Hurricanes Spark Security Threats

The Department of Homeland Security is urging data center managers in areas ravaged by hurricane Katrina to be on their guard for hackers and criminals looking to exploit the disaster and gain access to critical systems.

With the southern U.S. now bracing itself for hurricane Rita, officials at the Departments Computer Emergency Readiness Team (CERT) have warned users in the storm-ravaged region to be on the lookout for electronic threats that “may attempt to exploit new vulnerabilities or take advantage of existing vulnerabilities.”

In a warning on the CERT Website, the agency warns that IT systems used to control the likes of electricity generation, water supplies, transport, and manufacturing are all potentially at risk from attack as the region attempts to get back on its feet.

With users fighting to get their data centers up and running, CERT warns that new system configurations “could potentially leave systems vulnerable to cyber attacks.” Officials add that these, "may come from a threat agent who is targeting a specific system or may come from a virus, worm, Trojan or other malicious software.”

Even in less challenging times, Trojans, which appear harmless but install malicious code across IT systems, strike fear into the hearts of IT managers. There is concern that there are relatively few technologies on the market to deal with this type of threat (see Beware of the Trojans!).Criminal elements have been swift to exploit recent events on the U.S. Gulf coast. Katrina has already spawned a slew of fraudulent emails, as cyber criminals attempt to use the disaster for their own gain. Homeland Security officials have already warned of Websites attempting to trick users into donating money to fraudulent organizations as part of a scam known as phishing (see Katrina Spawns Scam Scum).

But now, with the cleanup and rebuilding operation finally underway, officials are urging users to check that their firewall and router access lists are in effect before they even restart their systems.

The chances are that many users will need to rely on remote support from vendors and systems integrators during this period, which brings its own set of security risks. For this reason, CERT also advises organizations to employ intrusion detection and prevention systems to monitor these remote links.

Technology, though, is only one part of the rebuilding effort, and CERT warns that users need to think carefully about who gets access to critical data center systems. If the people who usually work in the data center are unavailable, the agency says, “then seek the advice of operators in similarly configured facilities, retired staff members, contractors and other persons who may have knowledge of your site.” And after the chaos of the last few weeks, users must ensure that any individual accessing its systems comes from a “trusted and reputable” source.

CERT also warns that users may have to deal with the loss of key data center hardware as a result of looting. Organizations, therefore, should ”conduct a complete point-to-point checkout of the system to identify any missing or damaged components.”There is further information at the following Website:

United States Computer Emergency Readiness Team (US-CERT)

— James Rogers, Site Editor, Next-Gen Data Center Forum