DDoS attacks were wake-up call for IT managers

ITworld.com –

The timing was uncanny. While eight staffers from the Internet infrastructure company GlobalCenter attended a conference on security issues, their largest client fell prey to hackers. Servers supporting Yahoo! buckled under a siege of seemingly innocent requests that flooded in at a gigabit per second.

Within two days similar attacks took place on eBay, the Web's most popular online auctioneer, Microsoft's MSN.com, venerable etailer Amazon.com, newsmonger CNN, online brokers E*TRADE and Datek, news organization ZDNet, and Internet superstore Buy.com on the very day the superstore went public.

The coordinated attacks on popular Internet servers basically shut them down, resulting in what's called distributed denial of service. This cyberfoolery is easy to launch and within the power of many armchair hackers.

For IT managers, the threat is too real. While I have no doubt that denial-of-service attacks, like viruses, will be contained, they open the door to IT's next challenge: dealing with what I call the "ugh-known."

Unlike the Y2K computer threat, a network hack attack isn't predictable. Unprepared IT shops are likely to suffer loses at the hands of playful or bored kids who get their hands on port scanners and attack tools like Tribe Flood Network, trin00, or stacheldraht.

In the recent outbreak of mischief making, clever but relatively simple techniques were used to play havoc on servers. A hacker can assemble firepower without owing a fleet of computers. With port-scanning software, a hacker can scan the Internet for computers that don't have security patches and then insert stealth code without the owner's knowledge. To fire off an attack, the prankster needs only to send a few commands to the slave computers who then launch incessant requests to the victim server.

Most server gates had been left wide open. In some cases, the servers were running without software that would have prevented the onslaught of requests. That technique makes servers appear faster, but it runs the risk of letting them take in too many requests at once.

The assaults have gained the attention not only of businesses on the Internet, but also of the government and the vendors to those companies.

Attorney General Janet Reno cleared the way for the FBI to investigate the attacks as a top priority. She pledged that the FBI would work with Internet security specialists.

Security and software vendors took positions in war rooms to study the facts and thwart future attacks.

These attempts are admirable, but no one can prevent attacks from the ugh-known. Powerful and productive tools will slip into the hands of armchair hackers who will think of new ways to deploy them.

Hackers will figure out how to make self-replicating worms that can spread stealth software quickly. The worms could be timed to change over time to make them harder to find and eradicate. Triggers that launch rogue programs could be set to the size of the attack army or a special date. Do those sound like science fiction? They're only a step or two ahead of today's hackers.

Larry Horton, the director of Network Services Consulting at Belenos says, "Internet servers need to be designed better." Horton believes the faster pace of deployment has caused many companies to put up servers without taking proper precautions or thinking through the risks.

I agree. You can make servers run faster, but you shouldn't if you're opening the doors to an assault. Balancing speed against vulnerability gives rise to a new discipline -- risk assessment.

Systems administrators need to plan next-generation infrastructures for anyone wanting to do business on the Internet. For IT managers, this is the time to act. Let's go back to basics. Make sure the holes are plugged on your own fleet of computers, so you don't become an unsuspecting accomplice to saboteurs.

On the server side, watch your traffic. Use software-monitoring products, such as BMC Patrol, to alert you to the first sign of trouble. Have a contingency plan for shutting down servers if it becomes a necessity.

Maintain a relationship with your vendors. During the most recent attack, BMC's Patrol alerted Amazon's IT staffers that the monitored thresholds had been exceeded. Amazon stayed in constant communication with BMC, enhancing the ability of Amazon's own staff in dealing with the crisis.

IT is going to be a lot different from dealing with predictable problems. Dealing with the ugh-known is just one of the new challenges.

I'll be back to talk about more.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon