Madison, Wis. – When it comes to securing information networks, Paul Barford believes the good guys always are one step behind the guys in the black hats.
Barford, an assistant professor in the University of Wisconsin-Madison Department of Computer Sciences, said the acceleration of malicious activity that began in 2001 shows no signs of abating. In fact, the fun-seeking hackers that did their damage for simple notoriety have been joined by a more sophisticated class of cyber criminals.
Barford said the information technology industry is at an interesting transition point where it has moved from malicious activity as a mechanism for gaining recognition to malicious activity on the Internet with a profit motive. Make no mistake about it, he said, the people who write malicious code have become very motivated and very innovative.
“It is very clearly the case now that there are people who are making a lot of money by malicious activity, that organized crime is getting involved in malicious activity, and this represents a very, very serious development from the standpoint that it also means that the bad guys are getting much more organized and focused in their activities,” Barford stated.
So while there have been issues of worms, viruses, and spy ware for years, Barford predicts they are going to grow more acute in the near future, which suggests that mechanisms to secure private information are going to grow in importance as well.
Barford talks about making fundamental changes to network architecture that can choke off attacks, and on that point he is aligned with Mark Hartmann, a security architect with Paragon Development Systems. Both believe the widespread nature of computer hacking requires IT vendors to develop comprehensive solutions.
Security software and firewalls, however important, are no longer enough. However, securing each and every component of the network might be enough, especially in an era where hackers are getting more sophisticated, but don’t necessarily have to be.
That’s because even casual hackers can cause havoc. People who hack for the thrill of it have been a round about as long as the Internet, itself, but the difference today is the tools they employ are a lot easier to use. In a recent conference, Hartmann referenced Metasploit, a Windows based tool he characterizes as a “gooey, very easy to use, and very powerful” format that a 12-year-old could quickly master.
The ease and speed in which a server can be exploited – and not necessarily by grizzled hackers who are writing their own code – requires businesses to harden their entire networks. Fortunately for business and personal consumers, IT products are maturing and getting better, especially with regard to automating and intrusion detection.
Hartmann cited one example: Cisco System’s Monitoring, Analysis, and Response (MARS) system, which helps systems identify and counter threats. (Similarly, Intel has introduced a business desktop platform with built-in manageability agents that make security software more effective.)
“What Cisco is trying to do with its MARS is automate some of that, kind of put some intelligence behind it and make it a little easier on the administrator,” Hartmann said. “The average network administrator has a thousand things to do, and if you can set up a system to make his life easier, something that will filter out the less important or false positives or the minor attacks…”
Hartmann said a whole system approach, combined with a well-crafted security policy and constant employee education, is what now creates the path to a good security environment.
He said multiple layers of security, where if a single layer of security is breached or compromised, another roadblock presents itself, is the best way to combat threats. The reason to secure the entire network is that everything traverses the network, but when every component has a role to play in security, the degree of difficulty for hackers is enhanced.
“At every level, it’s security in depth,” Hartmann said. “Every device has its own role to play in security, from a laptop to the network to your firewalls to your applications.
“Nothing is ever truly secure. It’s all about how high you raise the bar, how difficult you make it.”
WAIL of a solution?
As director of the Wisconsin Advanced Internet Laboratory, Barford leads a network research group that is trying to develop a better Internet. To build an Internet that can defend itself, the group has taken on several projects, including DOMINO (intrusion detection and monitoring) and the Global Environment for Network Innovations (GENI) project. GENI, funded to the tune of $350 million over 10 years, will attempt to learn more about malicious activity by compiling data on Internet attacks.
That will take some cooperation from anti-virus companies, which is starting to occur. Meantime, the comprehensive approach to security already is available to people and companies.
“I think that right now we have a significant lack of deployment of security in networks,” Barford said, “and as we move forward with deploying the latest technology in networks, this wholistic approach to security is something that’s really going to solve a lot of problems.”