Axent Takes A SWAT At Hacker Intrusions Ron Gustavson, 09/23/1998 Newsbytes News Network NEWS ROCKVILLE, MARYLAND, U.S.A., 1998 SEP 23 (NB) Special to Newsbytes. One positive effect of the recent high-profile hacking of the New YorkTimes Web site, the Sunday after Kenneth Starr's investigative report was released, is the attention brought to the need for Internet security. Axent Technologies Inc. has taken this opportunity to focus on a product that it claims could have helped the Times last week. Axent describes its Intruder Alert, as a 24 by 7, real time device monitoring tool, which provides packet/segment monitoring, and a post-event audit trail. The company claims this tool could have prevented the New York Times intrusion-what the company describes as probably a "Unix cron attack." [All of the information presented to date suggests there was no "cron attack" at all. That cron was used in its intended fashion to perform an instruction at a periodic interval. Drew Williams, co-founder of Axent's Information Security SWAT team told Newsbytes, "The New York Times intrusion looked to be a two-fold attack. First, you get access to the box, through a buffer overflow, or other means. Then, you run a script on cron, which automates server maintenance. Meanwhile, administrators are watching what's going on, but need some hours to determine where the problem is actually occurring." Williams explained, "Intruder Alert sets agents on critical network devices, such as routers, firewalls, and servers. These agents monitor Alert's Drop & Detect policies, offering management within a single console. Meanwhile, Axent's NetProwler technology can monitor packets, to foil denial of service attacks." The Information Security SWAT team is an added layer of service that is offered, as a courtesy, to Axent customers. Williams described SWAT, saying: "We pay attention to all security alerts, even ones that the researchers and academicians can't get into. Intrusion detection needs to stay in touch with what the world needs." [Which is poorly reflected at their attack signature database located at: http://www.axent.com/swat/03a_atk.htm] SWAT provides an online security alert and update site at http://www.axent.com/swat Axent customers can download Drop & Detect security updates there. SWAT also provides graphic details on real world server attack scenarios and examples. The latest Internet hacks are described, along with suggested preventative measures. For further exploration of hackers and their world, the SWAT site links to actual Hacker Sites, Security Sites, and Attack Demos. An Attack Signatures page is prefaced with a warning, "Enter at your own risk." Concerning the need for security policies and measures, the inverse can easily be assumed: Ignore at your own risk. Axent Intruder Alert is priced at $1,995 per manager, $995 per server, and $95 per work station. Volume discounts and bundling with other Axent products is available.