Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Red Cross Works to Better Protect Its Networks From Attacks, Scams

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Red Cross Works to Better Protect Its Networks From Attacks, Scams
Date: Tue, 13 Sep 2005 01:41:08 -0500 (CDT) 
http://www.computerworld.com/securitytopics/security/story/0,10801,104539,00.html

By Jaikumar Vijayan 
SEPTEMBER 12, 2005
COMPUTERWORLD

Information security staffers at the American Red Cross, which was hit
last month by the Zotob worm, are working overtime to try to protect
the organization's networks against attacks amid surges in usage of
the networks following Hurricane Katrina.

In addition, the emergency relief agency has turned to the FBI and
others for help in preventing the spread of imitation Red Cross Web
sites set up by scam artists.

"The infrastructure is stretched, and I'm not sure we can tolerate
another outbreak" like the Zotob attack, said Ron Baklarz, the
Washington-based organization's chief information security officer.

Zotob, which took advantage of a hole in the plug-and-play component
in Microsoft Corp.'s Windows software, "saturated" sections of the Red
Cross' networks, making them inaccessible to users for several hours
last month, Baklarz said.

Consequently, the organization turned to security experts to "take a
second look at the security technologies we have in place today to
ensure that we have tuned them as best as we can under the increased
load," he said.

The Red Cross is implementing new technologies such as
intrusion-detection and -prevention systems -- some of them donated by
vendors -- to bolster network security, said Baklarz.

Also, not all of the Web sites that the Red Cross has created for
remote field offices set up to aid Katrina victims have a direct link
back to the organization's network.

"We are trying to put Web-based applications out there that can be
accessed without people coming to the corporate network," Baklarz said
without elaborating.

The Red Cross is working with the FBI Internet Fraud Complaint Center
to shut down sites allegedly created by scam artists involved in
Katrina-related fraud.

"We anticipated there would be a lot of fraudulent activity on the
Internet," Baklarz said. "We wanted to triage with the FBI and make
sure they saw examples of the legitimate e-mail that is sent out from
the Red Cross so that they know what to look for."

Appeals have also been sent to organizations such as Bethesda,
Md.-based SANS Institute and various government and nongovernmental
agencies to keep an eye out for anything that looks like a scam,
Baklarz said. As of last Thursday, about 20 such sites had been
identified and were being investigated by the FBI for possible
follow-up action.

"Every time an event like this occurs, it brings out the best and the
worst in people," Baklarz said. "Unfortunately, in my position, I've
got to think about and respond to the worst."



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Red Cross Works to Better Protect Its Networks From Attacks, Scams, InfoSec News <=
Previous by Date:  [ISN] Linux Security Week - September 12th 2005, InfoSec News
Next by Date:  [ISN] Massachusetts Teen Convicted for Hacking into Internet and Telephone Service Providers and Making Bomb Threats, InfoSec News
Previous by Thread:  [ISN] Linux Security Week - September 12th 2005, InfoSec News
Next by Thread:  [ISN] Massachusetts Teen Convicted for Hacking into Internet and Telephone Service Providers and Making Bomb Threats, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]