|
It'll Never Happen to Me
It is not the technology that has the inherent weakness, "it's the management process around the technology that doesn't have security-injected paranoia," Adams says. "You assume you are not a target. You assume no one can do this; therefore, there is no reason to put any extra effort or diligence in managing it."
Wilson of WorldNet says he, too, sees companies in denial about being an attack risk: "People say, 'We are so small,' or, 'Our location is here in Rinky Dink, Pennsylvania; nobody cares about us.' And that is just not the case."
Bob Sensenig, vice president of sales at WorldNet, says the company's security engineers constantly search websites to find the latest and greatest hacking techniques to utilize when "we go into hosting companies or corporate accounts and do vulnerability testing to make sure they are secure from outside hackers."
Peter Perchansky, president of We Manage Servers (www.wemanageservers.com), says the managed services and managed security his company provides to hosting companies and Internet datacenter clients is on the server level.
"We work with companies like WorldNet, where they take the perimeter and we take inside the fence. We make sure all operating systems and application patches are up to date," Perchansky says. "When you look at nimda, Code Red, and similar worms and viruses that are out there - and nimda simulates a denial of service attack by consumption of resources - a lot of those worms and viruses were 100 percent preventable by the application of patches."
Perchansky says even though a hacker may exploit perimeter technologies to get into a network, We Manage Servers believes in starting off with a secure foundation, through the proactive application of patches and making sure all unnecessary services are turned off.
In nearly all of the security audits performed by WorldNet engineers, Sensenig says they find that an intrusion detection system (IDS) should be installed on the network. They recommend several offerings, from industry-leading products to basic economy versions. If the companies are not large enough to have their own 2437 monitoring staff, the IDS can be set up to report back to WorldNet's management console, where engineers can decipher any suspicious signatures and take quick action in the event of an attack.
Up the Creek Without a Paddle?
In the opinion of the hired hacker, Chris Wilson, there is no way a company can prevent a distributed denial of service attack. As he says, "If you are targeted, there's nothing you can do." The only proactive steps are to make sure the Web server or services that may be targeted are running on systems that have enough computing muscle to handle thousands of connections simultaneously without dying and to have a close working relationship with your ISP, Wilson says.
"If you are under an attack, the best thing you can do is gather information about it and contact your ISP, and the trick is to cut the attack as far up your pipeline as you can," Wilson says.
Wilson says an attack might look like this: "They might be doing distributed denial of service, which is yielding maybe 4 Mbps of traffic coming into your network, and you only have a T1 connection [1.54 Mbps]. If your ISP is a high-enough tier that they have an OC3 [155 Mbps] connection to the Internet, you can contact them and ask that they block the ports going to your T1. All of a sudden, your pipe is no longer flooded."
Even if a company blocks an attack at the firewall, attackers can flood the pipe and legitimate customers will not be able to access the network, Wilson says. "So what we are talking about is using routers in that perspective, using them to launch denial of service attacks."
NetSolve's Adams says that although security technologies are great, "if you don't monitor security devices to detect security events, it's pretty useless. It's another router, another network device." NetSolve, which provides remote management to clients globally, applies a real-time response mechanism to security alarms received automatically in its Austin management center.
"We can implement an access control list or shun the IP address of an attack when it starts to propagate, thereby reducing the effects of the attack," Adams says.
In the world of network attacks, hackers will continue trying to compromise routers, and "it is important to include router security as your security planning evolves to ensure your routing infrastructure is protected from intrusion," says Houle of CERT.
Human Error
Security planning sometimes evolves the easy way, sometimes the hard way. Wilson recalls a horror story about a project that almost went bad.
This article is written by Wayne Epperson for HostingTech, a web hosting magazine, and he can be contacted at wepperson@hostingtech.com
|
