E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: Security Wire Digest

Posted on April 17, 2002

      A new study by the Computer Emergency Response Team (CERT) says cyberattacks against the Internet community are becoming more sophisticated and destructive, while firewalls are rapidly losing their effectiveness against intruders.

      According to CERT, a federally funded research center at Carnegie Mellon University that has monitored online intrusions for 14 years, six major attack trends have emerged. These include the automation and speed in which malware races through operating systems; the ability of attack tools to cover their tracks and re-configure themselves for deeper intrusions; an increasing permeability of firewalls; a faster discovery rate of breaches; infrastructure assaults that affect communication platforms; and attackers' ability to exploit the interdependent nature of the Internet structure.

      Industry experts voiced little surprise at the findings. "Unfortunately, with so many automated software tools available, a person doesn't have to be very bright to cause a lot of trouble," says Laura Koetzle, an analyst at Forrester Research. "Especially since firewalls were never designed to be a catch-all for the multitude of garbage e-traffic. Firewalls were originally set up to resist a set of particular addresses, but if those addresses keep changing during an attack, the malicious material eventually penetrates."

      One of the most problematic developments the report outlines is cyberattacks that target the Internet's infrastructure and communication platforms, such as instant messaging clients.

      Compounding the situation is that attack mechanisms use popular protocols like HTTP to send commands to unwitting victims, making it virtually impossible for users to distinguish insidious material from legitimate network traffic.

      Another factor in cyberassault is the compromise of firewalls' effectiveness for the sake of convenience. Technologies like IPP (Internet Printing Protocol) and WebDAV (Web-based Distributed Authoring and Versioning) are designed to skirt firewall configurations, while other protocols billed as "firewall friendly" actually circumvent them, toprovide rapid access. Even when firewalls are in place, "It's difficult to rely on them to block the onslaught of tainted packets, because the packets' addresses constantly change," explains Koetzle.

      Consequently, network administrators and software developers scramble to keep up with breaches, according to the study. And, the window of "time to patch" is narrowing, since intruders discover vulnerabilities before vendors do, by which time the software has been included in hundreds of products. Even the time it takes for a crippling virus or worm to deploy is shortening; last year, the "Code Red" and "Nimda" viruses traveled worldwide in less than 24 hours.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.