How Cyber Spies Infiltrate Business Systems 83
snydeq writes "InfoWorld's Bob Violino reports on the quiet threat to today's business: cyber spies on network systems. According to observers, 75 percent of companies have been infected with undetected, targeted attacks — ones that typically exploit multiple weaknesses with the ultimate goal of compromising a specific account. Such attacks often begin by correlating publicly available information to access a single system. From there, the entire environment can be gradually traversed enabling attackers to place monitoring software in out-of-the-way systems, such as log servers, where IT often doesn't look for intrusions. 'They collect the data and send it out, such as via FTP, in small amounts over time, so they don't rise over the noise of normal traffic and call attention to themselves,' Violino writes. 'There's probably no way you can completely protect your organization against the increasingly sophisticated attacks by foreign and domestic spies. That's especially true if the attacks are coming from foreign governments, because nations have resources that most companies do not possess.'"
Wait what? (Score:4, Informative)
Re:Windows is more secure than ever! (Score:3, Informative)
The way to protect against a dedicated attack is compartmentalization. Connectivity is important, but companies to structure not just machines, but the IT organization to resist compromise.
For example, log servers. These machines have to be *completely separated* from anything else in the company except the network. They can't use LUNs on a SAN (or else the storage admin can tamper with logs.) They can't use the corporate backup system (or else the backup admin can restore a tampered log.) They can't be run by the Windows or UNIX admins or else a compromised admin (or a blackhat) can compromise the machines, then the log server to completely hide tracks, or to perhaps cause damage. If you are running a program like Splunk, you don't run the thing on the log servers; you run it on a read-only mirror so people who have access to Splunk do not have access to tamper with the logs.
You can't "silo" the department where everyone works in little walled areas with no inter-group communication, but you have to have separation of duties so the damage done by a compromised employee can be mitigated.
Re:Cyber Spies (Score:5, Informative)
Here's what Ted Nelson [wikipedia.org] had to say [xanadu.com.au] about it:
Re:Cyber Spies (Score:3, Informative)
To go back further, it was called "cracking". "Hacking" was reserved for taking a program and modifying it or merely writing a program, there was no malfeasance implied.