Internet Security Incidents Up
Internet security incident statistics are showing the continuation of
a disturbing trend. Since the early 1980's the computer systems
attached to the Internet have been under attack. Lately that trend
has included the Internet itself as Denial-of-Service attacks cause
backbone router problems, and hacks on root name servers have left
entire domains without needed services.
CERT projects that security
incidents were up 50% in 2002. In 2001 there were over 52,000
incidents, with an expected 82,000 in 2002.
Just this week other statistics are out. One major security player
has stated that it saw security incidents rise more than 36 percent
between the last quarter of 2002 and the first of 2003. Another major
player claims that incidents are up about 10 percentage points week on
week. That's quite an increase.
What To Do About Security Incidents
the top enterprise security threats for 2003. Make sure that all
issues are properly addressed.
- Cover the security basics.
- Install a firewall.
- Install an intrusion detection system.
- Configure it properly.
- Keep it up-to-date on a daily basis.
lists the Top Ten Security Exposures as:
- Default operating system and application installations
Solution: The installation and routines for many operating systems and
applications often include additional programs and scripts in the
interest of user convenience and ease of use. Unless removed or
disabled, many of these same routines provide a security vulnerability
that can be exploited.
- User accounts have no passwords or weak passwords
Solution: Remove default passwords and routinely change passwords to
those that cannot easily be guessed.
- Incomplete backups and/or local storage of backups
Solution: Verify that critical and essential data is backed up on a
daily basis and stored in a safe location, away from the source of the
data. Periodically check to ensure you can restore from backup media.
- Unneeded services or programs running
Solution: When away from your computer or working in another program,
be sure to close unnecessary services or programs. Some of the
non-critical services and programs could be vulnerable to security
- Non-existent or incomplete logging
Solution: Security and event logs permit a review of computer activity
should the computer become compromised. This information could be used
to identify a security exploit and/or determine the scope of
damage. Verify that your computer system logs have been enabled and
are functioning. In addition, it is a good idea to periodically copy
your logs to removable media or a remote system using write-once media
to protect logs from being overwritten.
- Infrequent log inspection
Solution: Once security and event logs have been enabled, you need to
regularly inspect the log files for suspicious activity. While
suspicious activity may not always be easily identified, you can
review previous log entries for entries that occur at odd dates/times,
or are made by unknown users of computer addresses.
- Operating system patches, particularly security fixes, have not
been installed on your computer
Solution: Routinely review and install critical operating system
patches to your MS Windows, Unix and Apple operating
systems. Operating system vendors and a number of independent security
organizations provide descriptions of recent security vulnerabilities
and available operating system updates. Visiting the web sites of such
organizations may alert you to the need to install an important
- User accounts of terminated employees are available after
Solution: Remember to remove the access privileges for departing
employees as soon as possible. Also, remember that internally
transferred employees and temporary employees may need to have their
access privileges changed periodically to match their work assignments.
- Unfamiliarity with recent security vulnerabilities and exploits
Solution: Regularly review security-related web sites, and hire an
security consultancy to examine your security and implement