New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!

· Ian T's (AR 23)
· Marcia's (CO8)
· Bill G's (CO11)
· Paul's (AR 5)
· Robin's (AR 2)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?

$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 984
Comments: 19
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
image at: Feature Opinion: War, ethics and security image
Anti-Terror

Opinion: War, ethics, and security.







by Marcia J. Wilson, CCSP Staff Writer
February 08, 2004


"Reprinted from April 9, 2k3"

The cyberwar has intensified along with the war in Iraq, or so we hear.
I honestly thought our entire telecommunications infrastructure was going to be brought to its knees when the war started. Not because I professionally believed it was possible, but because I was personally frightened by the thought of war.

Silly me. Well, not so silly. Cyberwarfare, a.k.a. cyberannoyance, has increased and been highly publicized in online security circles. The TV media has been completely engrossed in blow-by-blow accounts of the war in Iraq. Print media isn't far behind. The world of cybercommunication isn't constrained by the size of a newspaper or airtime minutes. There are plenty of information security Web sites to peruse and endless e-mail security alerts to read. But have there been any real attacks on the infrastructure?

It appears that the attacks are primarily composed of Web defacements and obnoxious anti-something attempts. AlJazeera.net, the online version of the Arabic news channel, has been the hot discussion topic in recent weeks. Hackers took down numerous servers and defaced the site with pro-war statements (see story). Recently, the servers were knocked off-line. Whodunit is being debated.

There's a group of Chinese hackers who are planning attacks on U.S.- and U.K.-based Web sites in protest of the war. There is a group in Malaysia that's threatening suicide cyberattacks if America launches a war in Iraq. Oops, too late! Defacement -- ad nauseum. An article from the Detroit Free Press states, Think of it as the Information Age's electronic equivalent of graffiti protests. Sounds a little immature, doesn't it?

The FBI's National Infrastructure Protection Center issued a warning that we should be on guard against Iraq sympathizers and antiwar activists, whatever that means. OK, so I'm sitting in my office and I look through the window into the cubicle area. I notice a guy in a turban in one of the cubes. He's a programmer. He's hammering away at the keyboard and talking rapidly in Arabic on the phone at the same time. Should I be on alert and ask the security guys to start monitoring his phone calls, e-mail conversations and Internet usage? Or should I recall that he's been working with the company for 10 years, is an excellent programmer cramming to finish a project and is talking to his wife about one of the kids whose teacher just called from school?

No, wait! I've got it. I should stop buying sundries at the 7-Eleven store because I'm sure they are funding terrorist activities from those questionable magazine sales. No, that can't be it. Come on now! Give me something more to do, will ya? How ignorant are we? More important, what is it that we are supposed to do? The Washington Post recently published an article that suggests vigilance is par for the course in these troubled times.

What's the right thing to do? Follow this simplistic thinking for a moment:

A child runs out to the street and plays ball with friends. The mother sees the child playing unsafely in the street. The mother runs into the street screaming at the child, grabs the child and takes the child to safety.

Ten years later, the child is a teenager. The teenager goes to a party, drinks too much, gets behind wheel, tries to drive home, makes it; Mom and Dad aren't paying attention; no harm, no foul.
Ten years later, a young woman goes bar-hopping, makes an attempt to drive home, crashes head-on into another car, survives but kills a young family including an infant who was thrown from the vehicle. She goes to jail for 15 years and everyone wonders how this could've happened in such a good family.

What's wrong with each scenario? The wrongness comes from not controlling the environment in an effective way, not penalizing each event to the degree to ensure that it won't ever happen again. Spank the child. Educate the child. Stay up until the child gets home to assess the condition of the child. Take away the car keys. Safety requires vigilance in all aspects of our lives, not just in cyberspace. Keep with me now.

Do any of these terms sound familiar? Awareness, access control, authentication, authorization.

Technologists need to apply some tough-love thinking to operational controls that will assure the safety of our information assets from terrorists or antiwar protesters or other hackers and only grant access on a need-to-know basis.

Awareness isn't about acting unethically in our day-to-day activities by defacing Web sites, promoting unfair discriminatory policies or generally being overreactive and hysterical. Awareness is about applying the necessary access controls and requiring authentication and appropriate authorization to access of information.

A news article in The Idaho Statesman suggests a link between cybersecurity and al-Qaeda, but there isn't any proof yet that the student studying advanced cyberterrorism prevention at the University of Idaho has done anything wrong other than having been named Sami Omar Al-Hussayen. His graduate adviser says, We should recall what it means to be American and what we cherish about our country. Oh, this is so hard for us, isn't it? According to The Statesman, a university policy prevents those without U.S. citizenship from working on government projects. That's an adequate control mechanism. Web site defacements can be prevented by adequate controls and patching servers.

Other recent stories of hack attacks involve Americans breaking into U.S. systems. The New York Post tells the story of a 17-year-old son of a computer security executive who was arrested after allegedly hacking and stealing credit card numbers. I feel for this father, since I have an unusually bright son myself.

Another recently publicized event from The Atlanta Journal-Constitution describes how computer hackers broke into a database at Georgia Tech and copied names, addresses and credit card information for 57,000 patrons of the Ferst Center for the Arts.

It's apparent that the order of the day is to spend time securing our environments, rather than spending time protesting or defacing Web sites. What is the right thing to do?


*Note: Some links to stories may no longer function or now require you to register to view.




by Marcia J. Wilson ComputerCops Staff Writer


Marcia J. Wilson holds the CISSP designation and is the founder and CEO of Wilson Secure LLC, a company focused on providing independent network security assessment and risk analysis. She is also a free lance columnist for Computer World and Security Focus.


She can be reached at . Corporate website: wilsonsecure.com (see Prime Choice top left)

Copyright ©Marcia J. Wilson All Rights Reserved 2004.




Posted on Sunday, 08 February 2004 @ 12:23:21 EST by phoenix22
image

 
Login
Nickname

Password

· New User? ·
Click here to create a registered account.
image
Related Links
· TrackBack (0)
· PHP HomePage
· HotScripts
· W3 Consortium
· More about Anti-Terror
· News by phoenix22


Most read story about Anti-Terror:
IncrediMail: The war of the coder.

image
Article Rating
Average Score: 4
Votes: 1


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent


image
Options

Printer Friendly Page  Printer Friendly Page

image
"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register