Pinched by tough, new data-privacy regulations on the one hand and aging Internet protocols on the other, IT security administrators said they are struggling to balance security with the needs of users and regulations and are losing hope that the war on malicious code will ever be won.
On and off the show floor at the Information Security Decisions show here this week and in one-to-one conversations, conference attendees have been scratching their heads over a witchs brew of new attacks and stealthy malicious code. The popularity of instant messaging applications is a major concern for people such as Chandler Howell, an information security manager at Motorola Inc., in Schaumburg, Ill., who said employees who chat over IM are vulnerable to potent new IM worms, phishing attacks and other IM-borne threats.
Networks of compromised computers, known as botnets, also make up a growing problem that touches many corporate networks, but they are difficult to detect and stop, according to David Dittrich, a senior security researcher at the University of Washingtons Center for Information Assurance and Cybersecurity in Seattle.
Originally developed in the early 1990s to manage far-flung IRC (Internet Relay Chat) networks, bots allow remote attackers to command tens or even hundreds of thousands of compromised machines using IRC commands that can launch DOS (denial-of-service) attacks or distribute spam, Dittrich told an audience of IT experts in a session called “Beating Back Botnets.”
In recent years, bots have been adopted by the computer underground and malicious-code-writing communities, which have used worms to drop bot programs on vulnerable systems and melded the bots remote control features with viruslike self-propagation code. Today, bots such as Agobot and Phatbot come packed with powerful propagation features, a full menu of commands, features that can detect and disable detection software, and back doors for hackers that are open, even if the bot is cut off from its network, Dittrich said.
IT administrators need to understand how botnets function and get comfortable using network-traffic-capture and analysis tools, as well as study botnet traffic to understand which systems on their networks are infected and what their role in the botnet is, Dittrich said.
Mobile users who take laptops home that become infected with bots and other malicious code and then reconnect the laptops to corporate networks are frustrating even the most conscientious network security policy, said Michael Wilson, corporate security manager at Warner Music Group, in New York, who attended the session on botnets.
Part of the problem may be that key Internet protocols, such as HTTP and TCP/IP, lack security controls, according to a presentation by William Hancock, chief security officer at leading ISP Savvis Communications and a well-known expert on large-scale network security.
Those protocols were designed for a smaller Internet focused on research and academic pursuits and so lack features needed by practitioners on todays global network of hundreds of millions of hosts, Hancock said.
Threats such as bots and IM worms take full advantage of those open protocols, hiding in otherwise innocuous network traffic or encrypting communications to disguise attacks, experts say.
The tenacity of malicious code has dimmed the hope of some IT security professionals that advancements in security technology might put down many Internet threats for good, said Simon Hearsey, senior systems manager in the Department of Microbiology at the University of Washington School of Medicine, in Tacoma.
“I think the attitude has gone from Lets get to zero attacks to Lets make sure we protect the crown jewels,” Hearsey said.