Condition Orange: What to do now to secure your systems

Computerworld - On the Internet, national sovereignty knows no boundaries. Our storefronts, factories, government offices and military installations have rolled out the virtual welcome mat, inviting passers-by to come in and wander around their Web sites.
But many site operators have figured out that during times of international conflict, hackers come out of the woodwork and try to deface and/or sabotage prominent U.S. Web sites. Most often targeted are sites in the .gov and .mil domains and the best-known private-sector companies. However, many hackers scan virtually every site looking for easily exploited vulnerabilities.

Anyone needing historical examples needs to go back only to 2001 during the Hainan Island spy plane incident where a midair collision between a Chinese fighter jet and a U.S. intelligence-gathering aircraft forced the U.S. plane to make an emergency landing on Chinese soil (see story). The frequency of hacking attempts originating from China to U.S. Web sites skyrocketed during and after the incident.

As I write this, diplomacy between the U.S., the UN and Iraq is drawing to a close. If there was ever a time when we could expect hacking attacks to increase, this is it. Hacking attacks on Web sites associated with the U.S. and its allies are going to spike. You can take this opinion to the bank.

Prudence and caution

In my estimation, we're in for some rough weather. I'm not suggesting that you board up your virtual windows and leave town as though a Category 5 hurricane were approaching. Rather, there are steps you can take to reduce the risk of trouble should a hacker decide to spend time rattling your doorknobs and locks.

Peter H. Gregory, CISSP, CISA, is an information technology and security consultant, a freelance writer and an author of several books, including Solaris Security, Enterprise Information Security, and CISSP for Dummies. As a consultant he provides strategic technology and security services to small and large businesses. He can be reached at p.gregory@hartgregorygroup.com. His Web site is www.hartgregorygroup.com.

Set up SWAT teams

Assemble two small teams (in your organization, this might be only one or two people each), one to examine the corporate firewall, the other to inspect public-facing servers.

The firewall team should carefully examine the rule sets that govern access from the outside world to select servers and networks. If you can, print out the rule set and examine it line by line. Logically divide access rules into two or three categories: rules that are absolutely essential to company operations and one or two levels of lesser importance. For instance, you may have rules associated with vendor access to systems that they need for support now and then. If you find rules that you know are obsolete or whose purpose is unknown, consider turning those off immediately.