From: Brian Matthews <masada@jomax.net>
The Guardians Of Computer Security
Three Companies Probe For Weak Spots in Clients' Systems
and Tell How To Prevent Break-Ins
By Rajiv Chandrasekaran
Washington Post Staff Writer
Monday, March 16, 1998; Page F12
Locked in a small room on the fourth floor of a Washington area office
building, Denis Hein starts his invasion. Computer printouts stacked around
his chair, he begins tapping away on two gray Toshiba Tecra laptops as
tiny white text scrolls across the screens. The messages that say "Login
Incorrect" don't faze him. He stretches his neck and tries a new set of
commands, this time coming up with slightly more encouraging results.
Fifteen minutes later, he throws a smirk at a colleague. He's in.
Hein's target is a file "server" computer named Moscow stashed in a file
room somewhere else in the building. An employee of Trusted Information
Systems Inc., a Glenwood, Md.-based computer-security firm, his job is
to find the weak links in a client's data network, the way a security guard
jiggles doors and windows to make sure they're locked. More often than
not, the 27-year-old "professional hacker" finds a way in. Sometimes he
can pry open almost every entrance.
The takedown of Moscow took place earlier this month at a Trusted
Information client that can only be identified as a large engineering
company inside the Beltway. Hein and a co-worker had been given the
task of determining how vulnerable the company's 24 servers are. Those
servers are home to sensitive files and schematic drawings that
unscrupulous competitors would love to see.
All Hein and his colleague were given by the company was an office with a
phone jack that connected into its data network, the same sort of access a
janitor could have at night. With nothing fancier than his two laptops, Hein
fired up a variety of programs that are commonly used by hackers. The
programs generated reams of numerical data indicating which "ports" -- or
windows -- on a server appeared ajar.
The Moscow server seemed like a particularly ripe target. Not only did it
house a trove of data, including electronic-mail messages, but it looked
relatively unguarded.
Once Hein was inside the server, the real action began. He dug around
through various directories looking for the system administrator's password
file, but when he found it, the data was scrambled. No matter. Another file
he found indicated what type of data-scrambling system the server used.
Emboldened, he configured his computer to search for the password by
scrambling every word from Webster's Dictionary, the dialogue of all three
"Star Wars" movies, each "Star Trek" episode and every J.R.R. Tolkien
novel -- all favorites of the techie class.
A little more than two hours later, Hein became "root" on Moscow,
allowing him to access every single file on the machine and giving him the
ability to delete any or all of them. "On that server," he remembers, "I was
God."
Trusted Information was hired by a middle manager at the engineering firm
who wanted to show his superiors that despite a raft of basic protections,
the company's network was far from secure. Hein expects the company to
spend "several million dollars" upgrading its systems
after it receives a detailed accounting of his exploits.
That's where Trusted -- and two other fast-growing Washington area
companies -- really come into the picture. Among other products, Trusted
makes "firewalls," which act like doors to parts of a network, only
admitting authorized users. Firewalls are commonly used to prevent visitors
to a company's World Wide Web site from gaining access to the
organization's internal network.
Joining Trusted in the local computer-security business are Axent
Technologies Inc. of Rockville and V-One Corp. of Germantown. Axent's
flagship product helps system administrators manage security across their
network while V-One specializes in "virtual private network" technology,
which provides secure data transmission over the Internet.
All three -- particularly Trusted and Axent -- have seen demand for their
products surge over the last two years, as corporations have decided to
connect more of their computers to local area networks and the Internet.
Over the past year, for example, Axent's revenue jumped 89 percent and
Trusted's rose 54 percent. That success has spurred major business deals
recently for both companies.
In early February, Axent acquired Raptor Systems Inc., a Waltham,
Mass., firewall maker, for about $245 million in stock. The purchase helps
round out Axent's product line and makes the company the nation's
third-largest computer-security firm, according to analysts.
Late last month, Network Associates Inc., a fast-growing security
company based in Santa Clara, Calif., said it would spend $307 million to
buy Trusted. The deal, which has not yet closed, would make Network
Associates the biggest player in the security market, filling a strategic hole
in its firewall business. Trusted will continue its operations in the
Washington area after the acquisition.
Executives and industry analysts say the deals largely were driven by a
need to offer one-stop shopping to corporate customers, who have begun
to view security products not as disparate utilities that can be picked up
from various vendors but as a central component of their computing
strategy that they want to buy from a large firm.
"If there's an intrusion in the network, system administrators don't want to
have to deal with 12 different companies. They want to make one phone
call," said Steven Foote, a vice president for research strategies at the
Hurwitz Group Inc., a consulting firm in Framingham, Mass.
The consolidation comes as the network-security business has started to
surge. It's a market that's projected to grow from a little more than $2
billion last year to almost $7 billion by 2000, according to securities firm
Volpe Brown Whelan & Co.
Analysts expect about half the revenue in the market to come from two
basic products: firewalls and anti-virus software.
Viruses are generally small files, passed along when people swap disks or
download material from the Internet, that can erase data, freeze up
machines or crash an entire network. Although viruses have been around
for years, newer strains have become more pernicious, forcing businesses
and consumers to regularly update their scanning software.
Likewise, analysts predict that the demand for firewalls will continue to
increase as more businesses set up Web sites with different levels of
access to employees, suppliers, customers and ordinary people.
But the big growth in the security market is expected to occur in two other
areas -- places where Axent, Trusted and V-One are widely viewed as
industry leaders.
The first is virtual private networks, or VPNs. Today, businesses that want
to send sensitive information from one office to another typically shell out
thousands of dollars a month to lease private data lines from phone
companies because they believe the Internet isn't safe enough. VPN
technology, projected to grow into a $4 billion business by 2000,
scrambles data so it can be sent across the Internet without worry about
snooping.
"It takes the fear out of putting your secrets on the Internet," said David
Dawson, the chief executive of V-One, whose SmartGate VPN technology is aimed
at mobile workers who want to connect to the office networks over the Internet
instead of making a long-distance phone call.
The other set of growing technologies involves foiling inside-the-building
intruders. Security experts long have focused on erecting virtual fences,
moats and minefields around their networks, but if somebody's on the
inside, going from the file room to the president's office or the research
division often is much easier. Now, firms such as Axent and Trusted are
pushing products that try to detect intruders and monitor activity inside the
network.
"We're telling people it's not enough to put deadbolts on the door," said
Stephen T. Walker, Trusted's chief executive. "You've got to install the
motion detectors too."
Insider attacks have become an increasingly important concern for
corporate information security managers. According to an informal survey
of 520 security professionals conducted by the Computer Security Institute
for the FBI's International Computer Crime Squad, 64 percent reported at
least one unauthorized entry into their computer systems last year. Of
those, 70 percent reported at least one network attack committed by their
own employees.
Trusted and Axent have developed "intrusion detection" software that
sounds an alarm for security managers when people venture into
unauthorized areas. It's a market that's still getting off the ground, but both
firms contend the proliferation of insider attacks will generate a new wave
of demand for their products.
"In the old mainframe days, all you had to do was lock up your computer
in a room," said John C. Becker, Axent's chief executive. "As you network
machines, though, everyone has access to sensitive material -- secretaries,
janitors at night, people in the mailroom."
That's something that Walker never imagined when he founded Trusted in
1983 with his $30,000 government retirement package. A former National
Security Agency and Defense Department researcher, he started the
company as a consulting shop, advising firms such as International Business
Machines Corp. and MCI Communications Corp. on ways to secure their
mainframes. By the early 1990s, Walker's small company, working under
a contract for the Defense Advanced Research Projects Agency, had
developed an early firewall.
"Back then, nobody knew what a firewall was," Walker said. So he gave
the software away over the Internet.
"As soon as we did that, we started getting all these calls," he said. "They
said, 'I don't want it for free. I want you to come in and install it.' "
Today, Walker's 20 percent stake in Trusted is worth about $60 million.
Trusted sells its Gauntlet firewalls for $5,000 to $17,000 a pop, depending
on the installation required, and the company continues to offer a free
version over the Internet.
It's a business, however, that hasn't escaped the notice of computer
industry giants, including IBM, software giant Microsoft Corp. and
networking powerhouse Cisco Systems Inc., all of which are integrating
more firewall technology into their software and hardware products. Such
moves lead some analysts to take a dim view of independent security firms.
"If these big companies weave more security functions into their products,
it's going to be tough to be viable as a stand-alone player," said Fred
McClimans, president of Current Analysis, a Sterling-based market
research firm.
But Walker contends that security functions that are bundled with other
products won't be current or powerful enough for many large businesses.
"We don't see this market going away any time soon," he said.
He points to that engineering firm.
On Friday, Hein and Jody Patilla, Trusted's director of network analysis
and testing services, set about compiling their report for the client. The
findings weren't going to make people happy. Hein, who spent nine days at
the client's office, invaded all 24 servers he was asked to attack. On seven
of them, he achieved the godlike root status. On others, he was able to
copy e-mail messages and view reams of research data.
Getting into Moscow, said Patilla, opened many other doors. "All it takes
is one hole and you can burrow inside," she said. "Once you cross the
outer shell you can get anywhere, and it shouldn't be like that."
Starting today, however, Hein and his fellow Trusted hackers will get a
little competition from the local rival. Axent plans to release a piece of
software called NetRecon that tests the vulnerability of a network --
automatically. The software will attempt to break in using a host of
common hacking methods.
"The hacking community already has this tool," said Robert Clyde, an
Axent vice president. "This allows [security managers] to anticipate what
could happen to them."
The Trusted hacking team expects an intrusion test -- either human or
automatic -- at almost any company to have results similar to that at the
engineering firm. It was "pretty weak," Patilla said. "But it's par for the
course."
Keeping a Business Secure
While the world of network security may seem hopelessly complex, the
measures it takes are very comparable to the locks, metal detectors and
motion sensors that more traditional security systems use to keep out
intruders. If you imagine a computer network as a building, here are some
of the systems used to keep it free of intruders.
INTERNET TRAFFIC
Off-site network
Like a branch office, it needs its own door that only admits authorized
users.
Firewalls
Like a fence or a locked door, a firewall blocks parts of a network to
people who don't have the proper authorization. Firewalls are commonly
used to prevent visitors to a company's World Wide Web site from gaining
access to the organization's internal network.
Virtual Private Networks
Like a locked briefcase that lets employees carry sensitive material when
walking on a public sidewalk, virtual private network technology allows
companies to send scrambled data across the Internet without fear of
snooping.
THE BUSINESS
Network management
Like a video-monitor-laden security control center, management software
allows system administrators to keep tabs on activity throughout the
network. Such software also helps administrators determine the employees
who should have access to certain areas and whether their passwords
need to be changed, then implements modifications on firewalls and
authentication servers.
Digital certificates
Like an identification badge, digital-certificate technology identifies
employees within the network, enabling them to enter some electronic filing
cabinets, but not others.
Intrusion detection
Like security cameras and motion-sensing burglar alarms,
intrusion-detection software monitors various parts of the network, looking
for people who either have slipped into sensitive areas or are misbehaving
in public areas.
Authentication
Like the magnetic badge reader outside a locked door, authentication
software determines whether a user is authorized to enter through a
firewall. The software relies on a password, usually in conjunction with
another form of verification.
Virus detection
Like metal detectors and bomb scanners at building entrances, virus
detection software examines the data files employees transfer onto the
network. Viruses are generally small files that can cause big problems, such
as erasing data, freezing up machines or crashing the entire network. The
detection software alerts system administrators and prevents the entry of
virus-infected files.
Reconnaissance
Like the guard who jiggles the doors and windows looking for ones that
are unlocked, reconnaissance software lets system administrators pretend
they have a hacker trying to enter their network. The software identifies
systems that could be vulnerable to an attack.
[snip...]
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Tue Mar 17 17:48:36 1998