Red Cross works to better protect its networks from attacks, scams
CISO says the relief agency seeks help as traffic surges
Computerworld - Information security staffers at the American Red Cross, which was hit last month by the Zotob worm, are working overtime to try to protect the organization's networks against attacks amid surges in usage of the networks following Hurricane Katrina.
In addition, the emergency relief agency has turned to the FBI and others for help in preventing the spread of imitation Red Cross Web sites set up by scam artists.
"The infrastructure is stretched, and I'm not sure we can tolerate another outbreak" like the Zotob attack, said Ron Baklarz, the Washington-based organization's chief information security officer.
Zotob, which took advantage of a hole in the plug-and-play component in Microsoft Corp.'s Windows software, "saturated" sections of the Red Cross' networks, making them inaccessible to users for several hours last month, Baklarz said.
Consequently, the organization turned to security experts to "take a second look at the security technologies we have in place today to ensure that we have tuned them as best as we can under the increased load," he said.
The Red Cross is implementing new technologies such as intrusion-detection and -prevention systems -- some of them donated by vendors -- to bolster network security, said Baklarz.
Also, not all of the Web sites that the Red Cross has created for remote field offices set up to aid Katrina victims have a direct link back to the organization's network.
"We are trying to put Web-based applications out there that can be accessed without people coming to the corporate network," Baklarz said without elaborating.
The Red Cross is working with the FBI Internet Fraud Complaint Center to shut down sites allegedly created by scam artists involved in Katrina-related fraud.
"We anticipated there would be a lot of fraudulent activity on the Internet," Baklarz said. "We wanted to triage with the FBI and make sure they saw examples of the legitimate e-mail that is sent out from the Red Cross so that they know what to look for."
Appeals have also been sent to organizations such as Bethesda, Md.-based SANS Institute and various government and nongovernmental agencies to keep an eye out for anything that looks like a scam, Baklarz said. As of last Thursday, about 20 such sites had been identified and were being investigated by the FBI for possible follow-up action.
"Every time an event like this occurs, it brings out the best and the worst in people," Baklarz said. "Unfortunately, in my position, I've got to think about and respond to the worst."
Read more about Security in Computerworld's Security Topic Center.
- The State of Video Conferencing Security Video conferencing equipment, found in almost every boardroom around the world, may be opening up companies to serious security breaches. This paper explains...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- What are the desktop virtualization market trends and how can you successfully deploy your solution? You've probably heard about desktop virtualization -- and some of its benefits -- things like tighter security, streamlined management and lower costs. But...
- The Value of Symantec NetBackup Appliances In this video, Symantec's Shelley Schmokel, Principal Product Manager for NetBackup Appliances, talks about the NetBackup Integrated Appliances and how they deliver enterprise-class... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!