Special Features

Omnia te adversum spectantia, nulla retorsum*

Success has many fathers, while failure is an orphan

Have you noticed that most security alerts that emanate from CERT, Microsoft et al go largely unnoticed by the media. The computing press mention some, often somewhat late, even allowing for print deadlines. But when we have a “big one” there is a bandwagon effect as every man and his dog joins in press briefings. Law enforcement agencies and government departments vie with each other to hold press conferences to warn us of the “big one”, preferably in the company of one of the Alert

Red Alert

The Code Red worm has brought a wake-up call that vividly demonstrates the true vulnerability of corporate and government Internet security infrastructures. It demonstrates, once more, the inherent difficulties in promptly applying patches and configuring systems properly. The Code Red worm exploits a vulnerability that has been known for some time — MS Index Server and Indexing Service ISAPI Extension Buffer Overflow.

The worm defaces sites that run the English version of the Windows NT/2000

If it’s broke, fix it

A vital part of the success in defending against these attacks lies in installing the published patches. However, for many security administrators, patching is such a difficult and time-consuming process that they simply don’t have the resources to stay on top of it. Hackers know that keeping up with patches is tough, and they exploit that fact. This gives them a huge advantage.

It’s becoming increasingly critical that vendors develop and publish patches in a timely manner. But, even then,

Pandora’s Box

The real threat is that with the Code Red worm code released, it’s like opening the lid on Pandora’s Box. The published analysis of the code includes detailed documentation that less-sophisticated hackers can alter and use to implement their own spin-off worms. These descendants could differ in many ways by changing the malicious activity they perform, changing the enabling vulnerability, or improving the target selection, but their impact will be just as severe. Code Red was relatively

Old vulnerabilities never die, they just lie in wait for the unwary and the reckless.

To infect each server a worm exploits a vulnerability on that server. In the case of Code Red, it was an unchecked buffer in the IIS Index Server that allowed the worm to spread. Since the Index Server vulnerability has received so much media attention, many system administrators will apply the appropriate Microsoft patch and no longer will be vulnerable to Code Red in the future. However, since new vulnerabilities in Web servers, operating systems, Internet daemons, and other programs are

Illustrious antecedents

Code Red is just the latest manifestation in a long line of incidents that have impacted on the Internet infrastructure starting way back in 1986 when New England was briefly disconnected from the Arpanet after a communications cable had been severed. Other cause celebre have included Morris’s Internet worm of November 1988, which is estimated to have closed some ten per cent of the Internet nodes, the Melissa virus in 1999 and Love Bug last year.

The latter did not exploit security weaknesses —

Built to withstand a nuclear war, but vulnerable to a naı̈ve smurf attack

The previous threats worked by attacking individual PCs and clogging up the Internet through the creation of vast amounts of e-mail traffic. The smurf attack of February last year was different — the attack was aimed at bringing down some very large targeted websites by swamping the infrastructure with vast amounts of traffic.

It was the day that the corporate world was rudely reminded of the risks of Internet trading and of the need for effective security protection and contingency planning.

Changing topography

According to Louise Kehoe in an article in the Financial Times, the most popular websites now account for a large proportion of Internet traffic. These sites are cached by content delivery networks on thousands of servers. These tend to be on the “edge of the network” to be as close to the user as possible. Almost half of Internet backbone traffic is expected to flow through “edge aggregation points” by 2005, according to a survey by JP Morgan H&Q and McKinsey. This represents a radical change

Pooh Bear Crimes

According to Don Parker, for the first time in history it is possible to possess a crime. It can be downloaded in electronic format from the Internet. It is a perfect crime — the cyber-terrorists do not know how it works, how it was done, or the implications, or who the victim was- bringing a whole new meaning to the phrase- mindless crime. Computer viruses and worms such as Melissa, Love Bug and Code Red will increasingly become tools for extortion and other crimes. Part of the attraction is

Riding the superhighway to oblivion or salvation?

The information superhighway is also the highway of attack for cyber-terrorists and of information for wannabe cyber-terrorists. But it is also the means whereby security alerts can be instantaneously pushed out to users in a timely and effective manner. No longer reliant on the vagaries of postal or telephone communications, or even reading about it in the weekly free newspapers, the alert system can instantaneously inform the user community of a vulnerability or a threat. But all that is to

SPoF/V

All of this relates to the traffic on the super highway infrastructure, but what about the physical infrastructure? I suspect that not many of us have given much thought to the buried cables, switches and so on. Nor, I suspect, whether any of these represent a single point of failure or vulnerability (SpoF/V).

Co-incidental with Code Red, a goods train was derailed in a tunnel in Baltimore, causing an inferno, which disrupted the city and destroyed optical fibre communications lines. The loss of

And she shall have music wherever she goes — but not computer network data!

Banbury is a small market town in the UK midlands famous for buns and a nursery rhyme, situated between Oxford to the south and Birmingham to the north west. It is also the headquarters of a number of large companies. One of those companies had a dedicated two way triangulation network connecting its Headquarters to two other locations — one in the West and one in the North West. The three points formed a triangle and the data could flow either way, so in theory, an incident similar to the one

Seek where you least expect it

Do you know where your organisation’s single points of failure/vulnerability are? Do you know where the main and back-up telecomms lines enter/leave your computer centre and other buildings? Do they become one at any point to give you a single point of failure/vulnerability? Similarly for power lines. Similarly for all aspects of your organisation’s infrastructure.

One final illustration, again from the 1980s. The company manufactured the plastic bodies for telephones. It recognised the fire