Close Topic Options

Cyberattacks

Cyberattacks Reached All-time High In Sept 2002

At least that is what digital risk-management company mi2g Ltd. claims. They have tracked attacks since 1995, and they say they spotted 9,011 overt digital attacks so far this month, a major increase from the 5,830 attacks spotted in August and 4,904 in July.

According to mi2g, Internet domains registered within the USA are under the most fire, with 4,157 successful attacks. That's considerably higher than the 835 attacks against Brazilian domains, 376 against Germany, and 285 against India.

The report says that "rising antagonism across the digital world against the U.S." may be partly to blame for the recent surge. According to mi2g, U.S. government computers for the House of Representatives, Department of Agriculture, Department of Education, National Park Service, and Goddard & Marshall Space Flight Centers were attacked this month. Link to the article is here:
https://www.w2knews.com/rd/rd.cfm?id=020930TB-MI2G

OK, So How DO We Protect Ourselves? Here are some Resources

The recently published "National Strategy to Secure Cyberspace" draft recommendations from the President's Critical Infrastructure Protection Board spells it out: Each business, each organization needs to take its own action to protect itself from the threat of attacks on their IT Infrastructure.

For the 5 to 10 million overworked IT administrators and technical IT people in the world this may not come as a surprise. They have known this now for the last five years. And I have been "preaching" about this for at least that long.

What is important is that the document recommends each business to update its systems, be aware of new vulnerabilities, viruses and worms and "be vigilant" in knowing of new potential threats. The 1 million dollar question is: HOW are they ACTUALLY going to do that? The answer is, it's pretty difficult, if not almost impossible.

They cannot afford to sit behind their pc for hours each day, trying to flush out information on any possible new vulnerability, or threat. Their bosses push them to also solve "real business problems", such as installing new users, software, pulling network leads, building patch cables, figuring out the (digital) PABX, because "Aren't you a programmer? Isn't this PABX a computer running Linux? ", "Can't you figure out how this works". So how do they manage to keep abreast of new tricks, newly published software bugs and errors, etc. etc.?

Well, they don't, or try frantically to swim upstream, fighting a never ending reactive battle, where we all know the outcome from the many news items we see every day, all re-emphasizing that we live in an inherently insecure "cyberspace". Many will agree that the lack of IT security is the single biggest roadblock to a wider acceptance on IT and Internet technology and its use as a business enabler.

So, Co-Logic Security, a small IT security company based in New Zealand, decided to make its huge database on IT security vulnerabilities and exploits available free of charge. The site is meant for the 5 or 10 million overworked IT professionals who do not have the knowledge, time or resources. So, what's in E-Secure-DB?

It is a massive database containing information on almost every product (software, hardware, network, security product etc.) outstanding vulnerabilities, the fixes that the suppliers have provided, very extensive topics folders on anything to do with IT security, information, educational topics etc.

The information is organized as how "real world" businesses and orgs use their IT: Routers and networks, firewalls, operating systems, databases, applications etc. Any organization can access it, read up on the possible vulnerabilities in the products they have installed as part of their IT infrastructure, plain and simple.

It keeps track of the new viruses and worms, announced by the major AV software suppliers. It actually lets you search on, say the subject line, or length of a newly received email attachment, suspected to be a possible virus, even when the email seems to come from a "trusted friend."

The audience that benefits from this site use mainstream browsers have Microsoft products installed, use mainstream Unix and Linux or windows operating systems, have websites, run accounting and management software, send out newsletters to their customers. And for the cynics amongst us: Yes, Co-Logic Security does also have a commercial Early Warning Service, as an extension of https://www.e-secure-db.us, where subscribers pay for.

That they are physically based in New Zealand, the first country to start the new business day (GMT + 12), and that the previous business day in the USA is about to finish. That many IT security threats can be contained, or even mitigated, as long as the cause is eliminated before the business users power up their PC's. You can find the portal and all the IT security information you need at:
https://www.w2knews.com/rd/rd.cfm?id=020930...0TB-IT_Security

And if you do not have time to check that database either, and need to get the whole thing as automated as possible, do what many of your colleagues are doing. They scan their networks with Retina to make sure all vulnerabilities are known, and then patch them automatically with UpdateEXPERT which allows you to deploy hotfixes and service packs.

Retina:
https://www.w2knews.com/rd/rd.cfm?id=020930TB-Retina

UpdateEXPERT:
https://www.w2knews.com/rd/rd.cfm?id=020930...TB-UpdateEXPERT

Most Powerful Cyber Defense Initiative? The Gold Standard

The US National Security Agency studied the successful system compromises of Windows 2000 during the past eighteen months and found that more than 85% of them would have been blocked had the owners been using the Gold Standard jointly developed by the Center for Internet Security, DISA, NSA, NIST, SANS and GSA. SANS is pleased to offer a hands on course that combines labs and lecture to teach the Gold Standard and the tools that can be used to establish, maintain and audit the Gold Standard.

Minimum security settings (baselines or benchmarks) work. However, system admins need to be confident that what they are doing will work and that they know how to do it. In Securing Windows 2000, you will receive the training needed to build your confidence and skills.

Who Should Attend This Course:

System Administrators
Auditors
Security Officers
Security Managers responsible for Windows 2000 systems
https://www.w2knews.com/rd/rd.cfm?id=020930...B-Gold_Standard  

Cyberattacks

QUOTE

Cyberattacks Reached All-time High In Sept 2002

According to CNN during Christmas it has gotten worst and there will be no improvement during the new year. Be careful! One way to put a stop to it in your inbox is to...

* Filter your mail
* Do not open attachments
* Do not subscribe to unknwn lists
* Do not visit strange/unfamiliar web sites
* Do not enable java on your system
* Ask your mail server to filter mail BEFORE you download it
* Update your virus software

Cyberattacks Gaming Video & Issues Computer

QUOTE

* Do not visit strange/unfamiliar web sites

But all the web sites online when you make a search are 'strange and unfamiliar'. It's impossible to navigate only the web sites of friends and family.

Cyberattacks

As this is very well true, the technology that Google is now attempting to offer actually give a rating for the web site. Generically a site with a higher rating is more likely to be a safer web site to visit. This isn't always the case but I find it to be true in many cases.

On top of this if you look at the URL after you do your search and the URL doesn't really sound like something that would have any significance at all you might want to look down the list to a few of the other links and save the unusual URLs for a last resort.