Computer Crime Research Center


'Hacking is a felony': Q&A with IBM's Charles Palmer

Date: April 19, 2004
By: Dr. Charles C. Palmer

... browsers to crash? Is that an appropriate response to hackers?

Anytime you acknowledge the hacker, you run the risk of heightening his or her interest. If you change the game from solitaire to a real poker game with human opponents, it becomes more interesting to most hackers. Such retaliation is also short-lived, since countermeasures will quickly be developed and publicized around the Web. In my opinion, this is not an effective usage of limited security personnel.

16. Are anti-hacking measures improving?

The most important improvement is in the area of awareness. ... Advances in firewall technology (making them easier to install and configure), improvements in vulnerability scanning and better explanations of how to repair them, and better intrusion-detection with fewer false-positives are all key technologies in this race.

17. If attacks can only take place on computers that are online, to what extent could hacking be mitigated by keeping sensitive materials, data, etc., offline?

One of my colleagues at IBM likes to say, "only trust physics." My version is that the only 100 percent, truly secure system is one that is powered-off and filled with concrete. The military has long understood the security of an "air gap" (where a secure machine has no connection whatsoever to an unsecured machine), and we recommend to our customers that they consider such an arrangement for their most secure systems. This comes down to risk-analysis -- that is, weighing the cost in convenience and availability against the threat of having a system online.

If it's important to ... your business to have data available online inside the company, then protecting it with an internal firewall makes sense. ... If you have a Web server you want your customers to access, you can't hide it behind your corporate firewall because they won't be able to get to it. There are network designs that will enable you to position the Web server on the "outside," while securely maintaining a connection between it and, perhaps, a server behind the firewall.

18. What is the long-term outlook for hacking?

As long as there are unsecured computers with interesting stuff on them, there will be hackers. Law enforcement agencies have stepped up their facilities and training programs to meet the demand for computer and network security.

Moving toward technologies that use strong encryption will greatly improve the overall security of systems. Virtual Private Networks are a fantastic tool for companies and governments to protect their systems and networks while taking advantage of the low-cost, high-availability offered by the Internet. Internet standards bodies are also moving toward designing security into new standards.

Most kids today know much more about computers than their parents do, and some start "messing around" at earlier ages than in the past. The best thing we can do is to show them how interesting it can be to work at protecting systems and networks.

19. What about the outlook for computer security?

While better security technologies are appearing all the time, education and awareness will continue to be the limiting factor. System administrators must learn about and maintain their systems securely. Users have to understand their security responsibilities (like choosing good passwords, not installing unauthorized modems, etc.). ... Innovations like biometrics and smart cards will go a long way toward making security easier for the end user as well as for the system administrators.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2010-10-20 13:49:37 - booooooooooo! this site sux!!!! buttttt
2004-04-27 20:48:06 - Computers are not very friendly now. J.E.O.
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo