Stemming the tide

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By Kevin Jonah
 

Connecting state and local government leaders

By Kevin Jonah

|

The networked world is an increasingly dangerous place. With the possibility of foreign governments or organizations plotting cyberterrorism, there's no end to the number of threats to operations on the LAN, WAN or Internet.

The networked world is an increasingly dangerous place. With the possibility of foreign governments or organizations plotting cyberterrorism, there's no end to the number of threats to operations on the LAN, WAN or Internet.And even if you remove the threat from abroad, there are plenty of domestic hackers who'd like nothing better than to beef up their reputations by making a trophy of your Web site.Keeping your firewall locked down is no longer enough to prevent an attack on your systems'especially in a world where Web services have become part of doing business with your constituency. And as government Web sites become the virtual equivalent of the institutions they represent, hostile hackers can gain big propaganda value out of knocking out a server or merely cutting it off from the world.Take what happened to Al-Jazeera, the Arabic-language news network. The broadcaster had opened an English-language site dedicated to providing coverage of the war in Iraq, but the service was knocked offline by hackers.On March 23, shortly after the network broadcast images of dead and captured American soldiers from Iraq's then-official government TV network, a massive denial-of-service attack was launched against all of Al-Jazeera's sites. The attacks overwhelmed its 100-Mbps Internet connection, and when Al-Jazeera doubled its bandwidth, the attack still managed to drown out users.Later in the week, hackers managed to usurp the Domain Name System listing for the server using a technique known as DNS cache poisoning and redirected traffic to a site with a pro-American message. The hacker site was hidden on a Utah Internet service provider, which then bore the brunt of an antiwar denial-of-service counterattack.Attacks such as distributed denial-of-service and DNS cache poisoning don't require intrusion into the affected network; they're mounted outside from other systems that have been compromised. Tracking the source of these attacks is difficult at best, and traditional intrusion-detection systems'ones that monitor access to and changes to the systems they protect'might not even alert administrators to a problem, let alone prevent the attack.To be successful, a cybersecurity strategy has to go beyond simply detecting intruders or monitoring network traffic.As attacks become more distributed in nature, so must be your defenses. You need to make use of tools such as remote site monitoring and response measurement, network monitoring, and automated network management that take advantage of programmed policies and pattern recognition to launch a response to a developing threat before it takes a network or Web site offline.System managers need to know of weaknesses in their network configurations and system software.Hackers generally exploit bugs in software on a system to begin an attack, whether they are bugs on the target systems, or on outside systems that the hacker intends to use as zombies'hijacked systems that launch concerted attacks against other systems at a hacker's bidding.Attacks often are preceded by a port scan or some other type of probing attack to determine the vulnerability of a system by identifying the operating system or software it runs on. Careful monitoring of network traffic can reveal these probe attacks before they can gain access to vulnerable systems.Once an attacker has an idea of the potential vulnerabilities of a system, he or she can mount a variety of attacks on the system in an attempt to exploit bugs or misconfigurations. Just a few include:Intrusion-detection software is designed to sniff out incoming probes and attacks such as these and either alert a system administrator or security manager, or take some automated action to defend against the attack'or both.Typical intrusion-detection systems monitor the log files and file systems of protected computers for unauthorized changes. But in the world of Web applications and services, this approach by itself might no longer be enough to ensure the security of an organization's data or its ability to sustain operations.New intrusion-detection systems, based on pattern recognition technology and other artificial intelligence software, now monitor the network packets themselves. They watch for signs of an incoming attack and alert administrators before there's a breach of a system that would cause the kinds of changes that a log file and file system scanner would catch.For example, NFR Security Inc.'s NFR IDS system monitors network traffic and performs network analysis, watching for the signature of an attack or for parameters that might indicate an unknown type of attack. It can generate Simple Network Management Protocol traps and events in other management software packages that trigger preprogrammed measures to be taken; it also can send alerts to an administrator's workstation, and e-mail to designated addresses to warn them.But even this level of intelligence might not be enough to stop attacks that attempt to deny access to a network rather than breach its defenses in a traditional way. That is why many organizations are pairing IDS systems with external network monitoring'this approach can detect problems that might be caused by a denial-of-service attack faster.Kevin Jonah, a Maryland network manager, writes about computer technology.

Related Links

These troubleshooting tools sound alarms, plug holes and protect your network

The lowdown on intrusion-detection

Intrusion-detection and monitoring tools can help shore up your network









Spam storm

















Buggy arsenal


  • Creating a buffer overflow by sending more data than the server program is prepared to handle and causing the entry to be stored in memory outside that allocated to the program. The data used in these attacks often includes code that could be executed by the server. This method of attack has been used to exploit documented vulnerabilities in Microsoft Internet Information Services that may have been left unpatched by administrators.

  • Cross-site scripting and other unexpected data entry, in which hackers send strings of script or code as the entries in Web forms. The code could be executed either by the server or by the browser of another user, redirecting them to an external site and capturing data such as user names and passwords.

  • Attacking default setting systems by using commonly known initial security settings on Windows or other systems to gain access to them as a 'superuser.'

  • Blunt-force attacks, using password-guessing software, or other repetitive attacks such as denial-of-service attacks to gain access to or crash a system.











NEXT STORY: Energy will recompete Los Alamos

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.