[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Saturday, 3 May, 2003, 07:22 GMT 08:22 UK
Closing the holes on hackers
By Mark Ward
BBC News online technology correspondent

Computer network cables, Eyewire
Vulnerabilities in networks are leaving firms open to attack

Relentless attacks by viruses, web worms and malicious hackers are forcing companies to react faster than ever to computer security problems.

The rapidly narrowing time between the discovery of a vulnerability and its exploitation by computer vandals leaves companies little time to react.

Some are turning to tools that work like anti-virus scanners and regularly comb networks for vulnerabilities.

If left open these holes could be used as a conduit by malicious hackers or rogue programs seeking to steal data, delete it or wreak other damage.

Hidden danger

Last year more than 4,000 security vulnerabilities were discovered in the popular software packages used by millions of companies to conduct some of their business via the web.

Many malicious hackers use automatic tools to patrol the net and find companies doing a bad job of patching their systems against attack.

Many firms find it impossible to keep up with the huge number of security updates and have struggled to keep their networks and software free from loopholes.

"Haphazard patch management will definitely cost you money," said Brad Johnson of security firm TruSecure.

The struggle to keep up has meant that many firms have fallen victim to vulnerabilities that have long been known about.

In January 2003 the Slammer worm wrought havoc on the net, despite it exploiting a loophole first noticed in May 2002.

Even Microsoft had failed to apply the software patch that would have protected it against Slammer.

In a bid to keep up with the vulnerabilities some firms are turning to scanning tools that regularly travel the network of their company, interrogating all the machines on it to find out which ones are home to which vulnerabilities.

New tools are helping firms beat off hacker attacks, Eyewire
Our biggest problem is knowing what we do not know
Paul Simmonds, ICI

"Our biggest problem is knowing what we do not know," said Paul Simmonds, Director of Global Information Security for chemicals giant ICI.

Mr Simmonds said he was responsible for security across ICI's 330 sites across the world and safeguarding the computers of more than 36,000 users.

One of the biggest problems he faced, said Mr Simmonds, was simply knowing which versions of what software was in use across ICI's global network.

He said that ICI had now started using a scanning tool made by US firm Qualys that scans the ICI network for loopholes.

Before now firms with large networks would only scan for vulnerabilities every quarter or year because of the time it took to carry out a comprehensive survey.

By contrast, said Mr Simmonds, tools produced by companies such as Qualys can be used weekly or daily.

Now, he said, ICI was able to treat vulnerabilities like viruses and regularly scan to find out if they had to react to the latest security warning.

"We used to be able to update virus definitions once a month," said Mr Simmonds, "then it was once a week and now it is within 30 minutes of a new one being detected."

Knowing whether ICI had to react quickly or not at all made a big difference said Mr Simmonds.

"ICI is in the business of making chemicals," he said, "everything else is an overhead."




SEE ALSO:
Commuters hack wireless networks
26 Mar 03  |  Technology
How to hack people
14 Oct 02  |  Technology
Students learn art of computer hacking
14 Apr 03  |  West Yorkshire
Prominent hacker Mitnick hacked
11 Feb 03  |  Technology
Why we need hackers
15 Nov 02  |  Technology
Snapshot shows net under attack
12 Apr 02  |  Science/Nature
Spammers and virus writers unite
30 Apr 03  |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific