ALKHOBAR, 13 February 2007 — Attracting more than 15,000 information security professionals, the 16th annual RSA Conference was held last week in San Francisco. The five-day Conference offered attendees the opportunity to discuss the trends, issues and solutions that are impacting the information security industry globally.
Personal Security Appliance vendor Yoggie Security Systems was named the “Most Innovative New Company,” at the conference. The company’s new product offering, the Yoggie Systems’ Gatekeeper Pro, is a credit-card-sized security appliance that brings corporate class security applications within the reach of mobile and remote workers.
We’ll probably never see this security appliance in Saudi Arabia as Yoggie Security Systems is based in Israel. This is the most recent example of how current policies in the Arab world continue to put our networks at risk. While information security technologies developed in Israel are shunned by the Arab world, Arab nations fail to invest in the R&D required to create viable alternatives.
And even as new technologies enhance network security, criminals are becoming more sophisticated in their exploits. At the 2007 RSA Conference, Eugene Kaspersky, head of antivirus research at Russia’s Kaspersky Labs, stated that the rise of so-called “Ransomware Trojans” will be a key trend in 2007.
Ransomware Trojans are a type of malicious code that infects a PC, encrypts some data and then displays an alert telling the victim to send money to get the key needed to access the data again. Such malicious software isn’t new, but Kaspersky believes cybercriminals will refine their use of Ransomware this year.
Kaspersky stated that if criminals with a better grasp of cryptography begin writing Ransomware code “antivirus vendors will not be able to decrypt and recover your data without help.” Plus, since the criminals may want as little as $20 or $30 to provide the decryption key, people will probably be willing to pay, rather than lose access to their data. Many won’t even take the time to report the extortion to the police, considering the hassle of such action worse than the money they’ve already paid.
The police might try to fight such extortion, but their success is hardly likely. According to Kaspersky, law-enforcement officers are having difficulty catching Internet criminals.
“In 2004, there were around 100 arrests of suspected cybercriminals. In 2005, there were around 400. But last year, there were just 100,” Kaspersky said. “It seems that the stupid guys are being jailed, but the clever ones are still operating.”
Not every type of network attack is on the rise, but there seems to be some disagreement about whether certain kinds of attacks are actually declining or perhaps just evolving. Kaspersky stated that there should continue to be a reduction in distributed denial-of-service (DDoS) attacks. This is where a company’s servers are bombarded with data in an attempt to drive it offline. Kaspersky believes that these attacks are declining in part because better filtering technologies have been developed that can strip out DDoS traffic before it reaches a corporate server and also because several people have been arrested for launching DDoS attacks and demanding payment in exchange for stopping the attack.
Paul D. Parisi, CTO of DNSstuff.com, has a completely different perspective on the DDoS attack situation. He discussed last Tuesday’s incident in which a DDoS attack targeted at least five of the Internet’s 13 root name servers. The attack caused two of the root name servers to stop responding to up to 90 percent of queries. However, the other root name servers kept the Internet working during this time.
The Internet relies on 13 root name servers deployed globally to manage traffic between computers connected to the Internet. To ensure stability, no one organization controls all 13. Because of the reliable, redundant nature of the system, the DDoS attack passed largely unnoticed by the average computer user, while experts worked to deal with processing the flood of data caused by the attack.
“It is likely that this latest apparent probing effort was testing the resiliency of Domain Name Servers (DNS),” explained Paul D. Parisi, CTO of DNSstuff.com. “This could be a harbinger of more targeted attacks against .com parent servers or even individual enterprise servers, neither of which may have the resiliency or redundancy of the systems attacked earlier. Either of these scenarios could have catastrophic consequences for the Internet-at-large or specific organizations.”
Even without an increase in targeted or malicious attacks on DNS servers, many of those same servers remain vulnerable or are performing poorly because of human error. There are over 85 million domains on the web, and a survey by DNSstuff.com of its users revealed that there are significant, fixable configuration issues with DNS settings for nearly 70 percent of those active domains. These incorrect settings can lead to site outages or improperly routed e-mail, and a targeted attack exploiting these settings could lead to even more widespread network and Internet outages.
A newly released DNSstuff.com root server time map allows IT professionals to monitor the state of root and .com servers supporting DNS. Network administrators can check real-time performance of these servers to spot long latency times or unusual behavior in response times. The root server time map can be found at http://www.dnsstuff.com/info/roottimes.htm. Other simple steps that can be taken to improve DNS security include maintaining a minimum of two physically and geographically separate servers to help thwart a DDoS attack, and proper configuration of Primary and Secondary name servers to utilize the natural resiliency of DNS.
“Unfortunately, many people are relying on improperly configured DNS and are unintentionally leaving themselves, and therefore the web, vulnerable to attack,” Parisi said.
Another area of controversy at the 2007 RSA Conference was whether Microsoft’s Windows Vista Security was spreading woe or wow. An informal poll conducted at the conference by security vendor PC Tools found that of more than 300 security experts interviewed, 97 percent said they believe that Vista will have problems with security for the next few years. About two percent of those interviewed were unsure and the rest did not respond to the issue.
At the 2007 RSA Conference Microsoft Chief Research and Strategy Officer Craig Mundie didn’t speak about Windows Vista specifically. However in a keynote with Microsoft Chairman Bill Gates, he outlined a vision for a digital world where people can easily and seamlessly connect across networks, platforms and devices — with confidence that their information won’t be compromised or stolen. Achieving this “anywhere access” vision, he explained, will require serious, industry-wide collaboration and a commitment to investing in interoperable systems, processes and products.
