Another one bites the dust

posted onJuly 15, 2001
by hitbsecnews

By: L33tdawg

Ah yes, the time is ripe for another one of my rants? This time around, it isn?t going to be about the education system (although
I?ve had a fair share of requests to do a Part 2 of Down The Sink Hole, which received its fair share of comments) - this time I?m
going to do a rant about the decrepit state of network security in this country. Yes yes, I know it?s been done before, but all the
same - it?s been troubling me recently, and I need to get it out of my system. Just to give our readers a taste of what?s going
down, let me use the following story (it?s less fiction than you?d imagine) as an illustration:

You have this SME type company, which is certainly no new comer to using the Internet and technology, but they?ve only ventured so far as to use it for e-mail and perhaps for resource purposes. However, they?re now looking to ?dot-com? themselves and move into e-commerce and having an online web presence. They?ve got two choices at this point in time. They can either outsource the web-hosting project, or get themselves a dedicated leased line, and do it themselves. Now after much deliberating, the upper level managers decide that getting their own DSL line in and doing the job themselves would be the best course of action. It makes sense doesn?t it? Get an always on high-speed network connection, save on hosting costs, and get a higher level of control over the machine. So they get themselves a 2Mbps DSL line, get the telecomms? people in to set it up, and they?re on their way. But wait; they haven?t set up their web and mail servers. Oh that?s quite all right, their in house graphics designer knows about ?these things? and will see to it himself. They purchase a server and a firewall, snap it all together and start serving their pages. For 6 maybe 12 months, nothing ?bad? happens, and the director is pleased? things are going well, the new website is bringing in more business, and it looks like the DSL line is paying for itself, until one fine day, he comes into the office, fires up his web browser only to find that his corporate web page has been defaced with a cryptic message by some 12 year old kid in Brazil, that begins with the line of ?w3 0wn3d j00!?

Sounds a little too far fetched? You?d be surprised. The problem of web page defacement and script kiddie or cracker activity doesn?t just end at the new companies moving into the e-commerce and online arena. Companies that have had an online presence and have been around for quite some time have had their fare share of network security headaches, and the problem isn?t going to mysteriously solve itself unless we sit up and do something about it.

Like what? Well the first would be to raise the level of awareness of the people responsible for a companies network. A firewall isn?t going to solve your problems if the server itself is vulnerable. A lot of companies fail to realize this, and instead feel that all they need to protect themselves is an anti viral solution, and an out of the box firewall. Granted that a firewall, does provide SOME level of protection, it isn?t the be all and end all of network security. Security is an on going process - not a solution that you can implement today, and forget about. New vulnerabilities and attacks surface almost every other day (just subscribe to Bugtraq if you don?t believe me). Securing your organizations from attacks originating from the OUTSIDE is a start, but what then for attacks from within? The stories of attacks from behind the firewall aren?t as uncommon as you may think. We?ve got a lot of disgruntled employees these days, and having a good security policy for internal networks is becoming almost essential in maintaining a secure environment. It?s quite pointless in having excellent protection from outside attacks, when all its going to take to breach that protective shield, is an individual from the inside planting a Trojan or opening a backdoor in your system. Your $20,000 security solution has just gone up in smoke. We need to raise the level of understanding amongst individuals of what network security is about, what methods attackers use, and what the limitations of the technology or solutions are.

The second common problem I?ve seen with companies in Malaysia, and Asia in general, is with regards to mindset. Most companies fool themselves into thinking that ?Hey, we?re just ONE website in the sea of millions, what?s the chances that we?re going to get attacked?? Well, sorry to inform you folks, but 9 times out of 10, it?s not a dedicated attack that you should be worried about (i.e. an individual targeting your organization per se, unless of course you happen to be a large target, which in the eyes of attackers, would be a prized trophy). Most often than not, you have the situation of an attacker sitting behind a machine on another side of the planet scanning a subnet or a whole list of IP addresses for a common vulnerability. If your machines IP address happens to come up as vulnerable, that?s pretty much that - you?re going to get attacked. It?s coming to this realization that to the attacker, your machine is just yet another target is what IT managers need to come to grips with. There is a need for a PROACTIVE approach to security as opposed to a reactive one. Don?t wait for something to happen before you do something, fix it while you can.

There is also a third situation that is becoming increasingly widespread. The network administrator who?s also the graphics designer, the content administrator, the database administrator, and the guy who makes the coffee. Companies don?t want to allocate sufficient funds to security as they deem it as ?unimportant? or even as ?a waste of money?? Pretty much due once again to a lack of awareness and their complacent attitude. They much prefer designating the job to someone who might know a little about what needs to be done, and save on employing someone full time, or on getting network security consultants in. As a result, the individual designated the task of maintaining the security of the servers is overworked, having to see to more than just his usual tasks. It?s also too much to expect an in house graphics artists to stay on the cutting edge of network vulnerabilities when its NOT HIS AREA OF EXPERTISE to begin with! Needless to say, in such a scenario, you?re very likely going to end up with a security implementation that?s as strong as a sand castle.

Companies really need to wake up and get their act together. It would also be nice to see MyCERT (the Malaysian Computer Emergency Response Team) getting off their butt and actually HELPING businesses get secured, as opposed to just collecting statistics and re-releasing advisories posted on Bugtraq! Taking the initiative of securing our local machines from petty defacements isn?t a lot to ask for, and there really is no excuse for not doing so. The embarrassment of having your companies site listed on a defacement mirror might serve as some form of deterrent, but judging by the increasing regularity that this is happening, it is obvious people don't learn anything. They?re just too content in wiping their brows and thanking deities that it was not them who were victims. Well, you may have been spared for now, but unless you firm up your security policies and machines, you WILL suffer an attack and it?s only a question of when?

1.)
File removal: How to be sure - madirish

2.)
NT Security Tools - madirish
3.)
Getting Started with SQL (part 3) - L33tdawg
4.)
Anatomy of Brute Force Attacks - madirish
5.)
IIS Script Directory Exploit - madirish
6.)
Another one bites the dust - L33tdawg
7.)
Using PHP Securely - SecuriTeam

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes