- Email: [email protected]
Sentry cuts access to naughty bits
Computers & Security, Vol. 14, No. 7
two encrypting firewalls. Communications 2, 1995, p. 8.
Week, October
Underground tools aid fledgling hackers, Mitch Wagner and Gary Anthes. If you want a software kit to walk you through the takeover of a corporate information system, a user-friendly point-and-click package for hacking a telephone system or an automated Unix utility to break in to computers over the Internet, underground Internet sites and bulletin boards are the places to get them. Computer piracy tools are undergoing a revolution in automation and ease of use. The new generation of tools allow even the most simple-minded fledgling cyberpunk to break in to sophisticated systems. For example, a new kind of war dialler which automatically dials a range of phone numbers looking for hacking opportunities - features and point-andclick interface which is extremely user-friendly. Menus allow users to choose whether they want to hack into private branch exchanges, computer modems or longdistance carriers. One new tool available recently is ‘rootkit’, a package of software utilities and documentation designed to walk even a beginner through taking over a target machine. Another tool, a command-line Unix utility, automates IP spoofing. And there are at least two graphical tool benches for writing PC viruses. Users should stay up to date on security journals, newsgroups and training. There is also ‘attack scanning’ software, such as Pingware from Bellcore and Internet Security Scanner from Internet Security Systems Inc, both of which automatically scan systems and produce reports showing where security holes need to be plugged. Computenuorld, November 13, 1995, p. 1, 159. Oracle extinguishes ‘Net security fears, Karen Rodriguez. Oracle Corp. has announced a relationship with seven firewall vendors in a move that resolves a major hurdle to providing secure, authorized access to Oracle databases from the Internet. Oracle has assembled an end-to-end system for enabling communications and commerce over the Net, including the Oracle Web Server, Oracle Web Station browser and Oracle Web Agents. The company confirmed it has licensed Sun Microsystems Inc.? Java technology. The company has also made a firewall announcement involving Checkpoint Systems Inc, Digital Equipment Corp, Raptor Systems Inc, Secure Computing Corp, and SunSoft Inc -addressing user concerns about exposing
their mission-critical of the security risk.
databases to the Internet because
Oracle is providing firewall vendors with a Structured Query Language proxy and client/server software that includes controls for limiting access to corporate databases. Oracle’s push to integrate the Web with its database technology is an opportunity for end users to go directly through an Internet firewall to access applications located on the corporate network. Typically, allowing such access would create a large hole in the firewall, exposing corporations to attacks from hackers. Another key component to Oracle’s security strategy is its Secure Network Service, end-to-end encryption software that runs across the Internet and firewall, giving customers the ability to directly access Oracle databases with an intelligent browser. Communications Week, October 23, 1995, p. 5. Sentry cuts access to naughty bits, Mitch Betts. There is an industrial-strength Internet filtering software specifically geared to businesses. Microsystems Software Inc. in Framingham, Massachusetts, USA, recently began shipping Cyber Sentry, which helps network administrators enforce company Internet usage policies. For example, a company that uses Cyber Sentry could block employee access to sex, gambling and sports sites during the workday, but allow access to sports information after work hours. The ‘CyberNot’ list of blockable addresses is split into categories such as nudity, racism, gambling, cults, drugs and militant/extremist. The list is updated weekly and can be downloaded to the network administrator’s workstation. The software can also block access to unknown Internet addresses and keep an audit trail that can be used to look for patterns or to assign departmental billing. Some employees have complained about ‘big brother’ surveillance, but blocking certain Internet sites is no different from business policies that prohibit employee telephone calls to 900 numbers. CyberSentry can also be used to help keep track of the time spent on Internet-based research. Computenuorld, November 13, 1995, p. 66. How secure is security? Beth Davis. Recently publicized security breaches have raised questions as to how strong current security offerings really are, and there is little to assure network managers that the products they buy will do what they promise. Security companies are
615
two encrypting firewalls. Communications 2, 1995, p. 8.
Week, October
Underground tools aid fledgling hackers, Mitch Wagner and Gary Anthes. If you want a software kit to walk you through the takeover of a corporate information system, a user-friendly point-and-click package for hacking a telephone system or an automated Unix utility to break in to computers over the Internet, underground Internet sites and bulletin boards are the places to get them. Computer piracy tools are undergoing a revolution in automation and ease of use. The new generation of tools allow even the most simple-minded fledgling cyberpunk to break in to sophisticated systems. For example, a new kind of war dialler which automatically dials a range of phone numbers looking for hacking opportunities - features and point-andclick interface which is extremely user-friendly. Menus allow users to choose whether they want to hack into private branch exchanges, computer modems or longdistance carriers. One new tool available recently is ‘rootkit’, a package of software utilities and documentation designed to walk even a beginner through taking over a target machine. Another tool, a command-line Unix utility, automates IP spoofing. And there are at least two graphical tool benches for writing PC viruses. Users should stay up to date on security journals, newsgroups and training. There is also ‘attack scanning’ software, such as Pingware from Bellcore and Internet Security Scanner from Internet Security Systems Inc, both of which automatically scan systems and produce reports showing where security holes need to be plugged. Computenuorld, November 13, 1995, p. 1, 159. Oracle extinguishes ‘Net security fears, Karen Rodriguez. Oracle Corp. has announced a relationship with seven firewall vendors in a move that resolves a major hurdle to providing secure, authorized access to Oracle databases from the Internet. Oracle has assembled an end-to-end system for enabling communications and commerce over the Net, including the Oracle Web Server, Oracle Web Station browser and Oracle Web Agents. The company confirmed it has licensed Sun Microsystems Inc.? Java technology. The company has also made a firewall announcement involving Checkpoint Systems Inc, Digital Equipment Corp, Raptor Systems Inc, Secure Computing Corp, and SunSoft Inc -addressing user concerns about exposing
their mission-critical of the security risk.
databases to the Internet because
Oracle is providing firewall vendors with a Structured Query Language proxy and client/server software that includes controls for limiting access to corporate databases. Oracle’s push to integrate the Web with its database technology is an opportunity for end users to go directly through an Internet firewall to access applications located on the corporate network. Typically, allowing such access would create a large hole in the firewall, exposing corporations to attacks from hackers. Another key component to Oracle’s security strategy is its Secure Network Service, end-to-end encryption software that runs across the Internet and firewall, giving customers the ability to directly access Oracle databases with an intelligent browser. Communications Week, October 23, 1995, p. 5. Sentry cuts access to naughty bits, Mitch Betts. There is an industrial-strength Internet filtering software specifically geared to businesses. Microsystems Software Inc. in Framingham, Massachusetts, USA, recently began shipping Cyber Sentry, which helps network administrators enforce company Internet usage policies. For example, a company that uses Cyber Sentry could block employee access to sex, gambling and sports sites during the workday, but allow access to sports information after work hours. The ‘CyberNot’ list of blockable addresses is split into categories such as nudity, racism, gambling, cults, drugs and militant/extremist. The list is updated weekly and can be downloaded to the network administrator’s workstation. The software can also block access to unknown Internet addresses and keep an audit trail that can be used to look for patterns or to assign departmental billing. Some employees have complained about ‘big brother’ surveillance, but blocking certain Internet sites is no different from business policies that prohibit employee telephone calls to 900 numbers. CyberSentry can also be used to help keep track of the time spent on Internet-based research. Computenuorld, November 13, 1995, p. 66. How secure is security? Beth Davis. Recently publicized security breaches have raised questions as to how strong current security offerings really are, and there is little to assure network managers that the products they buy will do what they promise. Security companies are
615