IBM sharpens security offerings

By Stephen Ballantyne

Friday 12th May 2000

COUNTER ATTACK: Cal Slemp

Last week's virus panic is not the worst that could befall your computers, according to Cal Slemp, IBM's director of trust and e-commerce services.

In Auckland this week to launch two new security services offered by the company, Mr Slemp claims security concerns are a major impediment to the adoption of more sophisticated e-business solutions.

A survey conducted by Business Week found 80% of US businesses rate security issues as the main impediment to their take-up of internet-based business; hardly surprising, given that Mr Slemp can also quote another survey, this one conducted by the FBI, that shows 70% of on-line US businesses reported they were subjected to serious hacker attacks last year.

That's a slight increase over the year before; furthermore, it doesn't include virus attacks or theft of laptop computers, and the FBI suspects many businesses are too embarrassed to report all the security attacks they've been subjected to.

Mr Slemp has a collection of well-hacked websites, some of which he admits he would probably have found amusing were he closer in age to the hackers responsible. You may have heard that Universal's Jurassic Park 2 website was hacked to replace pictures and references to dinosaurs with ducks; Mr Slemp estimates that such playful vandalism accounts for about 75% of hacker attacks and is mainly perpetrated over weekends by the internet equivalent of joyriders looking for something to boast to their friends about on Monday.

Slightly more serious is the example set by the Kriegman website. Kriegman, a leading US furrier, had its site cracked by animal rights advocates who replaced much of the content with anti-fur messages.

Such deliberately antagonistic attacks make up about 24% of hacking, according to Mr Slemp. The remaining 1% is made up of serious industrial saboteurs and spies - the almost mythical professionals working for hire, their activities funded by competing businesses.

"How do you prepare for the onslaught that is going to eventually come when you put your business on-line," Mr Slemp asks rhetorically. The answer, as far as he's concerned, is provided by IBM's Security Investment Benchmark service, and by its Internet Emergency Response service. The Security Investment Benchmark service will analyse a business's existing system for vulnerability and rate its security against the standards of the industry, standards set by international bodies, and IBM's own security guidelines.

On request, an "ethical hack" can be instituted - an attempt to hack into a system using the most advanced hacker techniques, but with the before permission of the client. For this, IBM uses a cadre of experienced hacking experts, although Mr Slemp is careful to note IBM doesn't employ any "former" hackers - he is confident IBM's professionals are easily a match for amateurs of proven flakiness.

The lightest ethical hack is a simple attempt to break into the client's system via the internet, using nothing but the resources available to anyone. The next level is the same but also includes a physical search of the client's premises for security breaches such as passwords hidden under mouse pads and the like. The top level is an all-out assault on the client's system using any means available - Mr Slemp wouldn't specify what this involves.

IBM also offers its Internet Emergency Response service - security checks and monitoring to detect attempts to breach network security, and around-the-clock security experts to respond to any attempts to break into client systems.

Network security is a serious business - Mr Slemp notes two people in China were sentenced to death for hacking last year and although he shows no sign of either approval or disapproval of this, those whose systems have been compromised by hackers might well feel the Chinese government is being unnecessarily soft.

Comments from our readers

No comments yet