Blended Threats: A Deadly Duo of Hackers and Mobile Code

Article excerpt

IMAGINE LIVING IN MEDIEVAL times when castles and fortresses weren't built solely as dwellings, but also for protection from outside attacks--the thicker and higher the walls, the better. Suppose one day a report comes to the king with news of suspicious activity outside of the castle's walls. Strangers trying to find a way in are caught at the gate. The king discusses the situation with his advisors and decides to build a wall of fire that will circle the castle. For years the problem seems to be solved, until intruders start pouring buckets of water on the "firewall" to create a safe channel to the castle's gate. A battle follows the security breach; and after recovering from the attack the king decides to surround the perimeter of the castle with a moat--deep and wide enough to prevent any outsiders from entering.

All is calm until one day the king again peers over the castle walls and sees a huge mass of wood built into the shape of a horse. The king brings the structure into the castle and ultimately grants access to enemies hidden within. Another battle ensues, and he restores security to the castle. Subsequently, the king implements a policy to screen any large packages delivered to the castle.

This seems to provide the perfect solution, until one day he looks outside and sees another curious structure. It is clear that it is nearly as high as the castle, although it is still several hundred feet off in the distance. The king squints to see people scurrying about the structure's base. Suddenly the structure jolts and he realizes a large boulder is hurtling toward the parapet on which he stands. When the king realizes the peril, it is too late to react. In an instant, the parapet is reduced to rubble, and the king is crushed. Shortly thereafter, the castle walls are destroyed as well, allowing access to the bands of intruders.

This anecdote may be dramatic, but it is reflective of how computer security threats evolve and require defenses that also evolve. For any school or classroom that uses computer technology, Internet-borne security threats are evolving and becoming increasingly dangerous. It's obvious to many that, like the castle-dwellers of old, computer users are involved in an arms race with hackers and virus writers. This makes it imperative to understand the types of computer threats that may affect school and classroom computers and networks.

Current computer threats are capable of significant damage to systems and data, but are often hard to place in a single category, such as a "virus," "Trojan" or even "hacker exploit." Thus, these threats are combining to create a new type of computer security concern experts are calling "blended threats." Hackers, those trying to gain unauthorized access to computers and computer networks, and malicious mobile code, computer viruses and worms, are increasingly working in tandem. Because of these new blended threats, instructors must learn about the types of threats that exist as well as look to IT administrators to evaluate their current security strategies and develop comprehensive, adaptable protection.

The Deadly Duo

In the past, a computer hacker crept in through an unlocked door or vulnerable window--a pre-existing hole already in the system. This was often due to bugs in computer software or poor system configuration. For example, you may wish to share files on your computer with a teacher in the next classroom, which modern operating systems allow you to do with ease. However, if your configuration isn't carefully thought out, you might be creating a share situation that allows not only the teacher next to you to read your files, but also allows a hacker halfway across the world to access your information. Security products such as firewalls have provided a great deal of protection against these kinds of hacks, but ultimately their danger is that the computer is doing exactly what it was told to do. …