Product Cycle
vs.
Threat Cycle

Security threats of the past have often been mitigated easily by the latest product upgrade or signature update. Or to put it another way the product cycles were enough to subdue attacks. But in the last few years the rewards for successfully infiltrating a company large or small company have increased significantly. The rewards have increase so much that it has been published that the Russian mafia makes more off cyber-crime than drugs.

This has heightened the sophistication of cyber-criminals. Today's cyber-criminals can easily be government operatives from small countries, their main goal being corporate espionage. However, they are not only after small business's company information but their customer's information as well.

Social security numbers, addresses, e-mail addresses, and credit information are very lucrative in the underground. Also having access to machines unknowingly infected with bots pays high dividends. This all adds up to one thing. The bad guys are spending a lot of time and money researching the latest products for weaknesses. Thus they are learning how to attack around them and in many cases compromise them.

When is comes down to it, these threat cycles happen much faster and are more frequent than product cycles. With the increased complexity of networks and even operating systems, there are more holes to compromise. Today if a machine is broken into it is almost certain that it will contain a backdoor if not multiple backdoors. Many of these holes are difficult if not impossible to find and repair.

Network Strategies uses layered security practices and a combination of tools to find these attacks and more often to prevent them. Many of these attacks appears as just anomalies. They require constant attention and communications with the users. This is where Network Strategies excels. Since we take ownership of the security structure we actively track down anomalies and work hand in hand with end users.

To get more detailed information on our services, please visit our Services page.

Inside Honeypots

Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.

From Sept. 10 to Sept. 25, online intruders made 305,922 attempts to break into six computers connected to the Internet via broadband DSL. Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once. No other machines were breached.

Platform	Total attacks	Attacks / day	Attacks / hour
XP SP1	139,024	8,177	341
OS X	138,647	8,155	339
Win SBS	25,222	1,400	61
XP SP2	1,386	82	3.4
XP with ZoneAlarm	848	50	2.1
Linspire	795	46	1.9

Analysis of a break-in

Monitoring software reveals intruders incessantly probing the Internet for vulnerable PCs on Sept. 10.

10:52:08
Less than four minutes from start of the test, an intruder breaks into Windows XP SP1 through the vulnerability most famously exploited by last May's Sasser worm. Ensuing instructions get garbled.

11:03:30
Eleven minutes later another intruder breaks into XP SP1 through the security hole exploited by the July 2003 MS Blaster worm. Ensuing instructions get garbled.

11:04:04
While the previous break-in is still unfolding, another intruder, using a different attacking computer, breaks into XP SP1 through the Sasser hole. Ensuing instructions get garbled.

20:21:44
An intruder breaks into XP SP1 for the fourth time using the MS Blaster hole. Things go smoothly. He begins uploading commands. He confirms XP SP1 is connected to the Internet, then begins making repeated attempts to connect XP SP1 to a server running an Internet Relay Chat channel, the equivalent of a private Instant Messaging line.

20:22:49
The intruder successfully connects XP SP1 to the IRC channel, which is probably also running on a hijacked PC.

20:23:05
The intruder instructs XP SP1 to navigate to a designated Web site, likely running on yet another hijacked PC. XP SP1 downloads a program, called ie.exe, from the Web site.

20:23:11
XP SP1 begins scanning the Internet, poised to similarly hijack other PCs exhibiting the same unpatched security hole.

Home | FAQs | News | Contact | Top of Page

Network Strategies, Inc. © 2008 | All Rights Reserved
Graphic Design by RTBWizards.com