May 13th, 2002, 11:04 PM
More Security Spending, More Vulnerable?
More Security Spending, More Vulnerable?
Spending on Internet security continues to grow, yet the worldwide supernetwork remains more vulnerable than ever to viruses, break-ins and terrorism.
Simply put, hackers are getting smarter, and computer networks are getting more complex and difficult to keep safe.
``The rate of growth of our vulnerabilities is exceeding the rate of improvements in security measures,'' said Michael Vatis, former director of the FBI's National Infrastructure Protection Center. ``We're not improving fast enough to keep pace with the problem, let alone get ahead of the problem.''
Bruce Schneier, chief technical officer at Counterpane Internet Security, said companies that invest in security may be reducing their own risks, but new networks with minimal protections are constantly joining the Internet.
``Overall, security goes down,'' Schneier said. ``Things are bad out there, and things are getting worse.''
CERT Coordination Center, the government-funded computer emergency response team at the Carnegie Mellon University, says it received reports last year of 52,658 security breaches and attacks, and 2,437 computer vulnerabilities -- more than double the figures for 2000.
Part of the increase results from greater awareness, and network operators are reporting incidents they wouldn't have noticed in the past, said Marty Lindner, a team leader at CERT.
But hackers have also produced better tools for automating attacks, making them more numerous, Lindner added.
Last year, the Internet was hit with a new class of worms, which unlike viruses do not require human intervention to spread. Code Red and Nimda found new ways to propagate rapidly and tied up Internet traffic worldwide by exploiting well-known software vulnerabilities.
One version of Code Red was also programmed to launch a strike on the White House's Web site on a given date, though the site's administrators took corrective action in time. A second version installed a program that could give outsiders control of infected computers.
``A single threat can now combine a number of different attacks,'' said Stephen Trilling, a research director at security company Symantec Corp.
In addition to unleashing Medusa-like threats, hackers are also quicker to exploit new vulnerabilities, giving system administrators less time to react, said Chris Rouland, director of the X-Force research team at Internet Security Systems Inc.
According to a study from Computer Economics, a research firm, Code Red and Nimda caused more than $3 billion in damages and economic disruption worldwide.
The worms prompted several companies and network operators to bolster their defenses.
As a result, computer security companies saw revenue growth of 15 percent to 20 percent last year, according to Chris Christiansen, a research analyst at IDC.
But that's still lower than the 30 percent to 50 percent growth experienced in past years, Christiansen said. And while security companies said the Sept. 11 attacks initially prompted more inquiries and sales, IDC found no lasting boost in revenues.
Steve Lipner, director of security assurance at Microsoft Corp., sought to put security risks in perspective, saying millions of people use the Internet daily ``without any ill effect at all.''
Even so, Microsoft Chairman Bill Gates directed employees last week to put security and privacy ahead of new capabilities in the company's products.
``If we don't do this, people simply won't be willing -- or able -- to take advantage of all the other great work we do,'' he said in an e-mail memo.
Many security breaches, including Code Red and Nimda, exploited flaws in Microsoft products, and security experts disclosed last month that hackers could seize control of computers running Windows XP -- marketed as the company's most secure system -- unless users installed a patch to fix it.
The risks aren't limited to Microsoft products.
Jerry Freese, director of intelligence at security firm Vigilinx Inc., warned of dangers in the burgeoning world of wireless networks that allow hackers to intercept private communications and even break into systems.
Freese said wireless technologies will face some of the security challenges that wired systems went through earlier.
Another risk lies in home high-speed networks, he said.
Home users tend to be less knowledgeable about security yet their computers are getting powerful enough for hackers to take over and launch denial-of-service strikes, which aim to paralyze a Web site or computer system by flooding it with fake traffic.
Of greatest concern are cyberattacks that could bring down electric power grids, automated teller machines and public transportation systems, disrupting the economy and posing safety risks to the public.
As more efforts are directed at improving physical security -- at national borders and airports, terrorists will look for targets elsewhere -- in cyberspace, said Michael Erbschloe, author of ``Information Warfare: How to Survive Cyberattacks.''
Erbschloe, who is also vice president of research at Computer Economics, said newcomers to the Net, including small- and medium-sized businesses, represent the weakest links.
``Large companies have learned their lessons pretty well, and most government (agencies) are taking this far more seriously,'' Erbschloe said. ``But we still have a growing new population. A lot of people don't have a clue.''
The entire problem comes full circle to the infrastructure implementation of all of these big companies. Just a few years ago, hackers weren't a threat due to hardware and operating systems. They only threatened through virii and insiders. Times have changed, though. Company infrastructures now have to be planned and implemented with security in mind. Rapid patch deployment, redundant systems and redundant backups, etc. Unfortunately, aging IT departments fail to realize the need for an effective infrastructure as much as they do for software. Companies spend billions each year on hiring professional coders and buying commercial products to protect against the software form of hacking. What needs to happen now is a complete revolution in the IT field. Businesses and IT departments need to sit down in the conference room and look at the feasability of reworking their network to increase both physical and logical securities. The game has just begun, and only the smartest players will survive this one.
May 13th, 2002, 11:07 PM
What the hell is up with 6 threads of this on the same forum?
And this article was originally posted somewhere around the 21st of JANUARY...
And the majority of it was from USA-TODAY?
[HvC]Terr: L33T Technical Proficiency
May 13th, 2002, 11:09 PM
I saw that too I just thought it was my comp.... Whats with that?
May 13th, 2002, 11:10 PM
I know it was stupid. But is was a mistake. sorry
May 13th, 2002, 11:13 PM
Hmmm... Two of the six posts had a different icon... Untill I refreshed the page... Now three of them have a different icon...
May 13th, 2002, 11:16 PM
Noticed that too... if it was a mistake wouldn't the icons be the same?
May 13th, 2002, 11:18 PM
Here's a little suggestion...
Delete the other treads!
Click on edit... then check delete and click delete!!!