A well-known high street bank set out to foil future cyber bandits
from implementing a combined attack. This is their story
The recent Melissa scare affected many security conscious
organisations like telecommunications company Lucent and even Intel
and Microsoft Corporation. The software giant was forced to shut
down its mail servers for several hours, while data security teams
checked the system for the virus. The reason that this virus caused
so much concern was the speed with which it spread. According to
virus experts at Data Fellows ( a specialist in anti-virus and data
security ( over 100,000 users were affected within the first few
hours of the virus appearing on the Net. Even though both these
companies have stringent security measures, the anti-virus software
was still compromised.
A well-known high street bank recently upgraded its already
formidable defences to foil any future cyber bandits. Data Fellows
was heavily involved in the project. The threat that the bank most
feared was a combined attack designed to peel away its defences and
allow a hacker to cause damage to its system.A user either
accidentally or maliciously introduces a program into system. These
dangerous programs could be viruses, Trojans or even commercial
programs like Netbus. This rogue code can cause damage to the
infected machine, but a more sinister attack involves the
monitoring of network traffic using a variety of commercial
utilities. The traffic could be sniffed for passwords, sensitive
documents or possible loopholes in security. Windows NT standard
password security can be broken with enough processing time by any
computer. The multi-part attack would theoretically try to obtain
higher level passwords and the administration rights that go with
them. The ultimate aim would be to obtain enough information about
the system to either cause extensive damage or to potentially
defraud the bank. This scenario is very unlikely without the
assistance of an inside employee, but as networks grow larger -
vetting all potential users of your network is more difficult.To
prevent this, Data Fellows implemented a multi-level security
system. An overall policy was implemented from the central domain
administrator using a security policy enforcer, which is resident
on each user's machine. Each machine monitors all data coming in
from email or floppy disk for possible dangerous content, like
viruses, macros or Trojan horses. This software also forbids the
installation of any unauthorised programs by the user and notified
system administrators to any attempts to breach in policy. This
limits the possibility of sniffing and remote controls software
running on a machine without the consent of network supervisors.To
prevent the policy enforcer somehow being circumvented, all traffic
across the network is heavily encrypted using 255-bit blowfish
technology, to stop any possible data sniffing. Any attempts by
software to send data from the network to an external source, which
breaks policy, can be blocked and also generates an alert to
administrators. The blowfish technology used by this system is
currently the most secure encryption algorithm. Theoretically any
code can be broken with enough raw processing power, but even the
world's most powerful computer would take about 7 million years to
break this code.Financial institutions realise they are obvious
targets for virus and hacker attacks, but other companies should
consider the effect of sensitive information being obtained by
competitors, share holders or even employees within the company.
USA Today reported that at the start of 1998 Pixar, the
graphics company behind hit film
Toy Story, had a anonymous
email circulated around the company containing the salaries of 400
employees. This information might breed resentment towards well
paid staff, as well making future salary negotiations more awkward.
Whether this was a breach in physical or network security is
unclear. File locking and encryption may have prevented this
situation. In the banking world, disclosure of sensitive documents
could cost the company far more than just staff dissent or loss of
reputation.The protection system at work in the bank has been
designed to be multi-layered, with anti-virus software playing an
essential part in an overall security policy. The bank has learned
to regard viruses as symptoms of a possible breach in security. To
date they have not suffered any virus, document or network breaches
within their new, tightened security procedures. Instead of waiting
for attempts to breach the system, teams of security consultants
routinely test and probe it for loopholes and backdoors, reporting
any problems back to the network administrators to
evaluate.Complete protection is never a certainty and will never be
achieved through technical means alone. A combination of technical
and management dedication is required. Where the rewards are great
- as in a bank - you can bet that the best minds outside are
working on the problem. This requires diligent efforts on the
inside to foil their efforts.
Will Garside