !!)
http://www.cosc.georgetown.edu/~denning/infosec/index.html
http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html [23-May-2000]
Is cyberterrorism a real threat?
http://news.cnet.com/news/0-1005-200-330023.html
Russia, China, Yugoslavia developing cyberterrorism tactics against U.S.
http://www.worldtribune.com/Archive-2000/ss-cyberterror-01-10.html
- Resource: ZDnet Site Map:
@
http://techupdate.cnet.com/enterprise/0-9500-724-6906160.html
Don't fail your security audit. . .
@
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2824604,00.html
Cleaning Up After an Incident
SECURITY STRATEGIES --- 11/14/2001
Exploited systems that remain compromised continue presenting
a security risk to themselves and others on the Web
Source:
http://www.itworld.com/nl/security_strat/11142001/pf_index.html
Brent Huston earned his Associate of Applied Science degree in Electronics at DeVry Technical Institute (Columbus, Ohio) in 1994. His 12 years of professional experience has demonstrated his knowledge of cyber security testing, network monitoring, scanning protocols, firewalls, viruses and virus prevention formats, incident response, forensic computing, and hacker techniques.
As President and CEO of MicroSolved, Inc., he and his staff have performed system and network security-consulting services for Fortune 500 companies and all levels of governmental facilities. He is an accomplished computer and information security speaker, published numerous white papers on security-related topics, and worked as co-author and technical editor of the book "
Hack Proofing Your E-Commerce Site" from Syngress Publishing.
Title:
SWAT Teams and War Rooms: Preparing for Day Zero . . .
Published: June 1, 1999
Company: Cutter Consortium (View All Company's Documents)
Language:
English
Type:
Analyst Report
Format:
HTML
Length:
21 Page(s)
Abstract: Written by Ed Yourdon, Cutter Consortium Chairman and leading Y2000 expert,
this Y2000 Executive Report "SWAT Teams and War Rooms: Preparing for Day Zero and
the Y2000 End Game" goes beyond Y2000 contingency planning to detail the role of crisis command centers (war rooms) and on-site rapid response teams (SWAT teams).
For large organizations, the creation of war rooms and SWAT teams is becoming a "best practice." This report provides an understanding of these end-game strategies and
what we should expect as we enter the final stretch toward Y2000.
Subject(s):
Executive Management | IT Management | Year 2000
More Documents on these Subjects
Authors:
Ed Yourdon, Chairman, Cutter Consortium
TEL: 781-648-8700
FAX: 781-648-8707
Author Bio:
Edward Yourdon, Chairman of Cutter Consortium, is widely known as the lead developer
of the structured analysis/design methods of the 1970s. He is the editor
of the Cutter IT Journal, an information technology management journal.
File-ID: ACCTTS-CiberPAC-ECip-N28.htm
Rev: 11/28/01 7:20 AM CST
