Denial of service attacks reveal the Net's vulnerability

Denial of service attacks reveal the Net's vulnerability

By Zatni Arbi

JAKARTA (JP): Did you have any problem surfing the Net or
sending and receiving e-mail in the last two or three weeks? If
you did, you were certainly not alone. You and I were just some
of those affected by the massive Denial of Service attacks
launched by hackers who flooded the Internet with bogus requests
for information addressed to some of the most popular Web sites.

Over the last four years I have rarely had to deliver my
articles to The Jakarta Post in person. I have almost always been
able to e-mail them over. Last week, however, the feature editor
did not receive my article when it was already past its deadline.
Alarmed, she paged me. Luckily I was able to find some
transportation, and I delivered last Monday's article on a floppy
diskette through the old SneakerNet.

On Monday, CBN Technical Support e-mailed me, explaining that
the previous week's Denial of Service attacks also affected CBN's
connection to the backbone in the U.S. As a result, e-mail was
accumulating at the server and service was severely affected. By
Sunday afternoon, CBN's generally superb performance had been
restored.

The results of a recent Gallup poll, which were released last
Wednesday, revealed that only 9 percent of Web users in the U.S.
actually felt the impact of the malicious attacks. Here in
Jakarta I considered myself one of victims since, instead of
being able to send my work over the Internet, I had to waste one
hour of my time to frantically deliver my article to Jl.
Palmerah, Central Jakarta. And, there was the cost of physical
transportation too, (although that was nothing compared to the
US$ 1.2 billion loss estimated by the Yankee Group for the Feb. 9
attacks).

What did the attacks teach us? First, that despite the
assertion by 72 percent of the respondents in the Gallup poll
that the Internet had made their life better, it is still
vulnerable. Second, no security protection is enough. Much as we,
the everyday Internet users, should keep our antivirus programs
up-to-date, e-business outfits have also to continuously evaluate
their security infrastructure, patch security holes and work
together closely with one another as well as ISPs and law
enforcers.

Those hackers can also be very maleficent. An article in the
Feb. 21 issue of Forbes describes the saga that a NASA computer
expert had been going through because he personally challenged
the hackers. His marriage was destroyed because of his obsession
with combating the hackers. And just last week C-Net News.Com
reported that yet another set of tools were now ready to be
deployed to launch an even bigger attack than the one we have
just experienced. The bad news goes on and on.

It is no surprise then that against this backdrop, 48 percent
of those that responded to the Gallup poll believed that there
was no safety for their credit card numbers. The news trickles,
as companies struggle to keep it secret, but we know that last
December about 300,000 credit card numbers were stolen from CD
Universe, an Internet music store that sold CDs.

e-Trust

As businesses, organizations and individuals are getting more
and more dependent on the Internet, it is vitally important to
understand the threats that we are exposed to. Much like the
introduction of new computer viruses, attacks from Cyber
terrorists will not stop. They will remain a fact of our Internet
life. We certainly appreciate the hard work of the FBI and other
law enforcement agencies that have been able to put some of the
Cyber terrorist behind bars. However, there are many more out
there, and the number will keep growing.

There are also threats from inside. Disgruntled employees,
industrial spies and perhaps curious staff members pose as much
threat to data security and system integrity as much as the
external threats.

"What has been happening has taught us how important security
is," emphasized Lloyd D. Tanaka, product marketing manager at
Computer Associates (CA), during a brief interview last week. "It
is imperative that anyone who wants to set up an e-business
should build security into his system right from the beginning."

Lloyd could not be more correct. He was in town speaking to
senior executives of companies and IT journalists about CA's new
line of products called e-Trust. CA called this particular line
of products, which has been around for less than a year, an "end-
to-end security solution". It includes antivirus, firewall,
virtual private network, user management, access control, and
most importantly, intrusion detection. It can also be integrated
with CA's very popular product Unicenter TNG Framework, a set of
integrated tools for managing computing resources across the
entire enterprise.

Cooperation

The renewed awareness of the vulnerability of the Internet has
prompted a growing number of software and hardware companies into
offering products and services that provide a digital fortress
for e-businesses. For them it might turn into the next billion-
dollar opportunity after the Y2K fever is over. The Iceland-based
Computer Associates (CA) is one of these companies, although CA
has actually been active in developing Internet security
technologies since the early days of e-business.

Intrusion Detection is one of the most important features of
e-Trust. "With this feature, the system security administrator
will be notified immediately if there is suspicious traffic,"
explained Lloyd, "If malicious codes are detected, then the
company will be prompted to take appropriate action against it."

If you like, you can download a free trial version of CA's e-
Trust Intrusion Detection from their web site, www.cai.com. And,
while you're at their Web side, find and download their white
paper titled "Protecting your e-business from Cyber Terrorists."

Intrusion detection is actually a generic term, and different
vendors may offer different names of products that do more or
less the same thing. Regardless of which vendor you choose, it
will take more than just an intrusion detection to counter
Internet terrorism such as the Denial of Service attacks. It will
require concerted efforts from all the good guys, including the
software and hardware vendors, to make the Internet a safer
place.