1
Computers & Security, Vol. 17, No. 8 have data protection rules, and this could include E- mail routed through these countries, even by accident. Neil Barrett, security expert at Bull Information Systems commented, “Companies are going to have to make sure that every item of data on their intranet does not end up on a foreign server. Or they need to take steps to protect the data being use din that coun- try in a way that would breach the act.” This could cause problems for users of US-based ISPs which pro- cess all their E-mail through a central US sorting ofhce before returning it to the UK. Barrett com- mented that IT managers are “woefully ignorant” of the amount of work the new law will generate. Comprrtiyy, September 10, 1998, p. 22. Rich pickings for hackers, Lisa Kelly. Information security consultancy Diligence has stated that around 90% of Web sites can be penetrated and shut down within ten minutes. This vulnerability puts corporate reputations and assets at stake. Harry Kam, Diligence’s director of communications stated that, “It is usually only a matter of hours before the hacker can gain access to the entire IT system.” According to Rob Hailstone, research director at Bloor Research, organi- zations should report hacking attacks in order to act as a deterrent to other hackers, yet more often than not attacks are not publicized as companies regard them as embarrassing. One unnamed research company had its system violated via the Web with the result that every PC on the network had its hard disk wiped. Computiq, October 8, 1998, p. 4. Symantec buys anti-virus line, Arzdy Suntoni. Symantec has purchased Intel’s anti-virus business and has licensed Intel system-management technology. Symantec will use the technology to assist in building its Digital Immune System (DIS) in conjunction with IBM. DIS combines Symantec’s products with neural network technology from IBM designed at creating an automated environment to keep systems running. Norton AntiVirus engine technology will be integrat- ed into a product that Intel already has under devel- opment, which will in turn be integrated with Intel LANDesk Management Suite and launched as a new Norton AntiVirus product. The product will include management functionality such as: distribution, con- figuration, lockdown, remote operations and event management and logging. Intel will honor all existing support and maintenance agreements for the current versions of LANDesk Virus Protect, and with Symantec will continue to sell Version 5.0 until the new product is available. lrlfotu&i, October 5, 1998, p.41. Network security under attack? Buy insurance, Bob Wallace. Insurance companies are starting to team up with IT vendors to offer coverage for network security problems, provided that organizations take adequate security measures to make themselves insur- able. “It is definitely a new area for insurance compa- nies, one that helps them diversify and offer new prod- ucts and services to corporations”, commented John Santucci, director of IT insurance practice at KPMG Peat Marwick LLP. “It’s important for them to partner with technology companies to understand the risks and the lay of the land for the industry they’re enter- ing.” Cigna has teamed up with NetSolve and Cisco Systems to offer insurance which covers companies for computer crime that involves: theft of money securi- ties and property, damage by hackers to a company’s data or software, and business losses stemming from attacks on a company’s computer system. Although it does not cover bugs in software or damage done by viruses. In another move, Sedgewick has teamed with IBM and offers security insurance and coverage for hacker damages to Web sites. Computerworld, October 5, 1998, p. 4. Low flying hackers pose growing threat. System administrators are slowly becoming aware of a type of hacking that has been taking place which is slipping under the radar of traditional firewalls. Low-band- width hacking involves a number of hackers working together from varying locations, intermittently send- ing sets of IP packets against a network to test for vul- nerabilities. As these packets come from different hosts at varying intervals, they are not detected by the majority of intrusion-detection applications currently on the market. Although low-bandwidth hacking may have been going on for some time, it only came out into the light recently when it was documented by the Shadow project of the US Department of the Navy’s Surface Warfare Center. “We’re still not sure. Our logs seemed to indicate that someone had been poking at 717

Network security under attack? Buy insurance

Embed Size (px)

Citation preview

Page 1: Network security under attack? Buy insurance

Computers & Security, Vol. 17, No. 8

have data protection rules, and this could include E- mail routed through these countries, even by accident. Neil Barrett, security expert at Bull Information Systems commented, “Companies are going to have to make sure that every item of data on their intranet does not end up on a foreign server. Or they need to take steps to protect the data being use din that coun- try in a way that would breach the act.” This could cause problems for users of US-based ISPs which pro- cess all their E-mail through a central US sorting ofhce before returning it to the UK. Barrett com- mented that IT managers are “woefully ignorant” of the amount of work the new law will generate. Comprrtiyy, September 10, 1998, p. 22.

Rich pickings for hackers, Lisa Kelly. Information security consultancy Diligence has stated that around 90% of Web sites can be penetrated and shut down within ten minutes. This vulnerability puts corporate reputations and assets at stake. Harry Kam, Diligence’s director of communications stated that, “It is usually only a matter of hours before the hacker can gain access to the entire IT system.” According to Rob Hailstone, research director at Bloor Research, organi- zations should report hacking attacks in order to act as a deterrent to other hackers, yet more often than not attacks are not publicized as companies regard them as embarrassing. One unnamed research company had its system violated via the Web with the result that every PC on the network had its hard disk wiped. Computiq, October 8, 1998, p. 4.

Symantec buys anti-virus line, Arzdy Suntoni.

Symantec has purchased Intel’s anti-virus business and has licensed Intel system-management technology. Symantec will use the technology to assist in building its Digital Immune System (DIS) in conjunction with IBM. DIS combines Symantec’s products with neural network technology from IBM designed at creating an automated environment to keep systems running. Norton AntiVirus engine technology will be integrat- ed into a product that Intel already has under devel- opment, which will in turn be integrated with Intel LANDesk Management Suite and launched as a new Norton AntiVirus product. The product will include management functionality such as: distribution, con- figuration, lockdown, remote operations and event

management and logging. Intel will honor all existing support and maintenance agreements for the current versions of LANDesk Virus Protect, and with Symantec will continue to sell Version 5.0 until the new product is available. lrlfotu&i, October 5, 1998,

p.41.

Network security under attack? Buy insurance, Bob Wallace. Insurance companies are starting to team up with IT vendors to offer coverage for network security problems, provided that organizations take adequate security measures to make themselves insur- able. “It is definitely a new area for insurance compa- nies, one that helps them diversify and offer new prod- ucts and services to corporations”, commented John Santucci, director of IT insurance practice at KPMG Peat Marwick LLP. “It’s important for them to partner with technology companies to understand the risks and the lay of the land for the industry they’re enter- ing.” Cigna has teamed up with NetSolve and Cisco Systems to offer insurance which covers companies for computer crime that involves: theft of money securi- ties and property, damage by hackers to a company’s data or software, and business losses stemming from attacks on a company’s computer system. Although it does not cover bugs in software or damage done by viruses. In another move, Sedgewick has teamed with IBM and offers security insurance and coverage for hacker damages to Web sites. Computerworld, October 5,

1998, p. 4.

Low flying hackers pose growing threat. System administrators are slowly becoming aware of a type of hacking that has been taking place which is slipping under the radar of traditional firewalls. Low-band- width hacking involves a number of hackers working together from varying locations, intermittently send- ing sets of IP packets against a network to test for vul- nerabilities. As these packets come from different hosts at varying intervals, they are not detected by the majority of intrusion-detection applications currently on the market. Although low-bandwidth hacking may have been going on for some time, it only came out into the light recently when it was documented by the Shadow project of the US Department of the Navy’s Surface Warfare Center. “We’re still not sure. Our logs seemed to indicate that someone had been poking at

717