Fending Off a Vicious Attack

Guest columnist Phil Hollows describes a hypothetical virus attack on a company's email system. Sound possible? Sound familiar? Take a look at what you can do to make sure it doesn't happen to you.

 By Phil Hollows
Page 1 of 2
Print Article

Third shift at the Network Operations center is a quiet time, well suited for the engineer types who understand and speak the language of machines.

Let's take a look at what could easily happen on any given 'third shift' at any company, in any industry, around the country.

Traffic in the wee hours of the morning is sparse, and the night thus far has passed uneventfully. Administrators joke with each other and share the usual gripes about work. Tonight's concern focuses on a new software vulnerability found in an email program used by the company's worldwide offices. This means that in the near future the technicians will have to exhaustively test and set another code patch into the system. But for now, all is well and the skeleton IT crew feels fairly safe.

And for good reason.

The company has invested heavily in IT security. The latest firewalls and intrusion detection systems are keeping the network's perimeter secure, and IT managers will discuss new threats and the email patch roll-out during Monday's staff meeting. A good plan will have to be developed to tackle that task. Merely applying an untested patch to the critical email servers is a risk the IT staff can't afford. They know because they've been burnt too many times before.

Normally, these concerns would pass as the shift grinds on, but tonight the issue with the messaging servers gnaws at them.

The firewalls were programmed to let all email traffic through and that leaves a wide gap in their defenses. Email is essential to the company's business and attacking it could, in theory, reach every server in the company.

Just as the IT crew is mulling over the email problem while working on their nightly duties, a hacker somewhere in Eastern Europe hits 'Enter' and releases a new worm into the wild. The mass-mailing worm spreads quickly, doubling the number of infected machines every 10 seconds. Unlike Slammer, a worm that simply replicated itself, this worm's payload is much more devastating.

A simple yet elegant piece of code, the multi-threaded worm is able to execute multiple tasks in parallel — a devastating double threat that first looks for targets to infect while, at the same time, examining stored messages on infected machines. This second threat could identify external email addresses and forward all stored messages from the infected server to anyone and everyone.

Nothing is safe.

Sensitive intellectual property could be made public and mailed to competitors; product plans, account information, and customer interactions could be exposed; and state and federal disclosure and securities and privacy statues could be violated. All of the company's information is fair game. It could be culled and mailed anywhere with abandon.

Page 2: Protect Yourself

This article was originally published on Nov 21, 2003
Get the Latest Scoop with Networking Update Newsletter