[80694] in North American Network Operators' Group
Re: Internet Attack Called Broad and Long Lasting by Investigators
daemon@ATHENA.MIT.EDU (Scott Weeks)
Tue May 10 02:19:03 2005
Date: Mon, 9 May 2005 20:16:09 -1000 (HST)
From: Scott Weeks <surfer@mauigateway.com>
To: nanog@nanog.org
In-Reply-To: <20050510053734.B11973BFFD5@berkshire.machshav.com>
Errors-To: owner-nanog@merit.edu
Eventhough this article wasn't specifically regarding network operations,
it does come down to the most fundamental of network operating practices.
Create policies and the procedures that enable those policies. Then
enforce them VERY strictly.
The crucial element in the password thefts that provided access at
Cisco and elsewhere was the intruder's use of a corrupted version of a
standard software program, SSH.
The intruder probed computers for vulnerabilities that allowed the
installation of the corrupted program, known as a Trojan horse
In the Cisco case, the passwords to Cisco computers were sent from a
compromised computer by a legitimate user unaware of the Trojan horse
Folks that handle sensitive info (proprietary code, personal info, HIPPA
FERPA, SOX, .mil, etc, etc) should be allowed to download software only
from company servers where all software has been cleared by folks that're
experts in evaluating software packages. Not from the general internet.
scott
