HostedDB - Dedicated UNIX Servers
index_22
Auerbach Publications © 2001 CRC Press LLC 08/01 formation and review it for quality control and engineering issues. Fur- ther discussions proved that he knew when he last accessed the data based on work habits and general memory. It was at this point that he told me this had been going on for some time and he just got around to calling me. He wanted to try anti-virus programs and freeware first so that he wouldn’t bother me with a false alarm. Subsequently, we collec- tively decided to access the system to try to determine what was accessed and when. The first thing we found was BackOrifice with basic plug-ins, which led me to believe that this may not have been intentionally directed at him, but rather someone wanting to play with a wide-open Windows system sitting on the Internet. We started checking files for access times; many were accessed in the middle of the night several weeks ago. More investigation turned up hidden directories and questionable e-mails he had received sometime before. At this point, I simply stopped and told him to assume the worst and try to think of anything else that may have been on his system. It turned out that a backup of his TurboTax database — not password protected — was on the system along with approved human resource documents for employees in his department who had recently received a raise. The entire phone conversation lasted about three hours — that’s all it took. I suspect that the call to his manager was much more painful and felt much longer. But was it his fault? His company provided him the In- ternet connection and the VPN software, and access from home was en- couraged. It seemed logical to him and his manager. He needed access to the Internet for research, and he typically got more done at home then at the office. However, an unknown assailant on the Internet, who could be either a hired gun to get the information or a script-kiddie that stumbled into a pot of gold, accessed extremely sensitive information. In either case, it was out there and could have an impact on the business for years. SOLUTIONS There is, of course, no easy solution to the security dilemma that is pre- sented by the implementation of VPNs. Even with sophisticated technol- ogy,  organizations still cannot stop hackers. They continue to access systems in heavily protected networks with apparent ease. Much of this can be attributed to poor design, gaps in maintenance, improper config- uration, or simple ignorance. In any case, with focused attention on the perimeter, unauthorized access is still happening at an alarming rate. Giv- en this scenario of hundreds if not thousands of remote computers on the Internet,  what can be done to protect them? Simply stated, if an in- ternal network cannot be protected when the best efforts are thrown at the problem, there is little hope in protecting the masses at home and on the road.