 |
 It's a holiday weekend, and you're relaxing at home, when suddenly your pager tells you to check your network.You try to log in to the network from home, but it doesn't seem to work. You hurry into the office and find that your computers are rebooting for no apparent reason. Your firewall keeps shutting down. The problem doesn't appear to be hardware-related. And network traffic is passing through your firewall. Suddenly it becomes clear: You're being hacked. That was the scenario created by computer security consultant Stephen Northcutt during a briefing titled "What the Hackers Know About You: Anatomy of a Christmas '98 Attack". The Webcast was sponsored by the SANS Institute, a research and education organisation in the US. Holidays are "a high-risk time since systems are unattended", Northcutt said, so administrators should shut down as many nonessential systems as possible. Northcutt also warned against the common assumption that hackers are less sophisticated than administrators in major companies. A typical hack job, according to Northcutt, can involve both software development and unauthorised software installation on target systems. "Plus, hackers have a technical support structure that's probably more comprehensive than the one available to your organisation." In the event of a hacking incident, administrators should remain calm and notify management. Administrators should avoid using e-mail and other network-based communications. They should take good notes - good enough to serve as evidence in a court of law. It's also important to run a backup copy of the damage for evidence before restoring systems. Administrators can try implementing file integrity assessment systems to catch hackers before they "make a kill", Northcutt said. File integrity assessment tools detect changes in the systems and alert administrators when strange things start happening in the file systems, such as shrinking log files. |