Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual page 16

4
Kevin Poulsen and an unknown accomplice rig radio station phone systems to win cars and cash
•
prizes. He is convicted for computer and wire fraud and is sentenced to 5 years in prison.
The stories of cracking and phreaking become legend, and several prospective crackers convene at
•
the annual DefCon convention to celebrate cracking and exchange ideas between peers.
A 19-year-old Israeli student is arrested and convicted for coordinating numerous break-ins to US
•
government systems during the Persian-Gulf conflict. Military officials call it "the most organized
and systematic attack" on government systems in US history.
US Attorney General Janet Reno, in response to escalated security breaches in government systems,
•
establishes the National Infrastructure Protection Center.
British communications satellites are taken over and ransomed by unknown offenders. The British
•
government eventually seizes control of the satellites.
1.1.3. Security Today
In February of 2000, a Distributed Denial of Service (DDoS) attack was unleashed on several of the
most heavily-trafficked sites on the Internet. The attack rendered yahoo.com, cnn.com, amazon.com,
fbi.gov, and several other sites completely unreachable to normal users, as it tied up routers for several
hours with large-byte ICMP packet transfers, also called a ping flood. The attack was brought on
by unknown assailants using specially created, widely available programs that scanned vulnerable
network servers, installed client applications called trojans on the servers, and timed an attack with
every infected server flooding the victim sites and rendering them unavailable. Many blame the attack
on fundamental flaws in the way routers and the protocols used are structured to accept all incoming
data, no matter where or for what purpose the packets are sent.
This brings us to the new millennium, a time where an estimated 400 Million people use or have used
the Internet worldwide. At the same time:
On any given day, there are approximately 225 major incidences of security breach reported to the
•
CERT Coordination Center at Carnegie Mellon University. [source: http://www.cert.org]
In 2002, the number of CERT reported incidences jumped to 82,094 from 52,658 in 2001. As of
•
this writing, the number of incidences reported in only the first quarter of 2003 is 42,586. [source:
http://www.cert.org]
The worldwide economic impact of the three most dangerous Internet Viruses of the last two years
•
was estimated at US$13.2 Billion. [source: http://www.newsfactor.com/perl/story/16407.html]
Computer security has become a quantifiable and justifiable expense for all IT budgets. Organizations
that require data integrity and high availability elicit the skills of system administrators, developers,
and engineers to ensure 24x7 reliability of their systems, services, and information. To fall victim to
malicious users, processes, or coordinated attacks is a direct threat to the success of the organization.
Unfortunately, system and network security can be a difficult proposition, requiring an intricate knowl-
edge of how an organization regards, uses, manipulates, and transmits its information. Understanding
the way an organization (and the people that make up the organization) conducts business is paramount
to implementing a proper security plan.
1.1.4. Standardizing Security
Enterprises in every industry rely on regulations and rules that are set by standards making bodies such
as the American Medical Association (AMA) or the Institute of Electrical and Electronics Engineers
(IEEE). The same ideals hold true for information security. Many security consultants and vendors
agree upon the standard security model known as CIA, or Confidentiality, Integrity, and Availability.
Chapter 1. Security Overview