ch08.htm

Maximum Security (First Edition) 网络安全 英文版

<P>The key utilities currently in use are logging utilities. These are relatively
low-profile weapons in Internet warfare. They are the equivalent of security guards,
and generally either alert the supervisor to suspicious activity or record the suspicious
activity for later use. A few such utilities are listed in Table 8.3.
<H4><FONT COLOR="#000077"><B>Table 8.3. Various logging and snooping utilities of
interest.</B></FONT></H4>
<P>
<TABLE BORDER="1">
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Utility</I></TD>
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Function</I></TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">L5</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Scans either UNIX or DOS directory structures, recording all information about files
			there. Is used to determine suspicious file changes, files in restricted areas, or
			changes in file sizes. (For use in detecting trojans.)</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Clog</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Listens to determine whether crackers (from the outside) are trying to find holes
			in the system.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">LogCheck</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Automates log file analysis to determine whether system violations have occurred.
			It does this by scanning existing log files.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Netlog</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Listens and logs TCP/IP connections, searching for suspicious activity therein. This
			package is from Texas A&amp;M University.</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">DumpACL</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Windows NT utility that formats important access-control information into convenient,
			readable formats for quick analysis of the system's security.</TD>
	</TR>
</TABLE>
</P>
<P>Later in this book, I will examine dozens of utilities like those in Table 8.3.
The majority of utilities mentioned so far are either freeware, shareware, or relatively
inexpensive. They are used chiefly by public entities such as ISPs and universities.
However, an entire world of corporate sources is available. As you might expect,
American corporations are concerned about their security.</P>
<P>Corporations often maintain sensitive information. When they get cracked, the
crackers usually know what they are looking for. For example, the famous cracker
Kevin Mitnik reportedly attempted to steal software from Santa Cruz Operation (SCO)
and Digital Equipment Corporation (DEC). These two companies manufactured high-performance
operating systems. Mitnik was allegedly interested in obtaining the source code of
both. Undoubtedly, Mitnik had intentions of examining the internal workings of these
systems, perhaps to identify flaws within their structures.</P>
<P>Corporations operate a little bit differently from other entities, largely because
of their organizational structure. Management plays a strong role in the security
scheme of any corporation. This differs from universities or ISPs where those with
actual security knowledge are handling the situation.</P>
<P>Corporate entities are going to have to come to terms with Internet warfare very
soon. For although corporations have the resources to keep penetration of their networks
secret, this practice is not advisable. Corporate America wants the Internet badly.
In the Internet, they see potential for profit as well as networking. (Several banks
have already begun preparing to provide online banking. How effectively they can
implement this remains to be seen.)</P>
<P>Some excellent research has proven that a large portion of corporate America is
not secure. In Chapter 9, &quot;Scanners,&quot; you will learn about scanners, which
conduct automated security surveys of remote sites. One such utility is SATAN. This
tool was created for the benefit of Internet security by Dan Farmer and Weitse Venema.
In December, 1996, Dan Farmer conducted a survey of approximately 2,000 randomly
chosen networks in the void.</P>
<P>The survey was called &quot;Shall We Dust Moscow? Security Survey of Key Internet
Hosts &amp; Various Semi-Relevant Reflections.&quot; A significant number of the
sampled hosts were corporate sites, including banks, credit unions, and other financial
institutions: organizations that are charged with keeping the nation's finances secure.
Farmer's findings were shocking. Large numbers of corporate sites could be cracked
by attackers with minimal to complex knowledge of the target host's operating system.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>Rather than parade Mr.
	Farmer's hard-earned statistics here, I will point you to the site where the survey
	is publicly available: <A HREF="http://www.trouble.org/survey/"><B>http://www.trouble.org/survey/</B></A>.
	
<HR>


</BLOCKQUOTE>

<P>If you examine the survey, you will find that almost 60 percent of those sites
surveyed are in some way vulnerable to remote attack. Many of those are institutions
on which the American public relies.</P>
<P>Today, corporate entities are rushing to the Net in an effort to establish a presence.
If such organizations are to stay, they must find resources for adequate security.
Again, the problem boils down to education. While I was writing this chapter, I received
an e-mail message from a firm on the east coast, requesting an estimate on a security
audit. That site maintained no firewall and had three possible entry points. Two
of these machines were easily crackable by any average cracker. The remaining machine
could be cracked after running just one SATAN scan against it.</P>
<P>If there is any group of individuals that needs to obtain books like this one
(and, the wealth of all security information now available on the Net), it is America's
corporate community. I have had consultations with information managers that have
an uphill battle in convincing their superiors that security is a major issue. Many
upper-level management officers do not adequately grasp the gravity of the situation.
Equally, these folks stand a good chance of being taken, or fleeced, by so-called
security specialists. All in all, a dirty war is being fought out there.</P>
<P>Before I close with some reflections about government, I would like to impart
this: Internet warfare occurs between all manners of individual and organization
on the Internet. This trend will only continue to increase in the near future. There
are bandits, charlatans, gunslingers, and robbers...the Internet is currently just
slightly less lawless than the stereotypical image of the Old West. Until laws become
more concrete and focused, my suggestion to you, no matter what sector you may occupy,
is this: Absorb much of the voluminous security literature now available on the Internet.
Throughout this book, I provide many references to assist you in that quest.
<H2><FONT COLOR="#000077"><B>The Government</B></FONT></H2>
<P><I>Government Internet warfare</I> refers to that warfare conducted between the
U.S. government and foreign powers. (Though, to be honest, the majority of Internet
warfare that our government has waged has been against domestic hackers. I will briefly
discuss that issue a little later on in this section.)</P>
<P>One would imagine that the U.S. government is amply prepared for Internet warfare.
Well, it isn't. Not yet. However, recent research suggests that it is gearing up
for it. In a 1993 paper, specialists from Rand Corporation posed the question of
whether the United States was prepared for a contingency it labeled <I>cyberwar</I>.
The authors of that paper posed various questions about the U.S.'s readiness and
made recommendations for intensive study on the subject:

<DL>
	<DD>We suggest analytical exercises to identify what cyberwar, and the different
	modalities of cyberwar, may look like in the early twenty-first century when the
	new technologies should be more advanced, reliable, and internetted than at present.
	These exercises should consider opponents that the United States may face in high-
	and low-intensity conflicts. <I>CYBERWAR IS COMING!</I><FONT SIZE="2"><SUP>2</SUP></FONT>
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT SIZE="2"><SUP>2</SUP></FONT>John Arquilla and David Ronfeldt, International
	Policy Department, RAND. 1993. Taylor &amp; Francis. ISSN: 0149-5933/93. 
<HR>


</BLOCKQUOTE>


<DL>
	<DD>
</DL>

<P>Indeed, the subject of cyberwar is a popular one. Many researchers are now involved
in assessing the capability of U.S. government agencies to successfully repel or
survive a comprehensive attack from foreign powers. John Deutch, head of the CIA,
recently addressed the U.S. Senate regarding attacks against our national information
infrastructure. In that address, the nation's chief spy told of a comprehensive assessment
of the problem:

<DL>
	<DD>We have a major national intelligence estimate underway which will bring together
	all parts of the community, including the Department of Justice, the Defense Information
	Systems Agency, the military, the FBI, criminal units from the Department of Justice
	in providing a formal intelligence estimate of the character of the threats from
	foreign sources against the U.S. and foreign infrastructure. We plan to have this
	estimate complete by December 1 of this year.
</DL>

<P>How likely is it that foreign powers will infiltrate our national information
infrastructure? That is difficult to say because the government now, more than ever,
is getting quiet about its practices of security on the Net. However, I would keep
a close eye in the near future. Recent events have placed the government on alert
and it has intentions, at least, of securing that massive (and constantly changing)
entity called the Internet. I do know this: There is a substantial movement within
the government and within research communities to prepare for Internet warfare on
an international scale.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>I want to point you to
	an excellent starting point for information about Internet warfare. It is a site
	that contains links to many other sites dealing with Internet and information warfare.
	These links provide a fascinating and often surprising view. The site can be found
	at <A HREF="http://www.fas.org/irp/wwwinfo.html"><B>http://www.fas.org/irp/wwwinfo.html</B></A>.
	
<HR>


</BLOCKQUOTE>

<P>Within the next five years, we will likely begin engaging in real Internet warfare
with real enemies. And, for all we know, these real enemies may have already started
warring with us.
<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>As more and more users flock to the Internet, Internet warfare will increase in
prevalence whether at the governmental, corporate, or personal level. For this reason,
each user should have a minimum of knowledge about how to defend (if not attack)
using standard Internet warfare techniques. This is especially so for those who have
networks connected 24 hours a day. Sooner or later, whether you want to fight or
not, someone will probably subject you to attack. The key is knowing how to recognize
such an attack.</P>
<P>Various chapters throughout this book (most notably Chapter 9, &quot;Scanners&quot;)
discuss attacks from both viewpoints: aggressor and victim. In fact, Part III of
this book is devoted specifically to tools (or <I>munitions</I>) used in Internet
warfare. I will discuss some of these in the next chapter.</P>
<CENTER>
<P>
<HR>
<A HREF="../ch07/ch07.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch09/ch09.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>