Networks boost security against attacks

Cyberterrorism is a very real threat, firms are warned -- the FBI is advising increased security on networks
Written by Chris Gonsalves, Contributor

An FBI warning has administrators of the nation's corporate networks double-checking -- and double-locking -- their systems in the wake of Tuesday's terrorist attacks in New York and Washington.

But despite the federal Terrorist Threat Advisory, which calls for IT professionals across the country to "implement appropriate security measures -- both physical and cyber," experts say corporate America is a long way from ready, or safe.

Security service provider RedSiren Technologies spent the days after the terrorist assaults advising clients to take down all noncritical external Internet connections, including remote access and instant messaging capabilities. The company followed its own advice, shutting down its external Web site in the wake of the attack.

RedSiren chief security officer Daine Gary is a member of the FBI's InfraGard advisory board, which issued the terrorist alert. "We know how vulnerable the country could be. We are so dependent on these networks," Gary said.

Since Tuesday's assaults on the World Trade Center and the Pentagon, Gary said a number of clients have asked for additional security measures for their networks, which RedSiren, of Pittsburgh, is providing for free for now.

Unisys is helping a number of clients in New York and Washington get back in business following the attacks, officials said. They declined to name the users specifically. For the rest of its customers, company is stressing caution.

"We are advising clients to be more vigilant," said Sunil Misra, managing principal for the Unisys eSecurity and Privacy practice. "There is, right now, no evidence of an active attack. The logs have been quiet. It may be that the hacker community, like the rest of us, has been taken by surprise and has not taken advantage of the vulnerability."

Misra called the FBI advisory "common sense" even without specific evidence of an impending attack. He said the state of corporate infrastructure security "is not very good," adding that security assessments of networks serving airlines, nuclear plants, telecommunications facilities and other important functions need to be increased.

"This is not the time to be an alarmist," said Misra, in Boston. "But the fact is that the next attacker may not be wielding a knife. He may be wielding a laptop."

The primary concern for RedSiren is safeguarding client networks from attack. But the subversion of corporate computing power for malicious activities is also a concern. While he had no evidence that Tuesday's terrorist assault had been aided by unauthorised use of networks or computers, "it wouldn't be a surprise to find that out," he said.

Among the recommendations RedSiren is making to clients is to review critical logs for suspicious traffic in an effort to keep corporate computers from being used for distributed-denial-of-service attacks and other malicious intents, Gary said.

"We've taken steps to make sure that we neither get hit by the forces that would do us harm nor that we be used by others as an instrument of assault," said the IT manager of a Boston-based financial services company who requested anonymity. "There are going to be other actions, we are all pretty sure of that. Cyberterrorism is bound to be part of the mix."

Unisys' Misra said that while the attack against a corporate network may be more common and could disrupt business, unauthorised use of networks and computers to plan or execute other terrorist attacks "is a greater concern in purely human terms."

NetSolve, a provider of remote network management services, has also been warning customers to keep an eye out for suspicious network activity.

"We sent out bulletins to existing customers [saying they] might see an increase in threats against their networks and warned them to be on the lookout," said Chuck Adams, NetSolve's general manager for security services. "[We're] stepping up the level of monitoring we do on a day-to-day basis."

Adams said in the wake of the FBI warning, his company had lowered the threshold for the severity of an event that would trigger a response. So far, NetSolve had not seen any increase in suspicious activity, he said.

The FBI's InfraGard warning of increased terrorist threat comes as the agency activates its Strategic Information and Operations Center in Washington. The FBI advisory does say that the agency "has no information of any additional specific threats directed against additional targets or critical infrastructures in the United States." The advisory will expire 11 October.

The InfraGard program began as a pilot project in 1996, when FBI agents in Cleveland sought help from local computer professionals to find ways to protect critical public and private information systems. Today, all 56 field offices of the FBI nationwide have opened an InfraGard chapter, with hundreds of private companies participating.

All of the warnings are designed to raise awareness in a climate where security often gets overlooked, industry sources said.

"We all know security is hard work," Misra said. "It doesn't pop up on the priority list, and nothing gets done ... until things happen."

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards