7 Myths About Network Security

Just because you've installed a firewall and use anti-virus and anti-spyware tools doesn't mean you're safe from attack. We explode seven security myths, and provide you with tips for staying safe.

Not so, says Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, an analysis and warning service that publishes warnings about security vulnerabilities and bugs. He warns that Web servers that haven't been updated or patched recently are a common point of entry for hackers. "A lot of old versions of Apache and IIS (Internet Information Server) are attacked with buffer overflows," says Ullrich.

A buffer overflow is what happens when a memory space gets overstuffed with more information than it can handle. The extra information has to go somewhere, and a hacker can exploit the vulnerabilities in various systems to have the extra information go where it wasn't intended. While both Microsoft and Apache.org issued patches years ago to fix buffer overflow issues, the old systems are still out there.

Myth #4: Macs Are safe

Many users also believe that their Mac systems, like legacy systems, are not vulnerable to attack by hackers. Many Macs, however, run Windows programs such as Microsoft Office or are networked with Windows machines, which could expose Macs to the same kinds of vulnerabilities that Windows users experience. As security expert Gary McGraw, CTO of Cigital, posits, "it's only a matter of time" before cross-platform viruses that target Win32 and OS X appear.

The Mac OS X environment is vulnerable too, even without running Windows software. Symantec recently issued a report that found 37 vulnerabilities had been identified in Mac OS X in 2004 and warned that such vulnerabilities could become more of a target for hackers, especially as Mac systems grow in popularity. In October 2004, for example, hackers created a script called Opener that disables the Mac OS X firewall, retrieves personal information and passwords, creates a back door for remotely controlling the Mac, and potentially erases data.

Myth #5: Security tools and software patches make everybody safer

Some tools allow hackers to reverse-engineer patches that Microsoft distributes through its Windows Update service. By comparing the changes in the patch, the hacker can see how the patch is trying to work around a particular vulnerability and then determine how to take advantage of it.

"New tools are developed every day around the same basic theme of scanning for vulnerabilities," said Marty Lindner, team leader for incident handling, CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute. "You scan the Internet and make an inventory of what's vulnerable. You write tools that assume every machine is vulnerable to a particular vulnerability, and then just try it. There are vulnerabilities in everything. Nothing is perfect."

Among the ubiquitous tools being used by hackers is Google, which can search for and find vulnerabilities in Web sites, such as server log-in pages left in their default states. Google has been used to look for unsecured Webcams, network vulnerability assessment reports, passwords, credit card accounts, and other sensitive information. The Santy worm and a new MyDoom variant recently exploited Google hacking capability. Websites such as Johnny.IHackStuff.com have even begun to spring up that contain links to a widening array of potential Google hacks. (See How To Stop Attacks That Use Google for one way to fight such attacks.)

Earlier this year, McAfee released an update of its SiteDigger 2.0 tool with new features that determine whether a site is vulnerable to Google hacking. While the tool is supposed to be used by administrators to test their own networks, hackers could potentially employ the software to probe any site for vulnerabilities.

2 of 3