by Joe Jenkins
|Internet Security and Your Business - Knowing the Risks
last updated Nov. 6, 2000
In February 2000, denial of service attacks against web giants like Yahoo and eBay garnered a lot of attention from the media and from the Internet community. When it comes to problems with Internet security, it is usually major attacks against big companies that get the headlines. Unfortunately, many small or home business owners do not realize that they are just as likely to be targeted as any large company. As a consequence of existing in the digital age, almost everyone is vulnerable to breaches of security. If your business relies on computer or Internet technology, you need to be prepared to deal with security issues.
What is Internet Security?
Internet security can be defined as the protection of data from theft, loss or unauthorized access, use or modification. With the constantly evolving nature of the Internet, it is vital that users continuously protect themselves and their information. This issue is so important that many large firms employ full-time security experts or analysts to maintain network security. However, few, if any, home and small business owners can afford that luxury. Therefore it is up to small-office users to take these issues into their own hands.
Attackers, Hackers and Crackers
Any time a large attack is reported in the media, there is a great deal of speculation about who perpetrated the attack and why. By now, most people have heard the term ?hacker? bandied about by the media. Often attacks are blamed on these so-called hackers. Who or what are hackers? What role do they play in Internet security and what motivates them to do what they do?
The term hacker was originally used to refer to a self-taught computer expert who is highly skilled with technology, programming, and hardware. Many hackers employ these skills to test the strength and integrity of computer systems for a wide variety of reasons: to prove their own ability, to satisfy their curiosity about how different programs work, or to improve their own programming skills by exploring the programming of others. The term hacker has been adopted by the mass media to refer to all people who break into computer systems, regardless of motivation; however, in the media the term hacker is often associated with people who hack illegally for criminal purposes. Many in the Internet security community strongly disagree with this use of the term.
People within the Internet community tend to refer to people who engage in unlawful or damaging hacking as ?crackers?, short for ?criminal hackers?. The term cracker generally connotes a hacker who uses his or her skills to commit unlawful acts, or to deliberately create mischief. Unlike hackers whose motivations may be professional or community enhancement, the motivation of crackers is generally to cause mischief, create damage or to pursue illegal activities, such as data theft, or vandalism.
Some of the most highly publicized Internet security breaches, such as the February denial of service attacks, are committed by middle class teenagers, who seem to perpetrate mischief in order to make a name for themselves. Security experts often refer to these individuals as ?script kiddies.? Script kiddies are generally ego-driven, unskilled crackers who use information and software ? or scripts ? that they download from the Internet to inflict damage upon targeted sites. Script kiddies are generally looked upon with disdain by members of the hacking community and by law enforcement authorities because they are generally unskilled individuals with a lot of time on their hands who wreak havoc, usually in order to impress their friends.
Why Are Internet Users So Vulnerable?
In the last 10 years the face of computing has changed dramatically. More and more businesses rely heavily on networked systems and the Internet to conduct business. In just a few years, we have turned into a wired world, with information of any type accessible from just about anywhere, by anyone. At the end of 1999, there were approximately 200 million users online worldwide. That number is expected to increase to 1 billion users by the year 2003. As more people use the Internet the number of potential targets increase. Furthermore, as more and more businesses store their valuable information online, the potential for theft or damage increases.
In response to the need for greater speed and higher carrying capacity, most small or home businesses users rely on high bandwidth ?always-on? connections to the Internet such as DSL (digital subscriber line) or cable modems. Always-on connections have two important characteristics that increase vulnerability. Firstly, because they are always on, they are always available for potential attackers to access. An unprotected connection to the Internet is an open two-way channel ? information goes in and out of the system unimpeded. As long an unprotected connection is maintained, it serves as a point of entry for potential intruders to enter or attack the system.
Secondly, always-on connections have static or unchanging IP addresses. With traditional connectivity, such as dial-up modems, the connection is temporary ? when the user finishes using the Internet he or she disconnects. Each time the connection is re-established, the computer gets a new IP address. This makes the computer harder for attackers to find, because the target address is always changing. However, because high-speed connections often remain connected, even when the computer is not in use the IP address never changes. Once a potential hacker has found the computer, he or she will be able to return to it as long as it is using the same IP address, placing it at greater risk of malicious intrusion.
Another factor that has increased the risk of intrusion for Internet users is the tremendous rate of technological change. The pace of technological development has never been faster, and the world is trying frantically to catch up with it. Software developers strive to make their programs more user-friendly, often sacrificing security or reliability. Many commercial software packages that are released to market contain inherent flaws that may be exploited by attackers. This puts the end user at risk ? not only is the technology potentially vulnerable, but users are often unaware of how they may be at risk.
Lack of Education
One of the biggest security concerns that a small business may face today is a lack of information about the threats that exist on the Internet. This doesn?t mean that people don?t care, or aren?t concerned, but in today?s world of doing business at light-speed, managers do not have the time or resources to stay on top of the latest developments in information security. For smaller enterprises, employing someone full-time to maintain system security is rarely an option - security professionals don?t come cheap, even when contracted temporarily. Furthermore, most small business operators are sufficiently busy tackling the traditional challenges of establishing and running their own business without trying to ensure the security of their computer networks. As a result, information security can be an afterthought for many small and home office users.
How do Hackers Enter a System?
Port scanning is a way for potential attackers to identify whether or not a computer is vulnerable to attack. In simple terms, a port is an opening on a computer through which information enters and exits. A computer uses a different port to communicate with other computers for each Internet application, such as HTTP (aka the World Wide Web), which typically uses port 80. Port scanning checks a range of Internet addresses to identify machines that respond to a connection request. Responding to a communication request indicates that a port is open. A port scan would reveal this potential victim to the attacker, and add it to a list of potential targets that the attacker could use later on.
Vulnerabilities, Exploits and Bugs
In addition to using port scanning to find machines, potential attackers use flaws in operating systems or software applications to break in and do damage. These flaws are commonly known as vulnerabilities, bugs or holes. Many remote security attacks rely on bugs in operating system software, or in the services that the machine may host. Depending on the operating system, a remote attack could work well enough to give the cracker full administrative control over a machine, letting the attacker use it for whatever purpose he likes, even using it as a platform from which to launch further attacks on other networks.
Types of Attack
Denial of Service Attacks
The simultaneous attacks earlier this year against Internet giants like eBay and Yahoo were the first time that many people had heard of denial of service attacks. Denial of service attacks are outages caused when an attacker uses one or many computer systems to force another system offline by attempting to overload it with useless traffic. A denial of service attack is a form of gridlock on the network ? by unleashing a torrent of useless messages, an attacker can paralyze a business?s web server. Such an attack can render a web site useless for extended periods of time, resulting in the potential loss of customers, which can be disastrous for small businesses that rely on online customers.
Viruses and Malicious Code
Computer viruses are probably the most widely-known form of Internet security attack. A virus is a piece of software programming with the unique ability to replicate and spread itself to other computers. Malicious code in general refers to computer programs that are written specifically to cause mischief or, worse, cause damage to infected computers.
A virus or script like this can enter a victim computer either through email, by downloading infected software from the Internet, or by using infected media such as floppy disks or CD-ROMs. With the wide use of email, malicious viruses and scripts have the capability to reach almost anyone who is connected to the Internet.
Like their biological equivalent, a computer virus often carries with it a destructive payload, and is difficult to eradicate. Well-known viruses like Melissa, and ILOVEYOU.VBS have been able to spread so quickly that they overloaded Internet email systems and company networks within a few hours of their introduction. A virus may be merely annoying, or completely destructive. The most severe viruses will erase the contents of the computer?s hard drive, or render it completely useless. If no back-ups are kept, important data may be lost or damaged beyond repair, which could ultimately result in serious financial loss.
Another form of malicious code is the Trojan horse. A Trojan horse is similar to a virus in the way it is transmitted; however, unlike a virus, a Trojan horse does not replicate itself. Rather, it stays in the target machine, inflicting damage or allowing somebody from a remote site to take control of the computer. A Trojan horse often masquerades as a legitimate program, but once installed on the victim machine performs an illicit, damaging program.
A third type of malicious code is known as a worm. A worm is a type of virus that can replicate itself across all the different nodes or connections that make up a network. Worms can contain harmful payloads, but they generally cause most of their damage by tying up the network, using up valuable memory and wasting valuable processing time.
What is at Stake?
Loss of Information/ Data Theft
Once an attacker gains control of the user?s computer, he or she may gain access to all the files that are stored on the computer, including personal or company financial information, credit card numbers, and client or customer data or lists. Needless to say, in the wrong hands, this could do serious damage to any business. If the data is altered or stolen, a company may risk losing the trust and credibility of their customers. In addition to the potential financial loss that may occur, the loss of information may cause a business to lose crucial competitive advantage over its rivals due to the loss of information. With the importance of information to the success of any business, the loss or theft of data could be disastrous.
Launching of Attacks From the Occupied System.
When a computer is successfully hacked, it is said to be ?owned?. Once it is owned, the victim computer can be manipulated to perform the commands of the hacker. One of the dangers of being constantly connected, is that if a user?s computer is successfully hacked, it can then be used to launch attacks against other machines, without knowledge or awareness of the user. If the machine runs any web services, the website(s) may be defaced, destroyed or removed and replaced with web ?graffiti,? a tag or image representing the cracker or a cracker group or affiliation. If the computer is used for illegal activities, such as denial of service attacks, the owner of the victim computer may be held legally responsible.
Protection - Knowledge is the Key
The situation isn't entirely hopeless, however. There are many things that businesses can do to protect themselves and their assets. Knowledge is a key component in addressing this problem. Knowing what the risks are, how your business is vulnerable and how attacks could potentially affect your business is paramount in maintaining security. You don?t have to be a security expert to recognize the damage that you could incur should your company fall victim to the efforts of a malicious attacker. By understanding the problem, you empower yourself to protect yourself and your company to deal with any security issues as they arise.
As you continue through the Security Focus.com "The Basics" focus area, you will learn more about Information Security and the steps that you need to take to protect your important data.
Joe Jenkins is a System Administrator / Security Consultant and Auditor with NoWalls, Inc. (http://www.nowalls.inc). He has been dealing with network security since 1993, conducting in-depth security audits and consulting on various aspects of intrusion detection, perimeter defense, and policy.
This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.