Network Computingwww.networkcomputing.com

If some or all of this intrusion detection information is new to you, you're probably fairly concerned about your own network. But remember folks, we're the good guys. People frequently ask us questions about the risk of such an attack happening to them. What follows is our advice to you.

Q: What skill set is required to carry out a successful attack against my organization?

A: It depends on how quickly the attackers need results, and of course, what they're aft er. A team of skilled attackers may accomplish their goals in three to four days. A lone attacker with rudimentary skills may require several weeks or more. Even beginners will eventually get to their target, provided they are not discovered in the process. You may even have random joy riders, who quickly gain access to one system in your organization, simply to use it as a jumping off point to attack completely unrelated entities on the network. They collect systems here and there, much like collecting baseball cards or stamps. They have no real goal, other than to collect.

Q: Does the size of my network affect the chances of a successful attack?

A: Yes, chances for success are a function of the size of an organization's network. The bigger, the better. There are more things to misconfigure and it's harder to monitor and control. Although there is the possibility of a small business employing not adept or poorly trained individuals, even a large, well-staffed organization will lose by falling victim to its own interdepartmental politics and poor communicat ion. Think of the tale, Jack and the Beanstalk: "The bigger they are, the harder they fall."

Q: I'm concerned about all these direct network connections we're putting up to our business partners. Should I be worried?

A: This is an element of network security that we don't test for reasons of defined scope. We are limited to our clients networks and computing resources and don't have permission to launch a proxy attack against their business partners' assets. On several occasions we have seen unrestricted network access to and from other organizations partnering with our client. In a real-life attack scenario, the attackers may decide that a direct attack is too difficult. Using publicly available sources, they would determine who the target organization had network connections to. They would then launch an attack against the business partner with the sole intent of using the trusted network connection for the attack against the intended targ et. These connections are almost never firewalled. Soun ds far-fetched? Think again, it's already being done.