Should You Hack Your Own Network?

In case you hadn’t noticed, your network is under attack. You’re not alone, however: anything connected to the Internet is being continually probed for vulnerabilities, according to security experts.

“If you have a connection to the Internet,” says Jim Hurley, a vice president at the Aberdeen Group who follows security issues, “you’re being scanned all the time.”

Which is a good reason to regularly audit your network for unprotected openings. You can hire security consultants to run penetration tests — “pentests,” in security jargon — but that tends to be expensive. So is buying auditing software and running the tests in-house.

You can also do it yourself, using software available on the Web. A number of firms, such as Sygate Technologies, headquartered in Fremont, Calif., offer limited security scans for free.

Canadian firm SecuritySpace, based in Burlington Ontario, offers a more complete security check, with tests for over 1,000 different vulnerabilities. In addition to scanning Internet ports, the audit will test applications like Microsoft’s Internet Information Server (IIS) Web server for common vulnerabilities such as buffer overflows.

About one out of every three audits run on SecuritySpace turns up a high risk vulnerability, says Thomas Reinke, SecuritySpace’s director of technology. “High risk,” according to SecuritySpace, means a server could be used as a spam conduit, or is vulnerable to an actual break-in.

The company’s most comprehensive security audit costs $199. The company is able to keep the cost low, says Reinke, by providing the service as an ASP, and letting users run the test themselves.

In addition to holding costs down, says Reinke, scanning your own systems through SecuritySpace means users don’t have to worry about constantly updating security auditing software that they’ve purchased.

And staying up to date can be a challenge, as hackers constantly develop new methods of attack. “The hackers are becoming more sophisticated all the time,” says Aberdeen’s Hurley.

The latest challenge: Bugbear

The latest security challenge, according to Hurley, is “active internet content,” an insidious form of attack that invades systems by hiding in email or other files and then attacking a system from the inside.

One example is the Bugbear virus, which has been spreading rapidly since it first appeared on Monday.

The virus, which targets Microsoft Windows operating systems, has shown up in e-mail attachments, PowerPoint slides, Word files and other documents, says Hurley. It spreads both directly on networks, and by attaching itself to old email messages, which it then sends out at random. This can have the potentially embarrassing result of distributing email messages to unintended recipients.

As if that wasn’t bad enough, in attempting to propagate itself over local networks, the virus appears to send copies of itself to shared printers, causing them to spew out pages and pages of the virus’ binary code.

Once Bugbear has infected a computer, it shuts down antivirus and firewall software, and begins looking for passwords by logging keystrokes. It also opens a backdoor, allowing outsiders such as the virus’ author access to the system using nothing more than a Web browser.

Tools to remove Bugbear are available from Symantec and other security firms. SecuritySpace says its audits will detect the virus.

The next challenge to your network, however, is most likely just around the corner. So it’s important, says Reinke of SecuritySpace, to continually stay on top of security issues. One way to do that, he says, is to follow security forums such as Bugtraq.

“If there’s a problem, it will usually be announced on Bugtraq well before it becomes a serious issue on the Web,” he says, “and you’ll have had an opportunity to fix it.”

One of the exploits used by Bugbear, for example, takes advantage of a known bug in Microsoft’s Internet Explorer. A patch for the problem has been available from Microsoft since March 2001.