Security: New Threats and Continuing Relevance
Philippe Roggebande is Cisco's Security Product Manager for Emerging Markets.
"A Hacker is a general term in computing that refers to a computer programmer who takes advantage of the faults in the design of computer software or hardware (commonly referred to as "weaknesses") in order to:
- gain further knowledge about the internal workings of the software or hardware,
- gain access to some previously locked or hidden function of the software or hardware,
- disable some previously functioning part of the software or hardware so that it no longer works in the way it was originally intended, or
- command the software or hardware to perform an additional task that it was not originally designed to do." Wikipedia.
Hackers of Today. And Tomorrow
Hackers themselves are changing. Modern attacks are overwhelmingly motivated by money. As more and more transactions move online, a parasitic threat economy has grown around them.
We now have producers of malware (spy programmes - trojans, worms and so on) who sell their production (often paid with stolen credit card details) to middle men - they implement distributed infrastructure composed of 'zombies' installed on unaware users' PCs. Zombies are rented out for denial of service attacks or mass identity theft. The key driver here is profit.
Who are They?
- Writers: skilled programmers who the write attack code and tools [widely known as exploits].
- 1st Stage Abusers: use the writer's tools to attack and control computers, and harvest information useful for scams.
- Middle-men: help to sell control of compromised computers. Broker stolen information.
- 2nd Stage Abusers: generate revenue by spamming, extortion through DoS attack, installing adware, etc. These are the end-users of the compromised computers, and stolen data, sold by middle-men.
Reacting to attacks is now a routine part of network management, not a rare one-off event. And the way networks are defended is by adapting to cope with this.
Identifying Attacks
Security professionals are adopting formalised processes to identify attacks. As exploits are identified, security products can use rules can detect and block them. Firms like Cisco maintain vast attack signatures database for their security products.
New threats are constantly emergings: the evolutions of existing threats, like Word macros viruses - which are "often bug fixes of old exploits - and threats targeting security gaps new immature technologies, such as RFID hacks, or viruses attacking mobile phones.
A good source of information here is http://www.wisdom.weizmann.ac.il/%7Eyossio/rfid/. It shows that RFID tags could be deactivated with a normal mobile phone.
In-built Security
To keep pace, today's network administrators have to consider their systems as a whole. Security needs to be built into infrastructure in the same way that management systems are. For each type of threat, there is a defence mechanism, or combination mechanisms which can be used to control it. The basic tools of a good security system are:
- Firewalls to secure IP infrastructure
- VPNs to protect remote access links
- Intrusion Prevention Systems to block known attacks
- Monitoring tools such as MARS to identify attacks in progress
- Even unknown attacks can be guarded against simply by recognizing abnormal system behaviour.
Security and the Industry
Security is a multi-million dollar business. It is integral to the health and prosperity of any business, large or small. Network Security remains the critical differentiator between a world class profession network and the rest.
As a network security manager, the world needs your skills.
Cisco has a wealth of information about security applications, the technology behind them, case studies and impact on the industry. Just go to http://www.cisco.com/web/about/ciscoitatwork/case_studies/security.html