InformationWeek

New Net Threat

Filterware can protect users from 'spoofing'

By Joseph C. Panettieri and Clinton Wilder
Issue date: Feb. 6, 1995

Internet hackers are on the prowl again. According to an alert issued on Jan. 23 by CERT (Computer Emergency Response Team), the government-sponsored organization that safeguards the massive worldwide network, Internet hackers in recent weeks have infiltrated several private and corporate networks. Still, despite widespread concern, there are viable security solutions.

According to CERT, the Internet hackers use a technique called IP Spoofing that tricks a priv ate network normally secure from external access into thinking a hacker is on the network as a legitimate user. To combat this method, organizations can use filtering software that neutralizes IP Spoofing, says Tom Longstaff, manager of research and development of CERT in Pittsburgh.

Such filtering software is available from at least four networking companies: Bay Networks, Cabletron Systems, Cisco Systems, and Livingston Enterprises. Says Matthew Howard, security product manager at Cisco in San Jose, Calif., "Our filtering software won't accept any internal address data that's coming from an outside source."

To be sure, filtering software has been widely available for at least three years, leading some to downplay the most recent hacker activity.

"This isn't anything we haven't seen before," says Ray Kaplan, a senior consultant at CyberSafe Corp., a data security consulting firm in Redmond, Wash. "Anyone with a well-managed firewall shouldn't experience this." For rela ted story on firewalls click here

'Espionage Conduit'
Internet access provider Issue Dynamics Inc. in Washington begs to differ. It recently suffered network break-ins. According to Issue Dynamics president Sam Simon, CERT notified his firm in December that a hacker was posting pirated software on Issue's server. Moreover, the hacker was posting the company's encrypted password file on Internet newsgroups and using the server as what Simon calls "an industrial espionage conduit" to spy on Net users.

Issue upgraded its Internet firewall--which blocks unauthorized Internet data from entering a private network-and has had no further break-in problems.

Attention to detail is the key, say experts. "The recent hacker activity highlights the importance of developing the necessary security for the transaction environment," adds Bill Powar, VP of advanced payment system strategies at Visa International Inc. in San Francisco. "But I don't think it changes the momentum of electronic commerce. All new businesses have faced fraud attempts as they evolve; it's part of the growth process." To compensate, Visa has teamed with Microsoft to develop encryption technology that scrambles data for transportation across the net. Cisco says it is working on similar encryption technology.

Still, "There's no single Internet security solution," warns Mick Scully, VP of product management at Bay Network's Billerica, Mass., facility. "Users need to understand who and why people break in, and the additional tools you can use to build a higher and higher firewall."

In other words, build protection now, or call CERT later.

Comments on this story?