RSS |
 |
| W O R K S H O P | |
| |
Anatomy of a Network Intrusion October 18, 1999 By Greg Shipley Empty Red Bull cans litter the floor, reflecting the warm glow of the monitors. Alongside the sketch boards lie drained liters of Mountain Dew, partially eaten burritos and dozens of 486 machines configured as Linux Beowulf clusters. A Pentium II machine plugged into a seemingly endless line of surge suppressors hums as it continues to brute-force password guesses at a rate of 10 million per second. Only 12 more hours to go... All the machines have their lids off--no hard-core geek is ever satisfied with the state of a system. Legal pads are covered with IP addresses, penciled network maps and port numbers. As the attackers' scripts relentlessly scan for the presence of the recently identified CGI vulnerability, they continue to exchange notes with the crew on IRC (Internet Relay Chat). They figure once they've compromised a few dozen ISPs--creating a network of "stepping stones"--they can forge ahead to their target. It's all about buffer space--a disposable safety net with a redo button. If they "own" a dozen machines between them and their target, they can attack with the confidence that only a cyborg in a time machine could ever gather enough info to snag them--only a handful of organizations have the manpower or expertise to catch intruders who leave no trail. Attack, clean, reattack--and gain as much net space as possible. Auditor? Cracker? Strung-out administrator? The roles can be interchanged and the distinction blurred, with one exception: The crackers have the easiest task. They need find only one open doorway; the defenders must check every lock. "It takes one to know one" may be cliché, but it holds up in the network security arena. Understanding how attackers operate is invaluable--in fact, it's your best defense. The concept of "hacking" into your own network for security purposes isn't new. Dan Farmer published a paper in 1995 entitled "Securing Your Site by Breaking Into It" (www.fish.com/security/admin- guide-to-cracking.html). Network Computing published a similar article a few years ago (see "Intrusion Detection Provides a Pound of Prevention" at www.networkcomputing.com/815/815ws1.html). Many of the time-tested security principles still hold true. However, attackers' tools and talent have taken giant leaps. Each time security products mature, so do attack methodologies, and if you fall behind on either, you're setting yourself up for a nightmare.
Cracking Some Myths
| |
|
PAGE: 1 I 2 I 3 I NEXT PAGE |
|
Best of the Web
Data deduplication: Declawing the clones
Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.
Compression, Encryption, Deduplication, and Replication: Strange Bedfellows
One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.
WAN Optimization Whitelists and Blacklists
Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.
WAN Optimization as a Managed Service: It's Not About the Cost
This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.
