Firewalls Help Protect Internet From Attack of the Hackers
PITTSBURGH — THE growing popularity of the Internet has a darker side. As more users hook up to it, the number of security breaches is rising. Computer hackers have lost no time tapping into this prototypical information highway.
* Hackers in recent months have broken in to a number of Internet sites and stolen passwords. On Feb. 3, the Computer Emergency Response Team suggested that Internet users worldwide change their passwords. CERT, based here at Carnegie Mellon University, advises users about Internet security breaches.
* As if to underscore the problem, hackers this month made available over the Internet a copy of the United States National Security Agency's employee manual. The secretive NSA says the document is unclassified, although someone would have to file a Freedom of Information Act request to get it.
* In all, there have been more than 1,300 Internet security incidents since 1993 - an average of 111 a month, a CERT official recently told Congress.
The potential for abuse is particularly acute for companies hooking up to the Internet.
``There's a prevailing attitude that information should be free and accessible,'' says Robert Bales, executive director of the National Computer Security Association in Carlisle, Pa.
``However, as you start processing business data and critical applications, you can't afford that kind of attitude,'' he adds.
Thankfully, most companies appear to be taking precautions, security experts say.
``As far as I know, they are saying without exception: `Don't e-mail your credit-card number to us,''' says Steven Bellovin, a member of AT&T Bell Labs technical staff and co-author of an upcoming book called ``Firewalls and Internet Security: Repelling the Wily Hacker.''
Firewalls are some of the most important security mechanisms. They typically are computers that act as gateways between a company's computer network and the Internet, channeling all information coming in and going out. When a piece of data doesn't fit the gateway's criteria, it doesn't go through.
``The way to keep hackers out is to stop them at the front door,'' Mr. Bellovin says.
About three years ago, a hacker tried to penetrate Bell Labs' system using an old hole that most sites on the Internet had fixed. Thanks to some special software, Bellovin's colleague and co-author, William Cheswick, noticed that the hacker was trying to print out a version of Bell Labs' password file. Since he had on hand a fake password file, Mr. Cheswick made it available, giving the hacker the mistaken impression he had cracked the system.
For months, Cheswick and Bellovin strung the hacker along. They set aside a special area of the computer, monitored his techniques, even gave him a code name: ``Burford.'' The scientists also notified authorities. But because the hacker was from the Netherlands, he could not be tracked down.
Later, the New York Times broke a story about the Dutch hackers and mentioned a number of Internet sites they had penetrated. But the story did not mention Bell Labs. So ``Burford'' and his friends began to try using the AT&T computer as their base of operations. One night, Bellovin says, the group went after some 200 computers, mostly US government and military sites on the Internet. Only a couple of sites noticed the suspicious activity.
``This is not a very reassuring thing that 1 percent of military sites noticed that someone was trying to break in,'' Bellovin says.
Until a few months ago, protecting one's Internet site meant having to build a security system from scratch. Now, several companies have come out with ready-made systems and business is booming.
CommerceNet, a new Silicon Valley network, is likely to spur new Internet security measures. It aims to get companies to conduct business over the Internet, using encryption (scramblilng of data) to protect information.
``We're going to have systems that are more fraud-resistant than our traditional systems,'' encouraging use of Internet, says Allan Schiffman, principal architect of the network.