ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Security experts say hackers have the edge

IDG.net

May 11, 2000
Web posted at: 11:55 a.m. EDT (1555 GMT)

(IDG) -- Leaders from industry, government and law enforcement hunkered down earlier this week for a day of closed-door meetings in Menlo Park, Calif., to brainstorm about the difficult task of protecting the world's computer networks against cybercriminals.

One theme to emerge early on at the event, billed as the Internet Defense Summit, was that governments have neither the financial resources nor the technical know-how to stay on top of hackers and computer terrorists.

"The private sector must (provide for) themselves much of the action which is necessary to prevent attacks being made on the Internet," Raymond Kendall, the secretary general of Interpol, said in a speech at the start of the day's activities.

"It's no longer possible for governments to provide the kind of resources and investment necessary to deal with these kinds of issues," said Kendall, who spoke via satellite link from Brussels.

  MESSAGE BOARD
 

The summit, which took place at the Stanford Research Institute's (SRI) leafy campus, attracted more than 100 chief information officers and other top executives from companies and organizations including IBM, Microsoft, Visa International, the U.S. Postal Service and the Los Angeles County Sheriff's Office.

Meetings were held behind closed doors to encourage candid discussion about security problems and the ways participants have learned to cope with them. The event took place in the shadow of the I Love You virus, which emerged last week and has wreaked havoc in public and private computer networks the world over.

"There won't be a lot of resolutions passed here today, but the key is to get the dialogue open and to get CEOs interested in providing their customers with protection," William Crowell, president and CEO of Cylink, which provides security products and services for businesses, said in an interview.

"There are no cookie-cutter solutions; every network is different," he added.

At the top of CIOs' concerns here was denial of service (DoS) attacks, he said, which earlier this year brought Yahoo, Amazon.com, eBay and other high-profile Web sites to their knees. DoS attacks are a key concern because the only way that is currently available to prevent them is to catch the perpetrators, Crowell said.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Make your PC work harder with these tips
  Download free PC software fast
  TechInformer: The Thinking Internaut's Guide to the Tech Industry
  IDG.net's products pages
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  IDG.net's Windows software page
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletters
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Second on the list of concerns was attacks that reach into networks to steal valuable corporate data. Firewalls are the best way to prevent data theft that originates outside of a network, while cryptography can help to protect data from internal theft, he said.

Selwyn Gerber, a managing partner with offshore banking firm PrimeGlobal USA, said his company considers the Internet so insecure that it won't use it at all to transmit sensitive customer data.

"We're back to using faxes, and we find that much more secure. We use FedEx. In fact, if there were ponies still travelling across Europe we'd probably use those too," Gerber said, speaking at a lunch event that was opened to reporters.

While the business leaders seemed focused on computer hackers, Interpol's Kendall said there is a "real danger" of terrorists and hostile nations using computer networks to wage international warfare.

"We know already ... that most of the major terrorist organizations have their own Web sites, and therefore have the facility to carry out the same sort of action that we've seen carried out over the last week," Kendall said, referring to the I Love You virus.

Cyberterrorism can be "more effective and more costly" to governments than "the classic methods of bomb attacks and assassination." Kendall said. "It is really a serious threat to all of us and all of our societies."

Solutions seemed harder to come by today than the problems discussed. Governments, businesses and research institutions must band together to find the best technologies and courses of action to defeat cybercrimes, the participants said. And companies must be more willing to invest in security systems to protect their networks.

A few participants called on software companies and service providers to make their products more secure. Default settings for software products sold to consumers should be at the highest level of security, they said.

"You wouldn't build a swimming pool in the center of town and not put a fence around it, and I think that's what the software companies are doing," Glenn Tenney, a director with Pilot Network Services in Alameda, California, said during the luncheon.

Although security firms have financial incentives for promoting security issues, for the average corporation, the benefits of spending millions of dollars to bolster security in networks aren't immediately obvious, making them slow to act, others said.

"If you have a choice of spending a million dollars on getting 250,000 new customers, or a million dollars on serving the ones you already have, better, that's a difficult value proposition," Cylink's Crowell said, suggesting that most companies would take the additional customers.

But the severity of attacks could get worse, and businesses would be wise to make precautionary investments now, he said.

"I think we've been lucky so far," Crowell said.

SRI International, which cohosted Tuesday's summit with its consulting arm, Atomic Tangerine, used the event to launch a new software component for Sun Microsystems' Solaris servers. Called Emerald, it is designed for network surveillance and intrusion detection.

In addition, Atomic Tangerine took the wraps off of a new technology, NetRadar, that uses sophisticated network agents to reduce the threat of attacks before they actually occur, according to Atomic Tangerine.




RELATED STORIES:
Suspected hacker may face extradition requests
May 9, 2000
Experts say more legislation will not deter computer hackers
May 5, 2000
Feds ask Congress for help in trapping hackers
April 10, 2000
Can you counter-attack hackers?
April 7, 2000
Government computers: The ultimate hackers' proving ground
March 23, 2000

RELATED IDG.net STORIES:
Love bug exposed inadequate warning systems
(Computerworld)
Interpol: Looking for help to fight cybercrime
(PCWorld.com)
Inside a hacker's toolchest
(SunWorld)
New Fed center targets Internet fraud
(IDG.net)
New weapon bolsters crackers' arsenals
(Computerworld)
Mafiaboy attacks could have been stopped
(Computerworld)
DoS attacks: A problem of the information age
(SunWorld)
How to prevent DoS attacks
(InfoWorld.com)

RELATED SITES:
SRI International
Atomic Tangerine

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.