Commentary: Politically motivated Net attacks a threat to all sites

It would be a serious mistake to assume politically motivated Net attacks threaten only the combatants; hacktivists often try out their techniques on innocent targets first.

3 min read
By John Pescatore, Gartner Analyst

Politically motivated Internet attacks, like the ones the FBI has just issued a warning about, are nothing new.

See news story:
Mideast hackers may strike U.S. sites, FBI warns
In the past few years, political tensions--including the war in Kosovo and the independence struggle in East Timor--have resulted in denial of service attacks, email floods and defacement of Web sites worldwide.

It would be a serious mistake to assume that these attacks threaten only the combatants. So-called hacktivists often try out their techniques on innocent targets first. Moreover, hackers often use vulnerable third-party servers as relays for their attacks, which can result in serious legal liability for the companies maintaining those servers.

The result is that companies, institutions and government agencies--and not just those affiliated with countries involved, directly or indirectly, in high-profile political conflicts--need to watch the news carefully and raise their level of protection whenever simmering tensions threaten to boil over.

When a potential threat has been identified, standard enterprise security measures should be complemented by increased fire wall analysis, intrusion detection and detailed inspection of site usage logs. Penetration testing and vulnerability scanning should be performed on at least a weekly basis. Companies also have to recognize that their vulnerability does not end at their own fire walls; their Internet service providers and server hosting companies must have the necessary technology and processes in place to quickly detect and react to denial of service attacks.

It is also essential that companies create and document incident response procedures and regularly perform the Internet equivalent of fire drills to ensure that their responses are rapid and effective. Key management personnel should be assigned to handle press inquiries, and the responsibility and criteria for making the decision to involve law enforcement should be defined in advance.

Small and midsize companies are especially vulnerable to malicious attacks because they usually cannot afford, or do not attract, personnel who have extensive security experience. To strengthen network security and reduce vulnerability to an attack, Gartner recommends that these smaller companies consider taking the following steps:

 Security audit and risk assessment. This effort, preferably conducted by a specialized security company, should include an internal network security audit and an external penetration test. It should take place at least once a year and whenever the enterprise makes major changes to its Web site or fire wall.

 Fire wall configuration. Smaller companies should focus on fire wall appliances that provide a base level of security but do not require detailed security knowledge. Companies should request quotes for managed fire wall and intrusion detection services from service providers. (These services usually cost less than the equivalent salary of a half-time fire wall administrator.)

 Boundary services. Scanning incoming email for viruses is a crucial security measure. Companies can use either desktop or server-side antiviral protection. Companies should take immediate action to disallow, relay and halt the entry of inappropriate email contact into their environments.

 Consolidated remote access with strong authentication. Companies that provide dial-up access to email and other enterprise systems should eliminate desktop modems and use consolidated modem pools and remote access servers. Companies should require the use of hardware tokens to authenticate remote users.

Gartner's research indicates that those four security measures will protect more than two-thirds of the small and midsize companies connected to the Internet.

But, the bottom line is that none of the measures will prevent all politically motivated "information warfare." Many companies will inevitably fall victim to such attacks. Governments worldwide are still wrestling with how to protect electronic boundaries. For now, companies must do everything possible to protect their own boundaries and ensure that their key service providers are also ready for battle.

(For related commentary on computer security problems and cybercrime, see TechRepublic.com--free registration required.)

Entire contents, Copyright © 2000 Gartner Group, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.