Y2K gives some admins a security education

[mea culpa <jericho () DIMENSIONAL COM>]

Forwarded From: darek.milewski () us pwcglobal com

Y2K gives some admins a security education
By Carol Sliwa
01/01/2000

The threat of online assaults had IT staffs on guard, but midnight came
and went without any serious security problems cropping up, according to
experts monitoring systems.

"Nobody in their right mind would have tried to hack last night," said
Mike Higgins, president of Alexandria, Va.-based Para-Protect Inc., a
commercial security incident response company that lists large banks and
high-technology firms among its clientele. "There were magnifying glasses
on every single anomaly that took place with the network, and that alone
would have caused whoever would have hacked to be caught very quickly."

Higgins said that, "if anything," his company saw less activity than usual
last night. "The constant level of, if you will, hacker noise on the
network went to a significant low for us."

The last 24 hours also were quiet for Stephen Northcutt, who did Y2K
cyberattack monitoring for the Global Incident Analysis Center, which is
part of the System Administration, Networking and Security Institute
(SANS) in Bethesda, Md. But all the increased monitoring and information
sharing did serve to give Northcutt a heightened awareness of the "size
and breadth" of a non-Y2K-related security issue involving remote
procedure call attacks on Unix systems.

Northcutt said hackers have been trying to break in to Sun Microsystems
Inc.  Solaris computers -- and possibly other Unix-based computers -- to
plant software that will allow them to take control of those computers for
some time.  "We don't know how long it has been this sophisticated. I have
data going back two years, but I had no idea whatsoever of the breadth I
was dealing with. In fact, I'm still coming to grips with it," he said.

"When I figured it was one or two attacks, it was 15 -- and that's a long
way to be off. That's what you call an education," Northcutt said. He
added, "It's almost embarrassing that we didn't know before."

Another beneficial effect of Y2K monitoring was the increased awareness
level among consumers and corporations regarding security issues, said
Vincent Weafer, director of Symantec Corp.'s AntiVirus Research Center in
Santa Monica, Calif.  "We've got people thinking the right way,
implementing the right software, asking the right questions," Weafer said.

"People will have new viruses next week, because traditionally at the
beginning of January virus writers release them," Weafer said. But so far,
he's seen nothing out of the ordinary and doesn't expect to see anything
major in the short term. "Definitely not as bad as the doomsayers are
saying," Weafer added.

Bill Pollak, a spokesman for the Computer Emergency Response Team in
Pittsburgh, also reported no significant Y2K virus reports. "We're going
to be watchful Monday and Tuesday, since a lot of people will be coming
back to work. If there are virus outbreaks, they're more likely to make
themselves known to us Monday and Tuesday."

ISN is sponsored by Security-Focus.COM