article page
| 1 | 2 | 3 |
sites, causing outages, was a “pilfered five-year-old worm … under the control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.” In the weeks since, it has come to light that, while North Korea may have been behind the attacks, none of the activity can be traced back to anyone inside North Korea. It is likely that the perpetrator was someone sympathetic to North Korea residing outside of that nation.
So, certainly, attacks are becoming more advanced, or are at least capable of becoming more advanced, but the case of the 5-year-old worm and the (possible) weekend-warrior hacker prove that an attack doesn’t have to be sophisticated to cause serious concern and drum up fears of an impending cyber war.
|
|
An attack doesn’t have to be sophisticated to cause serious concern. |
|
matter with you?’” Lancaster said that the panelists looked at one another for a little while until one of the panelists came back with the answer that “security is table stakes.” Of course, they said, it’s mission-critical, but everyone knows that and it isn’t worth talking much about.
However, is that the case? Is security a given and not necessarily worth further discussion? Lancaster didn’t seem to buy that answer, and I don’t think many in the OSS/BSS world would, either. The truth is that not all networks and all systems are protected as well as they should be, but who would ever
|
|
|
|
Furthermore, threats are becoming much easier to become exposed to. Noted iPhone hacker and security consultant Charlie Miller spoke at the Black Hat conference in Las Vegas July 30, and demonstrated how a malicious SMS text can disable an iPhone, and a series of texts can, effectively, take the phone over. The attack is particularly insidious because all a hacker would need would be the phone number of an iPhone user, which is readily available.
Cracking the problem
So what are service providers doing about this combination of new threats and old threats that seem determined to continue their destructive habits? Well, whatever they’re doing, they’re not talking about it an awful lot. Barbara Lancaster, an analyst with LTC International and a Contributing Editor with Pipeline relates a story from a recent panel discussion at a conference she attended. “For about an hour and a half, the panelists talked about everything but security,” said Lancaster. “When the Q&A came around, someone stood up and said ‘I work in security, and none of you has said a word about security. What’s the
|
|
use security as a differentiator? Trevor Hayes, also with LTC International, pointed out that “in order to say that your security is better than everyone else’s security, you’d have to point to specific examples, and, by doing so, expose weakness.” No one wants to do that, so security remains the elephant in the room.
However, that’s not to say that some firms aren’t working diligently on the issue. In addition to Narus, firms like Openet, Sandvine, Zeugma, Camiant, and others are exploring the security and lawful intercept side of network monitoring all the time, attempting to increase visibility to ultimately allow service providers to eliminate threats. “We see more and more network monitoring solution vendors leveraging their network monitoring capabilities and moving into the network and application security analysis area,” said Narus’s Niles. “Their installed base of network monitoring technology provides the network instrumentation or data collection upon which the new security analysis applications can be built. These applications can co-exist with the quality assurance and similar existing applications.”
article page
| 1 | 2 | 3 |
|
|