Denial of service attacks reveal the Net's vulnerability
By Zatni Arbi
JAKARTA (JP): Did you have any problem surfing the Net or sending and receiving e-mail in the last two or three weeks? If you did, you were certainly not alone. You and I were just some of those affected by the massive Denial of Service attacks launched by hackers who flooded the Internet with bogus requests for information addressed to some of the most popular Web sites.
Over the last four years I have rarely had to deliver my articles to The Jakarta Post in person. I have almost always been able to e-mail them over. Last week, however, the feature editor did not receive my article when it was already past its deadline. Alarmed, she paged me. Luckily I was able to find some transportation, and I delivered last Monday's article on a floppy diskette through the old SneakerNet.
On Monday, CBN Technical Support e-mailed me, explaining that the previous week's Denial of Service attacks also affected CBN's connection to the backbone in the U.S. As a result, e-mail was accumulating at the server and service was severely affected. By Sunday afternoon, CBN's generally superb performance had been restored.
The results of a recent Gallup poll, which were released last Wednesday, revealed that only 9 percent of Web users in the U.S. actually felt the impact of the malicious attacks. Here in Jakarta I considered myself one of victims since, instead of being able to send my work over the Internet, I had to waste one hour of my time to frantically deliver my article to Jl. Palmerah, Central Jakarta. And, there was the cost of physical transportation too, (although that was nothing compared to the US$ 1.2 billion loss estimated by the Yankee Group for the Feb. 9 attacks).
What did the attacks teach us? First, that despite the assertion by 72 percent of the respondents in the Gallup poll that the Internet had made their life better, it is still vulnerable. Second, no security protection is enough. Much as we, the everyday Internet users, should keep our antivirus programs up-to-date, e-business outfits have also to continuously evaluate their security infrastructure, patch security holes and work together closely with one another as well as ISPs and law enforcers.
Those hackers can also be very maleficent. An article in the Feb. 21 issue of Forbes describes the saga that a NASA computer expert had been going through because he personally challenged the hackers. His marriage was destroyed because of his obsession with combating the hackers. And just last week C-Net News.Com reported that yet another set of tools were now ready to be deployed to launch an even bigger attack than the one we have just experienced. The bad news goes on and on.
It is no surprise then that against this backdrop, 48 percent of those that responded to the Gallup poll believed that there was no safety for their credit card numbers. The news trickles, as companies struggle to keep it secret, but we know that last December about 300,000 credit card numbers were stolen from CD Universe, an Internet music store that sold CDs.
e-Trust
As businesses, organizations and individuals are getting more and more dependent on the Internet, it is vitally important to understand the threats that we are exposed to. Much like the introduction of new computer viruses, attacks from Cyber terrorists will not stop. They will remain a fact of our Internet life. We certainly appreciate the hard work of the FBI and other law enforcement agencies that have been able to put some of the Cyber terrorist behind bars. However, there are many more out there, and the number will keep growing.
There are also threats from inside. Disgruntled employees, industrial spies and perhaps curious staff members pose as much threat to data security and system integrity as much as the external threats.
"What has been happening has taught us how important security is," emphasized Lloyd D. Tanaka, product marketing manager at Computer Associates (CA), during a brief interview last week. "It is imperative that anyone who wants to set up an e-business should build security into his system right from the beginning."
Lloyd could not be more correct. He was in town speaking to senior executives of companies and IT journalists about CA's new line of products called e-Trust. CA called this particular line of products, which has been around for less than a year, an "end- to-end security solution". It includes antivirus, firewall, virtual private network, user management, access control, and most importantly, intrusion detection. It can also be integrated with CA's very popular product Unicenter TNG Framework, a set of integrated tools for managing computing resources across the entire enterprise.
Cooperation
The renewed awareness of the vulnerability of the Internet has prompted a growing number of software and hardware companies into offering products and services that provide a digital fortress for e-businesses. For them it might turn into the next billion- dollar opportunity after the Y2K fever is over. The Iceland-based Computer Associates (CA) is one of these companies, although CA has actually been active in developing Internet security technologies since the early days of e-business.
Intrusion Detection is one of the most important features of e-Trust. "With this feature, the system security administrator will be notified immediately if there is suspicious traffic," explained Lloyd, "If malicious codes are detected, then the company will be prompted to take appropriate action against it."
If you like, you can download a free trial version of CA's e- Trust Intrusion Detection from their web site, www.cai.com. And, while you're at their Web side, find and download their white paper titled "Protecting your e-business from Cyber Terrorists."
Intrusion detection is actually a generic term, and different vendors may offer different names of products that do more or less the same thing. Regardless of which vendor you choose, it will take more than just an intrusion detection to counter Internet terrorism such as the Denial of Service attacks. It will require concerted efforts from all the good guys, including the software and hardware vendors, to make the Internet a safer place.