From Mainframes to Network Security: A World of Difference

Moving from mainframes to network security? Itll take more than a new coat of paint.

. What's this?

By

November 08, 2002CSO — I don't know why it's so slow," my systems manager told me. "It's not because of the system load. There's barely anything running right now."

"What does the network traffic level look like?" I asked.

"Nothing on the LAN that I can see," he replied.

"See if you can log in via the Internet connection," I said. "Maybe we're having problems with the connection or something."

He dialed into his ISP and tried to get a browser to connect to our homepage. The domain name system found it. Thennothing. Just sat there until it timed out.

"So, what is it?" I asked.

"I dunno," he answered. "I'll check the firewall to make sure it's up and running."

Well, it was runningbut real slow. I mean R-E-A-L S-L-O-W. The systems administrator put a protocol analyzer on the Internet side of the connection and found it was completely overloaded with traffic.

"Well, we're either very popular today or someone is trying to DoS us," he said.

DoS us? Huh? Apparently, DoS is short for denial of service. It's a type of network attack that hackers and script kiddies launch from time to time. It's like when your grandson clogs the toilet with a roll of toilet paper. The toilet is full, and you are denied service until it is unclogged. The solution is to get rid of the attack. But all the source addresses for the attacking packets change on every arriving packet, so there's no way to know who was actually sending the traffic as all the source addresses were bogus (or "spoofed," as it was explained to me).

I know I should know all of this. I used to be a mainframe guy and worked with the big boxes for all our credit card processing. I also ran the mainframe security tools and facilities, so I thought I understood security issues. So far, I'd been holding my own. I know how to write security policies; I've gotten the budget sorted out. But I suddenly found myself in hot water. I had no clue about how to deal with an Internet attack.

Security used to be structured, orderly, purposeful. This Internet security stuff, however, is illogical. Why attack our site? We don't kill whales, we don't discriminate, and we aren't politically extravagant. Actually, we're pretty boring, as companies go. So why would someone want to clog up access to our website? It doesn't make sense.

I was obviously out of my league with this one, so I called a friend who is the CSO at a large telco. He's one of those guys who remains true to his technical roots, so I figured if anyone would know what to do, he would.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER