Security: No Blanket Solution

[William Knowles <wk () C4I ORG>]

http://www.wired.com/news/politics/0,1283,36223,00.html

by Elisa Batista
2:40 p.m. May. 9, 2000 PDT

MENLO PARK, California - Government officials and high-tech business
leaders met Tuesday to brainstorm about ways to stop hackers in their
tracks.

Prompted by the recent spate of denial-of-service attacks, along with
last week's Love Bug worm, two technology firms sponsored the
"Internet Defense Summit" and introduced their own solutions to
prevent future break-ins. Meanwhile, Senator Fred Thompson
(R-Tennessee) introduced legislation at the conference that would
require the federal government to increase its own security against
hackers.

Calling the increase in computer-related crimes a "national security
risk," Thompson drafted the Government Information Security Act. The
bill, approved Tuesday by the Government Affairs Committee that
Thompson chairs, requires yearly reviews of all federal agencies'
computer systems and asks managers of those systems to prove they
work.

Acknowledging that the recent Love Bug worm crippled Capitol Hill in
several ways, Thompson said the government is ill-equipped to combat
hackers but that it cannot and should not regulate the high-tech
industry to do so.

Thompson said the government can only help beef up computer security
by increasing the number of high-tech workers allowed into the country
on H-1B visas; by offering tax breaks to private companies that come
up with security solutions; or by enforcing the existing laws against
offenders.

However, Thompson acknowledged that it is a difficult task for the
government to enforce the law because the number of computer-related
crimes "quadrupled" in the last three years, while the number of
prosecutors remained stagnant.

"We don't yet know how to run our own shop," he said.

Most of the speakers at the summit agreed with Thompson that the
private sector should be responsible for regulating and protecting
itself.

Keynote speaker Ray Kendall, secretary general of Interpol, said that
because the Internet is international territory, the proposed
guidelines cannot be implemented worldwide.

Instead, each country should be responsible for adopting and enforcing
its own regulations for computer-related crimes, he said.

Conference sponsors, the Stanford Research Institute and its
e-business spinoff, consulting firm AtomicTangerine, introduced their
own prevention solutions.

SRI unveiled Emerald, a host-based intrusion-detection suite of
applications. The detection-censor component of Emerald, which runs on
Sun Microsystems SPARC servers, can be downloaded for free.

AtomicTangerine also unveiled security software at the conference.
NetRadar, which is available free of charge as well, goes beyond
currently available solutions by offering more than a filter that can
defend a system against certain cyber-attacks, said CEO Jonathan
Fornaci.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".