Computer Crime Research Center

How Vulnerable Is the Internet Now?

(By Joe "Zonker" Brockmeier)

According to Gartner research director Richard Stiennon, it would not be difficult for an attacker to send spoofed routing tables to poorly configured routers and misdirect traffic across large parts of the Internet.

It is increasingly rare for a month to pass without a report of a serious vulnerability in one or more of the technologies that underpin the Internet.

Even products that are not a direct part of the Internet infrastructure can cause huge problems. The SQL Slammer worm, for example, significantly disrupted traffic after infecting only a small number of machines.

Granted, security has improved on some levels, according to Richard Stiennon, Internet security research director at Gartner. "Enterprise security has gotten much better," he told NewsFactor. "Enterprises are protected from the Internet much better than a year and a half ago."

Unfortunately, he added, "The Internet itself is still extremely vulnerable."

More than Worms
Specifically, Stiennon said that routers, the machines that direct traffic on the Internet, are a weak point. "Routing protocols are very insecure," he noted. "An expert could take out the Internet any time they want to."

According to Stiennon, it would not be difficult for an attacker to send spoofed routing tables to poorly configured routers and misdirect traffic in large parts of the Internet. In addition, he said, such an incident would be hard to fix.

"The task is difficult. It has to be a voluntary effort on behalf of all the carriers ... [because] there are still thousands of ISPs, all of them doing routing all the time." Stiennon noted that these ISPs, including major carriers like AT&T (NYSE: T) , WorldCom and Sprint (NYSE: FON) , need to harden their routers against attacks.

The Silver Lining
So, if an Internet blackout can happen so easily, why hasn't one occurred? Surprisingly, Stiennon said, "I guess because the hacker world really is made up of well-intentioned hackers, for the most part…. You can have a group of citizens who are armed and not have everybody shooting at one another."

Another piece of good news is that although routers may be vulnerable, a different part of the Internet is stronger than ever. According to Stiennon, the Internet's root DNS servers are better protected since the well-publicized attacks against them last year. "Most root DNS servers are investing in defensive systems," he explained.

The Fix Begins at Home
As Slammer showed, however, the Internet is vulnerable not only to inherent security holes, but also to viruses and worms released by malicious attackers. One might think that after years of well-publicized incidents, companies would have learned from their mistakes and become more proactive. But, so far at least, that assumption would be wrong.

Indeed, Art Manion, a security analyst with Carnegie Mellon University's Computer Emergency Response Team (CERT), told NewsFactor that companies are still making the same mistakes. "Clearly, some basic steps are not being taken on the dead-obvious problems they can do something about," he said.

Although software vendors share some of the blame for the current plague of computer viruses, worms and trojans, companies need to take responsibility for patching their own software. In the case of SQL Slammer, Manion said, the fault lay largely with those companies hit by the worm. "People were caught by 'surprise' when the information had been there for months," he noted. "It's happened before, [and] it's probably going to happen again."

Security as Priority
That does not mean companies should stop pressuring vendors to produce more secure software, however. According to Manion, many problems also could be avoided "if we could improve software development from the beginning. It might have some lasting good effects."

The bottom line, although CFOs may not like to hear it, is that companies need to budget more resources for security. "It is part of human nature to only invest and respond to pain," Stiennon said. "The security community has been waving red flags forever, but people holding the purse strings keep saying, 'Yes, but...'

"Down the road, everybody is a target all the time."


Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright © Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at +38 061 220 12 83