|Mark T. Edmead|
Since this is the last column for 2002, I thought it might be appropriate to give you my computer and Internet security predictions for 2003. In 2002 we saw an increase in attacks to the actual Internet infrastructure. Take the recent attack to the 13 root name servers' Domain Name System (DNS). This distributed denial-of-service (DDoS) attack was aimed at the master directory for the Internet. The root servers, about 10 of which are located in the United States, serve as a sort of master directory for the Internet. DNS, which converts complex Internet protocol addressing codes into the words and names that form e-mail and Web addresses, relies on the servers to tell computers around the world how to reach key Internet domains. I predict we'll see more attacks on the core of the Internet.
Don't get me wrong; public and government Web sites and infrastructures will still be the target of attacks. But my feeling is that attackers (individuals or collaborated efforts) will be targeting the actual Internet infrastructure. If you think about it, it makes sense. For many years, in the security courses I teach we ask, What would you do to bring down the Internet? How much damage would it cause the economy? Attackers are no longer interested in bringing down a few Web sites. Now they're attacking the core Internet infrastructure. According to Alan Paller, Director of the SANS Institute, in their weekly newsletter, "The only way to stop such attacks is to fix the vulnerabilities on the machines that would ultimately get taken over and used to launch the attacks. There's no defense once the machines are under the attacker's control. If organizations have not established vulnerability identification and remediation program for all their systems -- even the "unimportant" ones -- it won't be long before their foot dragging will subject them to economic liability and community contempt for their negligence."
This brings up another prediction. We'll still continue to purchase and use hardware/software products with known vulnerabilities, and we'll continuously patch these systems to close these vulnerabilities as they become known. The problem is, we'll always be one step behind. System patch management will become an increasingly important issue and if the security administrator doesn't keep up with system patches, the systems will be left wide open to hacker attacks. Because most system patches (hotfixes and service packs) require system reboot, it's most likely that the most critical servers' patch levels will not be up to date. Many critical servers need to be up and running 24/7 and rebooting every time a patch is applied, but this isn't always an option. Ironically, it's these critical servers (e.g. DNS, Web, SMTP) that need to have the latest patches since these are the systems hackers will most likely target.
I also foresee an increasing interest in computer forensics. There have been many high-profile criminal and civil cases that involved computer forensic specialists gathering critical evidence used by the prosecution. Other areas of growing interest are computer privacy issues and personal identity protection. We'll see an increase in cheaper security appliances (personal firewalls) and many security appliances that perform more than one function (e.g. firewall, IDS, antivirus software all-in-one devices) will be developed. The increasing security certification trends will also continue, with new certifications being offered while existing certifications try to maintain their value.
I wish all of you happy holidays and a prosperous new year!
About the author
Mark Edmead, CISSP, SSCP, TICSA, Security+, is president of MTE Software, Inc. (www.mtesoft.com), and has more than 25 years of experience in software development, product development and network systems security. He is co-author of the book Windows NT: Performance, Monitoring and Tuning published by New Riders and editor of the SANS Business Continuity/Disaster Recovery Plan Step-by-Step Guide.
This was first published in December 2002