adimas - Fotolia

Firewalls, script kiddies and honeypots

IT departments are so obsessed with firewalls that they ignore other more important aspects of IT security, a former hacker claimed

IT departments are so obsessed with firewalls that they ignore other more important aspects of IT security, a former hacker claimed last week.

Brian Martin, who spent years as hacking under the name "Jericho", warned businesses that firewalls alone will not guarantee an IT system's security.

"If you have a new firewall you can guarantee that some one will find a way through it," he told business people at the Compsec IT security conference in London.

Businesses are falling victim to 14- or 15-year-olds who use tools available on the Internet to hack into their systems, Martin warned.

These "script kiddies," are motivated by the desire for fame and recognition among the hacking community and will often attempt a visible hack, such as defacing a company Web site.

Nasdaq, which had its Web site defaced a year ago, claimed that its main IT systems were secure. But Martin, now a security engineer with Digital Systems International, said the hackers could have done serious damage to the exchange's internal IT systems.

Martin warned companies against relying too much on "honeypots" - computer systems containing bogus data designed to trap and monitor unsuspecting hackers.

"Let's say a hacker discovers he is in a honeypot. He gets upset and asks 2,000 script kiddies to mount a denial of service attack against you. You have 2,000 trails of evidence to monitor now, not just one."

Kent Brown, another former hacker, now a managing director with Amdahl, said companies would take security much more seriously if they knew what hackers could do.

A typical US bank would lose $10m a minute if its systems went down for five minutes, yet they are often not willing to spend even a fraction of that on security.

Brown, who runs Web sites on hacking, said he knows of hackers who have used their skills to buy laptops for only $2 from Internet retailers.

This was last published in November 2000

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...