|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Drive-by anti-hacking teams targeting Sydney By Nicole Bellamy, ZDNet Australia November 19, 2001 URL: http://www.zdnet.com.au/news/security/soa/Drive-by-anti-hacking-teams-targeting-Sydney/0,130061744,120261894,00.htm
X-Force--an Internet Security Systems (ISS) anti-hacking team--takes its job very seriously, even taking to the streets of Sydney for security threat analysis in the form of 'drive-by hacking'. A recent analysis conducted by the X-Force team in Australia, tested the security of wireless networks operating within Pitt St, Sydney--a major retail and business centre. The team discovered twelve wireless networks that were easily accessible and vulnerable to hacking. According to Kim Duffy, managing director, ISS, this type of test is a regular one for the X-Force team, and known in security circles as 'drive-by hacking'. Armed with the appropriate knowledge, tools of the trade and access to technologies, it is quite easy to hack into certain wireless networks without leaving the comfort of your vehicle. "You can wander along the street, see a target and try to penetrate their network, all without leaving your car," said Duffy. 'Drive by hacking' is just one form of threat analysis conducted by X-Force for companies within Australia, and around the world. Based in Atlanta, and working with organisations such as the FBI and Interpol, as well as Queenlsand-based Australian Computer Emergency Response Team (AusCERT), X-Force is designed to expose vulnerabilities and security flaws before hackers have a chance to exploit, or expose these. X-Force offers two main types of threat analysis and security testing;
A recent KMPG survey outlined the need for organisations to develop, and install, security solutions. According to the survey, 41 percent of 500 executives within multinational companies believe their company is susceptible to a serious security breach. Of this number, 60 percent believe that it can be solved with technology. Duffy believes that businesses continue to underestimate security as an issue for businesses working in the online space. While larger organisations are beginning to spend more money on ensuring the security of networks and systems, according to Duffy, they are not always successful. "We have seen some terrible [cases of poor security]," said Duffy. "There are some organisations where at administrator level, they still have their passwords set at 'password' (the system default)." This often happens at the "engine room level", because the technical staff believe "they are in control and therefore, they are safe", said Duffy. Another common belief in organisations is that one type, or level, of security is enough. "Some of these organisations are of the view [that] you just put in a firewall and you are safe," claimed Duffy. "But a firewall is like having a front gate but not having a fence." Layering security for maximum defence Duffy believes effective security involves layers of defence and offers the following layers as an example of a secure system.
Duffy added that PC-protection or desktop security--in the form of authentication, scanning devices, and anti-virus software--is another element which should not be ignored. According to Duffy, another "area of defence" involves e-business. Organisations communicating or transacting over the Internet are exposed to the vulnerabilities present in the networks of their business partners. "You can have the best security system in place, but the minute you work with another company, you are vulnerable to their security measures...a chain is only as strong as the weakest link," said Duffy. The emergence of security auditing and certification is assisting in business partnerships by easing these concerns.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
