Security by Obscurity

By Larry Dignan  |  Posted 2003-03-06 Print this article Print

Security by Obscurity According to Caston, DPI probably benefited from "security by obscurity" until now. After the attack, its likely to have a bulls-eye on its network not long after the feds clear out.
The plans—or lack of them—that DPI had in place ahead of the attack will go a long way to determining how quickly itll recover. Executives need to prepare for a hack and map out plans and procedures before it even happens.
"Having a plan in these situations makes all the difference," says Infidels Bace. "It helps to think these things out before youre in a crisis." The intrusion plan should include: creating an emergency response team either in-house or contracted out, clarifying decision-making and weighing options for various attack scenarios. Bace also tells clients to take a "footprint" of your system with software from a vendor like Tripwire. Taken during normal operation, this footprint of the network and its applications can serve as a baseline for when things go awry. Ultimately, this snapshot helps project managers see what an attacker changed. With the planning in place, analysts say responding to an intrusion is much like putting out a fire or working in an emergency room. Analyze the problem, contain it with a short-term fix, eliminate the issue and then ultimately fix it. The main goal after an attack is to fix the problem and keep the business running, says Brady. That means cutting over to your disaster recovery plan or "cold" backups—offline mirror systems—to keep operations going. But beware some short-term fixes. One big mistake is to patch the hole and move on—you could be sealing in malicious code. "Simply patching a system after its hacked is analogous to letting a burglar in your house and then locking the door—if hes in, hes in," says Caston. Consultants say the response depends on the situation. Typical first responses include disconnecting a compromised system from the network and changing passwords. Even those steps, however, can be complicated without forensic analysis done either in-house or through security consultants. "Unless you have absolute knowledge of how a hacker got in, you have to analyze everything on the network," says Caston. More complications can depend on whether the law is involved. Conflicts in the DPI case could emerge because the law enforcement goals to preserve evidence can hold back the companys efforts to resume business. "Law enforcement has specific procedures and rules of custody and they are picky about sharing information," says Bace. "But they are getting better at collecting data in a way that doesnt affect operations." After the immediate crisis passes, business leaders may choose to rejigger network architecture to prevent future attacks. Rubin suggests installing "honey pots"—repositories of fake data—to throw hackers off the trail, reconfiguring firewalls and separating databases that hold key information. Once a company is confident its network is ready for business, executives have to go out and mend some fences. The attack on DPI resulted in added expense for other companies in the credit-card food chain. PNC Bank, based in Pittsburgh, decided to replace 10,000 active cards to allay customer worries, says PNC spokesman Brian Goerke. Goerke wouldnt reveal how much the new cards cost PNC, but Gartner estimates replacement cards run $35 each. "If youre smart and you make it, you come back up in a different environment," says Bace. "Then you need to talk about what steps you took to make damn sure this doesnt happen again."

Business Editor
Larry formerly served as the East Coast news editor and Finance Editor at CNET Prior to that, he was editor of Ziff Davis Inter@ctive Investor, which was, according to Barron's, a Top-10 financial site in the late 1990s. Larry has covered the technology and financial services industry since 1995, publishing articles in, Inter@ctive Week, The New York Times, and Financial Planning magazine. He's a graduate of the Columbia School of Journalism.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel