Financial Daily from THE HINDU group of publications
Monday, Aug 23, 2004
eWorld
Features
Stocks
Port Info
Archives

Group Sites

 eWorld - Books
Columns - Books 2 Byte


System attack starts with a ping sweep

D. Murali

Technical attacks on machines are much like a pickpocket swooping on his prey in a crowded bus. But you can defend yourself intelligently. Here's the full picture on network security.

THE first step in the technical part of an attack is to determine what targets are available and active. A step, you'd agree, that is as predictable as how a pickpocket identifies his prey in a crowded bus, or a boy or girl picks up company in a party. Only, in the world of computers, this takes the form of `ping sweep', a sort of mating call that machines are programmed to recognise. If the machine responds to the Internet Control Message Protocol (ICMP) echo request, "it is reachable." Next what? "Find out where the pockets are," you'd say. No, it's ports, because we're talking about machines. "Perform a port scan. This will help identify which ports are open, thus giving an indication of which services may be running on the target machine."

Network hardening is not one more stage in the attack sequence but is a countermeasure. "Network devices should be configured with very strict parameters to maintain network security." For this, use patches and updates, and add "an outer layer of security" in the form of "firewall rules and router access control lists."

The book in my hand is one of Dreamtech Press's `Information Assurance & Security Series', titled Principles of Computer Security by Wm. Arthur Conklin and his team (www.wileydreamtech.com) . At the end of chapter 1, there are questions such as: "Criminal organisations would normally be classified as what type of threat? (a) Unstructured (b) Unstructured but hostile (c) Structured or (d) Highly structured." Another question: "An attacker who feels using animals to make fur coats is unethical and thus defaces the Web site of a company that sells fur coats is an example of: (a) Information warfare (b) Hacktivism (c) Cyber crusading or (d) Elite hacking."

Topics covered have in view the `Security+ exam' offered by the Computing Technology Industry Association (CompTIA). What's interesting is that the Security+ certification does not expire, very much like a CA qualification, so you don't have to take the exam periodically. A secure read, as long as you can insulate yourself from the `pings' of other booklovers.

IT is a complex wild animal

INFORMATION technology ranks highly among most companies' top five expenditures. How good to read that from the blurb of Managing IT as a business, by Mark D. Lutchen, and published by Wiley (www.wiley.com) as `a survival guide for CEOs'. But the next line could be shocking: "IT continues to be one of the least understood and most poorly managed areas in business." So, the author, a former CIO of PricewaterhouseCoopers, offers advice "on how to unleash the full potential of this critical function" with a `proven plan' to bridge the gap between CEOs and CIOs - something that has impeded their ability "to work together in order to craft objectives, establish budget guidelines, and develop metrics for measuring IT value and success."

In the foreword, Erik Brynjolfsson of MIT writes: "For every dollar spent on IT hardware, up to nine dollars go to complementary investments, including organisational and human capital." These investments can create real, if tangible, assets, Erik adds. Thus, to focus only on IT spending that occurs within the IT budget is to miss all but the tip of the iceberg. "While many of these intangible assets go unmeasured on typical corporate balance sheets, they should not go unmanaged." Thus, there's a world beyond numbers; so, don't toe your management to munshi's line.

The intro speaks of the constant tension between CIOs desiring more `toys' and CEOs looking at IT as being expensive and, therefore, ripe for cutting. Result: IT gets subjected to "endless, frustrating cycles of stop-and-start investment" and gradually a layer grows between the two Os. "IT projects often become captive to the business cycle when, in order to capture the advantages of new technologies, they should be continuous."

Lutchen is categorical: "IT is a complex wild animal." An analogy that techies may find tough to digest. But the animal can be tamed, assures the author, and that happens only when you manage it the same way as any other successful business. "CEOs, board members, other executives, and financial buyers must learn to be `animal trainers'." Else, you would only be lingering outside the cage, not knowing what to do about technology.

Get into the cage with Lutchen at hand!

Black holes in cyberspace

THE virtual world has its own blind alleys from where people never return. Cyberspace has black holes that suck in victims. Chat rooms can lead the vulnerable out and away. Anonymity on the Net can end up in blood spill. Things are getting dirtier and here's a cautionary tale "set in a virtual world where relationships are established without the benefit of physical contact": Anyone You Want Me to Be, by John Douglas and Steven Singular. A shocking true story of sex and death on the Internet, as the subtitle of the Pocket Books (www.simonsays.co.uk) says. The culprit is John Robinson, "a harmless, unassuming family man whose criminal history began with embezzlement and fraud". Arrested for "the savage murders of six women and his suspected involvement in at least five disappearances", his hunting ground was cyberspace where he "seduced his prey". The book is educational, notes the intro.

"In the off-line world, you can pick up on the physical signals coming from people who could do you harm. You can use your intuition, your survival instincts, your senses, and your common sense to know when trouble is near." Not so in cyberspace, where you're cut off from your senses and some of your instincts.

So, here's the advice: "When you operate in such a place, you need to be keenly attuned to who you are and what you're doing, as well as what possible predators are doing. Had the women in these pages been more discerning about such things, they might be alive today."

Go offline to read this, for your own sake.

Tailpiece

"Our systems chief is dumb, I guess."

"Why do you say so?"

"I told him GTB and he said, `Giga tera byte!'"

Books2Byte@TheHindu.co.in

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Timing the catch

Set off with your laptop
More on the home front
Keep it going
A special letter
Confusing picture
Where's the money?
A fair start
Might is right
Trouble staying connected to the Net
Removing worm
New rules in this pool
Quiz
System attack starts with a ping sweep
Both sides of the story

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | Business Line | The Sportstar | Frontline | The Hindu eBooks | Home |

Copyright © 2004, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line