Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] LANL computers weather daily cyber assaults

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] LANL computers weather daily cyber assaults
Date: Mon, 29 Aug 2005 13:04:21 -0500 (CDT) 
http://www.lamonitor.com/articles/2005/08/25/headline_news/news03.txt

ROGER SNODGRASS
roger at lamonitor.com
Monitor Assistant Editor
August 26, 2005

On a $15 million a year budget, Los Alamos National Laboratory is
waging a daily battle against a barrage of threats to its computer
network.

Alexander D. Kent, deputy group leader for the lab's network
engineering group, said 25,000 computers processing about 850
gigabytes of data in 20 million legitimate sessions a day are facing a
growing risk.

A graph of Internet sessions between May and mid-August this year
shows at least five million "malicious" sessions on slow days and
10-15 million during peaks.

On weekends, when LANL activity slows, 90 percent or more of the
computer activity appears to be malicious.

Malicious activity could mean anything from a sophisticated hacker or
terrorist or a foreign intelligence operative to unsophisticated
pranksters and adolescent mischief.

The lab protects itself with network firewalls for its public network
and "air gaps" - compartmentalization - for its classified net.

Passwords are cryptographically generated for one-time use.

Cyber-defenders employ a "defense in depth" bulwark that includes
educating each individual user, detecting and preventing intrusion,
patching software quickly and setting unexpected traps and alarms,
among many other techniques.

An around-the-clock response team and close coordination with law
enforcement and counter-intelligence organizations are also important
parts of the job.

Kent briefed members of the legislature Wednesday in a joint hearing
of the Information Technology Oversight and LANL Oversight committees
at Fuller Lodge.

Rep. William Payne, R-Bernalillo, said he thought there was too much
defense and not enough offense.

"It would seem to me that some simple changes in federal laws could be
made that would allow you to have an offense," he said.

He suggested return messages that would place a small American flag on
the offender's monitor with the message, 'You've been placed on the
FBI website,' or a reverse worm that would destroy the hacker's
computer.

Rep. Janice E. Arnold-Jones, R-Bernalillo, compared the problem to the
identity-theft epidemic and called for leveling the playing field.

"They have to be right once; we have to be right all the time." she
said. "If we catch a hacker, our laws have no teeth."

The character of ordinary perpetrators is also changing, Kent told the
state legislators.

Five years ago, hackers were out to make a name for themselves. Now
people are in it for the money

"It's probably going to get worse before it gets better," Kent said.

He compared the stunning advances in computer networking to the
invention of the printing press. But, he added, the printing press not
only powered a communication revolution, it also enabled forgeries.

The problem is widespread and growing.

The President's Information Technology Advisory Committee said in a
report last year that information technology in the U.S. is "highly
vulnerable" to attacks.

"The data show that the total number of attacks - including viruses,
worms, cyber fraud and insider attacks in corporations - is rising by
over 20 percent annually, with many types of attacks doubling," the
committee wrote.

The study said more than 10 percent of PCs were infected by viruses
monthly in 2003 and 92 percent of organizations reported virus
disasters that year.

A Government Accounting Office report released in May said government
officials are increasingly concerned about computer attacks, which may
rise to level of "acts of war."

In a speech in Washington, D.C., on Aug. 9, FBI Director Robert
Mueller put the issue in an international context:

* In Australia, a two-way radio hacked into a sewage system computer
  system that released more than 250 million tons of raw sewage onto
  the grounds of a luxury resort hotel.

* Hackers seized a gas pipeline in Russia for an entire day by
  infiltrating electronic control systems.

* A Slammer worm computer virus blocked a nuclear power plant's
  computer network in Ohio, disrupting safety systems for more
  than five hours.

Mueller said cybersecurity is hampered by organizations' refusal to
acknowledge problems and work together.

"Maintaining a code of silence will not benefit you or your company in
the long run," he said.




_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] LANL computers weather daily cyber assaults, InfoSec News <=
Previous by Date:  [ISN] Islamists seek to organize hackers' jihad in cyberspace, InfoSec News
Next by Date:  [ISN] States face difficulties keeping up with cyberthreats, InfoSec News
Previous by Thread:  [ISN] Islamists seek to organize hackers' jihad in cyberspace, InfoSec News
Next by Thread:  [ISN] States face difficulties keeping up with cyberthreats, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]