|
Home > Archive > Certifications and IT jobs/Salaries > November 2002 > How secure is IT security networks
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How secure is IT security networks
|
|
| onoski 2002-11-13, 9:05 am |
| Having just read this article which caught my attention it goes to prove that no network is 100% secure. Have a read about this article below. These are meant to be the tops of tops in the world when it comes to security but has been turned into a mockery. Enjoy the read:
London system administrator faces extradition for hacking US military
Wednesday 13 November 2002
An unemployed computer systems administrator from north London is facing extradition to the US. He was accused of exploiting known vulnerabilities in Microsoft's Windows operating system to hack more than 100 US government, military and corporate networks.
Gary McKinnon, 36, from north London, faces eight charges of computer fraud resulting from a year-long hacking spree. The indictment alleges that McKinnon, known by his hacker name "Solo", broke into and damaged 92 computers belonging to the Pentagon, US Army, Navy, Air Force and NASA, as well as six systems owned and operated by private companies.
Once inside a network, McKinnon was alleged to have installed remote administration and hacker tools, copied password files and other sensitive but unclassified files and deleted user accounts and other critical system files.
In at least one instance, McKinnon's hacking activity allegedly caused a major military network in Washington to shut down for three days in February. The losses stemming from his hacking are estimated to be $900,000 (£567,000), according to the indictment.
"The significance of this case is that [with] his access to these records, he was able to impair the integrity of the data on these systems," said Paul McNulty, US attorney for Virginia, who brought the charges.
McKinnon allegedly "scanned tens of thousands of systems" before taking advantage of known vulnerabilities in Windows systems installed on the targeted computers.
The indictment charges McKinnon with hacking into a computer used by the US Naval Weapons Station that was used by the Navy to monitor the identity, location, physical condition, staffing, battle readiness and resupply of Navy ships.
Between April and June 2001, McKinnon allegedly stole 950 passwords stored on seven servers connected to the NWS network and used that access to damage and force the shutdown of the NWS system on 23 September, two weeks after the 11 September terrorist attacks. | |
| ccieToBe 2002-11-13, 3:46 pm |
| quote:
Originally posted by onoski
McKinnon allegedly "scanned tens of thousands of systems" before taking advantage of known vulnerabilities in Windows systems installed on the targeted computers.
It doesn't take a genius... | |
| CoffeeFreak 2002-11-13, 4:07 pm |
| a port scanner and known vulnerabilities in Windows systems  big surprise | |
|
| Gary Mckinnon is an unemployed computer programmer | |
| onoski 2002-11-14, 1:53 am |
| Replies from anti microsoft guys, I still think there is vulnerabilities in every operating system | |
| ccieToBe 2002-11-14, 2:31 am |
| quote:
Originally posted by onoski
Replies from anti microsoft guys, I still think there is vulnerabilities in every operating system
I'm not anti-Microsoft. IMO Windows has its place on desktops protected from the outside world. Leaving a Windows system with valuable data exposed to the world is asking for trouble IMO. Yes, every OS either has or had security holes. Consider this though - OpenBSD has had one remote hole in the last 5 years. Compare that to any Windows variant and you're looking at orders of magnitude difference. | |
| onoski 2002-11-14, 5:41 am |
| Originally posted by ccie
I'm not anti-Microsoft. IMO Windows has its place on desktops protected from the outside world. Leaving a Windows system with valuable data exposed to the world is asking for trouble IMO. Yes, every OS either has or had security holes. Consider this though - OpenBSD has had one remote hole in the last 5 years. Compare that to any Windows variant and you're looking at orders of magnitude difference.
qoute and qoute, but I see your point. | |
| huntert 2002-11-19, 6:18 pm |
| network security is not just based on an OS, you need to focus on the layers of security. you need to have your border router have some decent ACLS...next your FW should be very uptodate with its OS n patches and ACLS and design a scheme that will understand your network settings..
you need to restrict your network to the outside world as much as possible and cover you smtp,ftp, dns servers as much as possible = dmz
patch up your host supercomputers and restrict as much permissions as possible= hardening host OS.
secure all client pcs with fw...anti-virus..patches = hardening client OS .
Setup a policy for all internal users and things should be a little safer and secure.
there are many layers to securing a network..planning is never ending...
goodluck. | |
|
| Never secure as long as they are open to public. | |
| ruscorp 2002-11-23, 3:14 pm |
| quote:
Originally posted by Kasor
Never secure as long as they are open to public.
Agreed! | |
| huntert 2002-11-25, 1:27 am |
| ofcourse its not 100% secure if its open to public..if it was 100% closed to public there would be no business  | |
| revcop 2002-11-29, 12:45 am |
| Networking experts choose one of two paths.
Security or hacking.
There never is one without the other.
For every top security guru that comes along, there is a genius hacker waiting... |
|
|
|
|