 |
| |
 |
|
|
|
|
TECHNOLOGY
- March 2002 by Ed Ford Computer Crime
The study, conducted by the Computer Security Institute and the Federal Bureau of Investigation, was based on responses from more than 500 computer security practitioners representing corporate America, government agencies and other organizations. The breaches, according to the survey, resulted in such things as financial loss and fraud, viruses, denial of service, vandalism and theft of transaction information. If you and your Web site have been exempt from security breaches, consider yourself extremely fortunate. Because, a Lexington Internet security specialist says, “if you’re on the Internet, you’re being scanned.” Robert Simpson, vice president and chief technical officer of Systems Design Group (SDG) security services, warns that susceptibility to breaches will continue to increase and that “anyone who believes no one will attack them is being extremely naive.” Computer security breaching, or hacking, falls into two categories, random hacking and targeted hacking, Simpson explains. Random hacking involves dialing a wide variety of IP (computer identity) numbers to gain access to vulnerable computer systems without permission. Targeted hacking is when a particular system is knowingly attacked in order to obtain specific information or data. “Random hacking is the most prevalent,” Simpson noted, “accounting for about 80 percent of the breaches. Generally, such hackers are young and mischievous and doing it for the thrill and challenge. What they’re doing is more of a nuisance and a matter of stealing resources rather than information.” However, such tactics can result in a comprised site with its computer system controlled by the hacker on the internet and used to launch attacks against other machines. Ultimately, the impact can be devastating and so great that a site can be “brought to its knees or taken totally off line.” “There are definitely such things as financial fraud and credit card theft taking place,” Simpson said, “but it’s the ‘script-kiddie’ type of stuff that’s predominant.” Small companies are just as susceptible to breaches as large firms, Simpson related, and, “a majority of the time, a company doesn’t know when a breach has occurred.” But, there are some preventative measures available. The first thing that’s needed is a firewall, Simpson emphasized. This is a basic security system intended to protect a network against external threats. “A firewall is like putting dead bolts and locks on your doors,” the SDG executive explained, “and something that’s A-Number One if you need to be on the Internet. “Then, to determine when someone out there is banging on your firewall, an Intrusion Detection System can be utilized. This allows you to determine what a hacker is attempting to accomplish and where they’re coming from, and, provides an opportunity to block them at that point. “The third step is strengthening authentication. Many organizations just use a user name and password for system authentication. Our firm can provide clients a token, a digital number generator that someone can carry with them that generates a random number synchronized with a number inside a network. When that person enters the network, they must have that token with them.” Simpson said the three-step process is fast becoming fundamental where Internet security and locking systems are concerned. “If someone is just getting e-mail and using it to browse the Internet, it’s pretty easy to lock them down tight with just a firewall, “ he continued. “But, if you want to do e-commerce, video conferencing or other types of communication, other steps need to be taken. The more things you do with your system, the more security risks you’re opening up and the more systems you need to put in place to protect yourself.” Although fundamental security steps can be accomplished within even the smallest organizations, Simpson highly recommends “that you lean on an expert source” to be sure your security system is functioning. “The top two or three firewalls available will more than secure an individual network,” he noted. “However, probably 90 percent or more of the firewalls that are breached are done so because they were misconfigured. It’s important to know how to configure and set it up properly. Systems Design Group, which has some 350 clients, provides security assessments, services and products and even manages sites for customers. Health-care organizations, banks, law-enforcement and government agencies, manufacuring and e-commerce companies are among the clientele heavily concentrated in Lexington, Louisville and Greater Cincinnati. For one client, Simpson recently conducted a test on security breaches. “I put a firewall called Zone Alarm on a single computer and left it, untouched, for 60 days,” he said. “This machine, which had just an IP number on the Internet, registered 1,827 random security breaches in that period of time. If you do the math, it shows that 50-75 security-breach attempts were made against that machine a day, or somewhere in the neighborhood of three or four attempts an hour.” To find out more
about Internet security, visit http://www.sdgky.com
or contact Simpson at mailto:rsimpson@sdgky.com or call (859) 263-7344. Ed Ford is a
staff writer for The Lane Report
|
|
|
|
Copyright 1996-2002, by Kentucky Business Online. All rights reserved. Editorial content
is copyright 2002, Lane Communications Group The Lane Report is a trademark of Lane Communications Group. All other trademarks are the property of their respective owners. |
A
recent computer crime and security survey revealed that computer breaches
increased from 42 percent in 1996 to a current 70 percent.