Services Winn Schwartau InfosecGate Home Site Map Contact
Interpact Security Awareness For Today's Business
   

Check out our FREE security awareness promotional art.  Download your copies today!

Security Awareness Promotional Art

 

 

Disarming On-Line Muggers

By Winn Schwartau
President and CEO, Interpact, Inc.

My first mugging was at age 12.

I was the muggee, not the mugger.

Living in New York, over the years I was held up at knifepoint several times, handed over my wallet and cheapo watch and then watched the bad guy scamper.

If I had the guts or the skill, I might have tried to take the knife away. If I had indeed succeeded in taking the knife away and the mugger was still threatening, I might have knifed him. In the court system that is called self defense.

Fast forward to cyberspace.

You are running a nice Web site. Making some money perhaps, and lots of visitors are seeing your message. Then, according to your perimeter intrusion detection device, some on-line goofball or criminal hacker is beating on your door. What are you going to do?

In September 1998 the Pentagon reacted to a browser-based denial-of-service attack by the hactivists Electronic Disruption Theater by using offensive applets to shut down the attacking browsers. Clean. Quick. Effective. But the Pentagon lawyers went ballistic within minutes. The techies defending the Pentagon servers had broken too many laws to enumerate -- including a military prime directive, "posse comitatus," which forbids the military from taking unilateral actions within the U.S. and against U.S. citizens.

In addition, by their action the techies had committed several computer-crime federal felonies for which hackers have gone to jail The simple truth is that it is illegal to disarm your on-line assailant. Doing so requires that you take some offensive action -- send out hostile applets, return fire with your own denial-of-service tools or anything else that will shut down the attack.

The net effect is that both the attacker and the victim (who is attacking back) are breaking the law.

At first glance it doesn't make any sense: If you can disarm a knife-wielding mugger, why can't you disarm your electronic mugger? Doesn't quite seem fair.

But in the physical world, you know who is mugging you. During the physical attack there is a person with a knife, and while you may not know his name or see his face, you are 100% sure that the knife you are (hopefully) taking away is in the hands of a bad guy.

In the networked world, though, you cannot be sure that the guy (IP address) that seems to be attacking you is really the one attacking you. For example, many of the zombie-based distributed denial-of-service attacks that occurred in February were traced back to universities and other benign networks which were merely unwitting hosts to remote-triggered Trojans located on their servers.

Hostile perimeter defense is a really tough problem, and right now the law protects the bad guys more than the good guys. I don't have a perfect solution to this conundrum, but a few thoughts do come to mind:

Let the industry design a set of hostile response tools that will stop an attack, but do minimal harm just in case a zombie is in the middle. Then, legalize the use of these tools in certain documentable cases.

Legalize hostile responses, and zombie'd computers in the middle be damned if their computer security is so bad that their networks can be so compromised by the bad guys.

Build a hardened back-channel on the Internet which will provide fast routing so that trace-back and bad-guy ID is easier, faster, and with the cooperation of the ISP community, automatic.

Develop an Internet-based Caller ID system so that Web sites know who's there, what they're doing and can ignore all anonymous requests.

Do nothing, and let the bad guys continue to win.

So, in the spirit of the networked community, I'm asking Network World readers to help out by answering this question: "What do you think is a fair and efficient way of disarming on-line assailants to protect your network?"

Be creative, let loose; write laws or design technology. And send me your ideas. Maybe together we can get something done.

Winn Schwartau's Writing and Publications
Interpact's Security Services and Solutions
Interpact's Security Awareness Brochure
Online Information Security Library
Learn more about Interpact, Inc. Learn More About Interpact:
E-mail
Phone
Fax
727.393.6600
727.393.6361
727.796.8484
727.393.6361

CORPORATE OVERVIEWSERVICES & SOLUTIONSWINN SCHWARTAU
INFOSEC GATEWAYCONTACTHOME

Copyright © 2000-2001 Interpact, Inc. All Rights Reserved
For comments about this page, contact: Kelley Walker, Interpact, Inc.
Copyright PolicyPrivacy Policy

Interpact Inc Security Awareness

eRibbons are courtesy of Alon Cohen and are available at http://people.bu.edu/xrpnt/ribbons/ribbon.html/ CURRENT EVENTS READING: Asymmetrical Adversarialism by Winn Schwartau NEW: Internet and Computer Ethics for Kids by Winn Schwartau Free! Download the 1st edition of Schwartau's classic: Information Warfare Cybershock: Schwartau's guide to protecting yourself on the Internet