Howard Fuhs
Howard Fuhs
Howard Fuhs
IT-Sicherheitsberater
IT-Sicherheitsberater
IT-Sicherheitsberater

Dangerous Corporate Internet Use

Two Cases

Copyright (C) 09/1997 by Howard Fuhs  

Content:

    Introduction

    Caught in the Web

    Case Study no. 1

    Case Study no. 2

     Conclusion

    Copyrights
 


Introduction

In this brief article, Howard Fuhs describes two recent cases with both similarities and differences. Howard Fuhs is a practicing information security consultant in the Frankfurt area in Germany (as well as a wellknown lecturer and author of books and articles about IT security and electronic warfare), and in both these cases he was called in to deal with an emergency. As you will see he quickly identified more deep-rooted problems in the companies in question.


Caught in the Web

With the increasing expansion of the World Wide Web it is getting easier to download things, which constitute a danger to corporations and the contents of their information systems. Thus, it has lately become possible to download comprehensive virus collections containing several thousand viruses.

Two cases, which took place within a time span of only two weeks, serve to illustrate the practical consequences of this in cases where
 


Case Study no. 1

An employee passed time by downloading a collection of computer viruses from the Internet as well as some Virus Construction Kits to his company computer. This employee did actually not conduct experiments with the computer viruses as such, but rather with a number of tools designed to produce and distribute viruses.

These tests were conducted on a computer, which was connected to the corporate network that
 

During the tests of the exiting programs from the computer underground one program was executed which turned out to be a Trojan that formatted the hard disk of the computer and subsequently overwrote it with random information.

The damage caused by the destruction of important data could not subsequently be properly assessed because no-one was able to tell which information was supposed to be stored on the machine in question in the first place.

However, restoring the data which were known to have been on that machine and consequently lost took over two weeks.

The employee did not according to a statement he made in connection with the cleaning-up operation in any way feel guilty and he was shocked to see the effects of his research urge. He had never even heard about Trojans.


Case Study no. 2

An employee downloaded a collection of viruses from the Internet and stored it in his corporate computer. He sorted the viruses according to virus scanner data and built a collection of over 3000 different viruses in this manner.

As rumours about his 'hobby' spread through the corporation, work colleagues began to ask him for access to the virus collection. In order to facilitate this the employee installed the collection on the company network server. To avoid the detection of the viruses by the daily virus scanning, these were packed into archives. None of the used scanners were able to, or configured to, scan inside archives. This "Virus Exchange Market' on the corporate server was further expanded and tended to, and over a period of four months the circle of users increased to over 35 employees.

It became conspicuous after a while that the company suffered an increasing number of problems with computer virus infestations despite the fact that further protective measures had been introduced in the company. The anti-virus security measures included:
 

The corporate installation comprised some 2000 computers, so the introduction of these countermeasures including purchase and installation of machines and software carried a considerable price tag in terms of time and money.

Finally, a computer security professional discovered the virus collection on the server more or less incidentally because the collection had grown to over 4000 sub-directories, each carrying the names of the viruses stored inside.

Also in this case it was difficult for the corporation to add up all the costs. No data were known to be lost. The time it took to install software and handle the acute cases of virus infections added up to several thousand man-hours.

The employee, who had started the virus collection protested that no rules in the organisation had indicated that his activities were illegal or even unwanted or dangerous. Thus, he had done nothing wrong.

In connection with the unraveing of this case emploees' access to the Internet was seriously curtailed. The same was the case with regard to write access to the network server. Access was critically reviewed and revised.


Conclusion

Proper information security awareness training programs for employees could easily and inexpensively have prevented both cases.
 

Copyright (C) 09/1997 by Howard Fuhs

 

Fuhs Security Consultants
 
All Rights reserved!
 
 Realisation:
Frank Ziemann
Home Impressum

WebCam
24 Hour Clocks Publications DE Deutsch
Thema 00
Hier finden Sie Information über Dinge, von denen wir jetzt noch nichts verraten wollen.
Thema 01
Hier finden Sie Information über Dinge, von denen wir jetzt noch nichts verraten wollen.
Premium Content
Restricted area. Paying customers only.
News
Company News and Press Informations.
Service
Protect your Assets with our Security Services.
Products
24-hour clocks according to ISO 8601 developed for usage in business, technical and military 24/7 environments.
Lectures
Informations about the worldwide Lecures and Seminars of Howard Fuhs.
Publications
Articles and Manuscripts of Howard Fuhs covering the topic of IT-Security.
Digital Publishing
Publications of Howard Fuhs on CD-ROM.
DEDeutsche Seiten
Hier finden Sie unsere deutschsprachigen Seiten.
Follow this link to our German pages.
      E-Mail
Contact us
via E-Mail
  info@fuhs.de
    Realisation
EDV-Beratung
Frank Ziemann
www.fz-net.com
Content  
Content
Hot Sites
Trade Terms  and Conditions
Hot Sites
Hot Sites (11/1998)
Trade Terms and ...
Trade Terms and Conditions - and Internet Access (05/1998)
Thema C
--not used--
Thema D
--not used--
Thema E
--not used--
Thema F
--not used--