Although the client was relieved to learn it wasn't trafficking illegal pornography, it was concerned to be trafficking intellectual property. It was also concerned that its FTP server had been used to conduct scans and/or attacks on other networks. Our report included many recommendations, most notably:
- Consult with legal counsel regarding the liability associated with the hack and current legal responsibility (a very subjective area at this time).
- Consider reporting the hack to the appropriate agencies and affected parties, including:
—The local office of the FBI
—The State Office of Information Technology
—The State Police's High Technology Crimes Unit
—CERT
—Microsoft
—Adobe
—The governmental agency scanned
—Paramount Pictures (Indiana Jones)
—United Artists (Bowling for Columbine)
—Clients regularly accessing the FTP server - Rebuild the FTP server.
- Move the FTP server behind the firewall and limit traffic to the FTP server to ports 20 and 21.
Don't make it too easy
Executing on the basics of IT security is not enough to ensure that your organisation will not be hacked, but it will significantly reduce the chances. Further, if you are hacked, you'll be able to recognise and remediate it before significant damage to the organisation is done.
The basics for systems that need to be externally accessible (Web, e-mail, FTP) include these steps:
- Put them behind an appropriate firewall (preferably in a DMZ).
- Disable all services except those absolutely needed.
- Filter all except port-specific traffic to systems (e.g., 20/21 for FTP).
- Turn on system and firewall logs.
- Review the logs on a daily basis.
- Consider implementing intrusion prevention software for mission-critical boxes.
Although this seems like (and truly is) "Security 101," I can assure you that many organisations are not executing on the basics. Virtually all of the hacks we investigate are caused by a failure to execute on some combination of these fundamentals.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2003 TechRepublic, Inc.
