Should You Strike Back?

By Deborah Radcliff

November 13, 2000 12:00 PM ET

Recommended

(4)

Digg

Twitter

Share/Email

Computerworld - Late one night, a lone, armed figure breaks into an unmanned lobby. A voice overhead tells him to stop and await his arrest. Seeing no one, the spy darts toward the elevator. Thirty miles away, a security guard fires an encrypted command over the Internet. A second later, the lobby explodes in a spray of bullets. There's a war brewing in cyberspace. Make that a Netwar, so dubbed in Countering the New Terrorism, a book published last year by The RAND Corp., a Santa Monica, Calif.-based nonprofit research group formed during World War II.

It'll be a long time before remote-controlled robots fight battles to keep intruders out of office buildings (though unconfirmed reports circulated among security newsgroups in September did claim that a company in Thailand has invented a gun-toting robot directed through a remote-controlled camera).

But many players, including the government, RAND and Winn Schwartau, a security analyst in Seminole, Fla., say this information war is already upon us. And in his Internet survival book, Cybershock, Schwartau claims that some private corporations are already launching military-style counterattacks to protect their interests.

			Know Your Culprit Criminal suits are tough to prosecute, so your evidence must be legally bullet-proof, both factually and procedurally, says Ira Winkler, president of Internet Security Advisors Group, who has assisted law enforcement during computer crime investigations. It's much better to gather your own evidence for a civil suit, he adds, because then it's much easier to prosecute. Whether using commercial tools or other techniques to trap and track an attacker, the important thing is to provide evidence that couldn't have been tampered with. Winkler suggests the following: 1. When you detect an attack, dump all logs to read-only tape so you can prove that the data hasn't been tampered with. 2. Use a line analyzer that records the attacker's session keystrokes in a read-only format to provide evidence of what the attacker was trying to do inside your network. 3. Don't threaten the attacker; instead, alert the police. You don't want to escalate a hacking war. 4. Don't hack back. "If you do anything that can be perceived as intrusion or denial-of-service and you contact the police, you've just made it really easy for the police to arrest you," says Winkler. If you do report the crime to the police, be prepared to show law enforcement that the cost of the crime meets the investigative threshold, which varies, depending on the law enforcement agency involved, says Richard Power, an editor at the Computer Security Institute. "It's got to look like you lost some money," he says.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Legislation/Regulation

Additional Resources

WHITE PAPER

EFD vs. HDD - What You Need to Know

Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.

WHITE PAPER

Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009

The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.

WHITE PAPER

Eight Criteria for Server Load Balancing

Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.