(Nikkei BP Group)
(No.1 High-Tech News Site in Japanese)
|
|
| Network Security Inspection Services Debut in Response to Crisis
|
|
August 17, 1998 (TOKYO) -- The sense of crisis over system security is
growing among Japanese corporate network system administrators following
a series of unauthorized accesses via the Internet since mid-1997.
|
The number of reports received at the Japan
Computer Emergency Response Team Coordination Center (JPCERT/CC) has
been soaring, including unauthorized access to Information and Communication
Systems Laboratories of Nippon Telegraph and Telephone Corp. (NTT),
and an incident in which a mail server at the Ministry of International
Trade and Industry was used as a relay for mail to solicit money-making
activities (See chart).
Domestic network users have been heretofore lacking a sense of impending
crisis over the system security since many believe that even if corporate
data are seen by intruders from the United States and Europe, there
is no need to worry because they cannot read data written in Japanese
language.
However, such users are compelled to change their view that Japanese
system networks are safe following the successive incidents involving
unauthorized access over the system network.
In response to the move, some tools and services for network security
inspections and monitoring have been released and an increasing number
of network users started to use them.
Reactions from Corporate Users Mixed
Reactions from domestic corporate users to unauthorized access by hackers
mix. Some companies are becoming highly cautious of such illegal acts,
while others care less, saying they will have no problems even if hackers
obtain some of their internal information.
Many companies cannot spend much on the Internet because they use it
simply to obtain information and exchange mail. They tend to lack any
day-to-day security measures other than building a firewall.
According to a survey conducted by the Metropolitan Police Department,
many companies disregard even fundamental security measures such as
management of passwords, applications of revised software and monitoring
of logs.
Incidents of damage from unauthorized access over the Internet reported
to JPCERT/CC in the January-March period in 1998 show that many hackers
attacked widely known security holes. There were 110 cases of unauthorized
use of anonymous FTPs, 38 unauthorized log-ins to servers and other
machines, 30 cases involving spam mail and 22 attacks taking advantage
of the common gateway interface (CGI) at World Wide Web servers.
Basically, most of the cases could have been avoided if corporate users
paid attention to the latest information released by JPCERT/CC and information
on products they use.
In fact, a growing number of corporate users started using one of security
inspection services which have come out since the latter half of 1997.
In such services, simulated attacks are made to a corporate network
to confirm whether there is any problem with its safety. Some services
even conduct an inspection every few months to confirm if the safety
is maintained after the system is secured.
There is also a new service to provide 24-hour remote monitoring of intrusions
to internal networks. If any attempt at unauthorized access is detected,
the service system will report it to a person in charge immediately
for quick action.
Economical, Easy One-Time Services
There are different types of security inspection services. One-time inspection
services are inexpensive and easy. Many current users adopt such services.
Most vendors of the services use a commercial security inspection tool
which searches any security holes on each a firewall, an operating system,
a Web server and a mail server. If there is any problem, it will show
how to cope with the problem.
Some vendors use their own expertise in the security in combination with
a commercial inspection tool. Nihon ICSA KK, a Japanese arm of International
Computer Security Association (ICSA) of the United States, collects
underground information over the Internet on its own to conduct inspections.
LAC Co., Ltd. and some other vendors use a self-developed inspection
tool. LAC's inspection fees start from about 600,000 yen (US$410).
Fujitsu Ltd. provides a service in which the manufacturer actually logs
into an open service of a corporate user to inspect the security. The
corporate user needs to inform Fujitsu of its network system configuration
and the ID and password of a system administrator beforehand.
IBM Japan Ltd. and General Accounting & Business Consulting Inc. offer
a different type of service in which a corporate user informs them only
of an IP address and confirms if the user can make any unauthorized
access to its own network system.
In many services, vendors point out issues detected in detail by server.
Although most reports of inspection results automatically printed out
by an inspection tool are written in English, those submitted to users
are translated into Japanese.
Some Vendors Offer Countermeasures
Services provided under an annual contract usually offer inspections
on a regular basis. The inspections are made two to 12 times a year
for an annual fee of around 4 million yen (US$27,400).
Some vendors regularly send corporate users the latest information on
network security. The Japanese arm of ICSA offers such information to
its users twice a month. IBM Japan translates information collected
by IBM Corp. of the United States into Japanese and sends its users
almost every week.
Regarding ways to handle problems, vendors fall into two categories:
those which take measures on the issues by themselves and those which
leave the issues to others. NEC Corp., Hitachi Ltd. and NTT provide
a security inspection and setting up of the security system altogether.
The Japanese arm of ICSA, LAC and General Accounting & Business Consulting
focus solely on a security inspection and monitor the issues as the
third party.
The Japanese arm of ICSA issues a certification logo mark to corporate
users after it confirms the safety of the internal system. ICSA of the
United States currently issues the same logo mark when it certifies
a firewall and encrypted products of users. The Japanese arm applies
the same certification system in Japan. In an annual contract service,
the organization evaluates its users' daily security operations, including
security policies. Nippon Computer Security Corp. and Hucom Inc. serve
as the group's domestic agents.
Chart: The number of unauthorized accesses over the Internet in Japan
The number of reports that JPCERT/CC received from corporate users.
A
relatively large number of incidents during January and March 1997
indicates
wide-ranging attacks to mail server software send mail. |
|
|
(return to news)
Related stories:
MITI Mail Server Used to Relay Overseas Junk Mail
Network Security Services Gain Ground in Japan
(Nikkei Communications)
|
|
|
