Armoring Against Cyber-Attacks

 
 
By Chris Gonsalves  |  Posted 2001-09-24
 
 
 

FBI warnings have administrators of the nations corporate networks double-checking—and double-locking—their systems in the wake of recent terrorist attacks.

But despite hacker alerts and a federal Terrorist Threat Advisory, which calls for IT professionals across the country to "implement appropriate security measures—both physical and cyber," experts say corporate America is a long way from being ready or safe.

Security service provider RedSiren Technologies Inc. spent the days after the terrorist assaults advising clients to take down all noncritical external Internet connections, including remote access and instant messaging capabilities. The company followed its own advice, shutting down its external Web site in the wake of the attacks.

RedSiren Chief Security Officer Daine Gary is a member of the FBIs InfraGard advisory board, which issued the terrorist alert. "We know how vulnerable the country could be. We are so dependent on these networks," Gary said.

Since the assaults in New York and Washington, Gary said a number of clients have asked for additional security measures for their networks, which RedSiren, of Pittsburgh, is providing for free for now.

Unisys Corp. is helping numerous clients in the New York and Washington areas get back in business following the attacks, officials said. They declined to name the users. For the rest of its customers, the Blue Bell, Pa., company is stressing caution.

"We are advising clients to be more vigilant," said Sunil Misra, managing principal for the Unisys eSecurity and Privacy practice. "There is, right now, no evidence of an active attack. The logs have been quiet. It may be that the hacker community, like the rest of us, has been taken by surprise and has not taken advantage of the vulnerability."

Misra called the FBI advisory "common sense," even absent specific evidence of an impending attack. He said the state of corporate infrastructure security "is not very good," adding that security assessments of networks serving airlines, nuclear plants, telecommunications facilities and other important functions need to be increased.

"This is not the time to be alarmist," said Misra, in Boston. "But the fact is that the next attacker may not be wielding a knife ... he may be wielding a laptop."

In addition to the general threat advisory, the FBIs National Infrastructure Protection Center said last week that a group of hackers calling themselves The Dispatchers claimed they had already begun a cyber-assault on communications and finance infrastructures.

"There is the opportunity for significant collateral damage," NIPC officials said. "The Dispatchers claim to have over 1,000 machines under their control for the attacks."

The primary concern for RedSiren is safeguarding client networks from attack. But the subversion of corporate computing power for malicious activities is also a concern.

Gary said that while he had no evidence that the recent terrorist assaults had been aided by unauthorized use of networks or computers, "it wouldnt be a surprise to find that out."

Among the recommendations RedSiren is making to clients is to review critical logs for suspicious traffic to keep corporate computers from being used for distributed- denial-of-service attacks and other malicious intents, Gary said.

"Weve taken steps to make sure that we neither get hit by the forces that would do us harm nor that we be used by others as an instrument of assault," said the IT manager of a Boston-based financial services company who requested anonymity.

"There are going to be other actions—we are all pretty sure of that. Cyber-terrorism is bound to be part of the mix.

Rocket Fuel