IT Security doesn’t have to be Rocket Science

1999-04-27

It is worth reading Silicon.com’s headline that the UK government is exposed to hackers. Firstly, it says that security firm NTA monitor found that 31% of .gov.uk email servers were running flawed software. That’s the scare-mongering bit. It goes on to say how NTA monitor discovered this – by sending emails to the servers to identify which software the servers were running.

It is commonly known in IT security circles that the best way to identify security holes is to use the same techniques as the hackers. Indeed, suites of tools are available which act as “auto-hackers”, which run ensembles of simulated hacks to find weaknesses. Some of these tools are available for free, from organisations such as CERT. The question asked is, but can’t the hackers get hold of the tools as well? Of course they can. The principle is that hackers know this stuff anyway, so IT managers should also be informed. This is why IT managers are duty bound to use such facilities and close up any holes they may find. Otherwise the hackers will do so instead. Illegal access becomes no more difficult than running a few scripts and reading a log file.

(First published 27 April 1999)

Jonno's Blog Archive

IT Security doesn’t have to be Rocket Science