On the Internet, national sovereignty knows no boundaries. Our storefronts, factories, government offices and military installations have rolled out the virtual welcome mat, inviting passers-by to come in and wander around their Web sites.
But many site operators have figured out that during times of international conflict, hackers come out of the woodwork and try to deface and/or sabotage prominent U.S. Web sites. Most often targeted are sites in the .gov and .mil domains and the best-known private-sector companies. However, many hackers scan virtually every site looking for easily exploited vulnerabilities.
Anyone needing historical examples needs to go back only to 2001 during the Hainan Island spy plane incident where a midair collision between a Chinese fighter jet and a U.S. intelligence-gathering aircraft forced the U.S. plane to make an emergency landing on Chinese soil (see story). The frequency of hacking attempts originating from China to U.S. Web sites skyrocketed during and after the incident.
As I write this, diplomacy between the U.S., the UN and Iraq is drawing to a close. If there was ever a time when we could expect hacking attacks to increase, this is it. Hacking attacks on Web sites associated with the U.S. and its allies are going to spike. You can take this opinion to the bank.
Prudence and caution
In my estimation, we're in for some rough weather. I'm not suggesting that you board up your virtual windows and leave town as though a Category 5 hurricane were approaching. Rather, there are steps you can take to reduce the risk of trouble should a hacker decide to spend time rattling your doorknobs and locks.
 |
 |
|
Peter H. Gregory, CISSP, CISA, is an information technology and security consultant, a freelance writer and an author of several books, including Solaris Security, Enterprise Information Security, and CISSP for Dummies. As a consultant he provides strategic technology and security services to small and large businesses. He can be reached at p.gregory@hartgregorygroup.com. His Web site is www.hartgregorygroup.com. |
The tasks below are intentionally designed to be of minimum impact to most organizations. At this late hour, it probably doesn't make sense for most organizations to drop everything and circle the wagons. Most senior managers probably wouldn't support a mass mobilization anyway.
Set up SWAT teams
Assemble two small teams (in your organization, this might be only one or two people each), one to examine the corporate firewall, the other to inspect public-facing servers.
The firewall team should carefully examine the rule sets that govern access from the outside world to select servers and networks. If you can, print out the rule set and examine it line by line. Logically divide access rules into two or three categories: rules that are absolutely essential to company operations and one or two levels of lesser importance. For instance, you may have rules associated with vendor access to systems that they need for support now and then. If you find rules that you know are obsolete or whose purpose is unknown, consider turning those off immediately.
Develop a plan where you can easily and quickly turn off the firewall rules in the categories of lesser importance. Then, should there be a marked increase in hacker activities, you will have already done your homework, and you can shut off all but the most essential services as a measured response to increasing threats.
The person or persons examining public-facing systems (that is, any system that can be accessed from the Internet) should ensure that all security patches are applied, that no default passwords exist and that only essential services are running. Some excellent server hardening information is available at www.sans.org/score/ and www.cert.org/security-improvement/.
Make as many host-hardening changes as you can, but in order to avoid disruption of essential applications and services, you'll need to make these changes in cooperation with others in your organization. Document every change you make so that you can later back out of any changes that cause trouble.
Be sure that your public-facing systems are being backed up. Locate all of the original installation media in the unlikely event that you need to recover any systems. If any of your systems are hacked, you will need to rebuild them by reinstalling original software, not from backups. In case your attacker planted weaknesses in the past, they could be restored from your backups; this would reintroduce their back doors and facilitate future attacks.
Strike while the iron is hot
Without resorting to FUD (fear, uncertainty and doubt), now may be a good time to raise awareness with your organization's senior management about the need to take prudent steps to secure your organization's information assets. Become familiar with security best practices and identify the low-hanging fruit (or, in some cases, the rotting fruit already on the ground) that would most benefit your organization. Be prepared to state your case in terms of how the business will benefit from your recommendations.
Join an online discussion of War and IT.