Axent Takes A SWAT At Hacker Intrusions

Ron Gustavson, 09/23/1998

Newsbytes News Network NEWS

ROCKVILLE, MARYLAND, U.S.A., 1998 SEP 23 (NB) Special to Newsbytes.

One positive effect of the recent high-profile hacking of the New YorkTimes
Web site, the Sunday after Kenneth Starr's investigative report was
released, is the attention brought to the need for Internet security. Axent
Technologies Inc. has taken this opportunity to focus on a product that it
claims could have helped the Times last week.

Axent describes its Intruder Alert, as a 24 by 7, real time device
monitoring tool, which provides packet/segment monitoring, and a post-event
audit trail. The company claims this tool could have prevented the New York
Times intrusion-what the company describes as probably a "Unix cron attack."

[All of the information presented to date suggests there was no
"cron attack" at all. That cron was used in its intended fashion to 
perform an instruction at a periodic interval.

Drew Williams, co-founder of Axent's Information Security SWAT team told
Newsbytes, "The New York Times intrusion looked to be a two-fold attack.
First, you get access to the box, through a buffer overflow, or other means.
Then, you run a script on cron, which automates server maintenance.
Meanwhile, administrators are watching what's going on, but need some hours
to determine where the problem is actually occurring."

Williams explained, "Intruder Alert sets agents on critical network devices,
such as routers, firewalls, and servers. These agents monitor Alert's Drop &
Detect policies, offering management within a single console. Meanwhile,
Axent's NetProwler technology can monitor packets, to foil denial of service
attacks."

The Information Security SWAT team is an added layer of service that is
offered, as a courtesy, to Axent customers. Williams described SWAT, saying:
"We pay attention to all security alerts, even ones that the researchers and
academicians can't get into. Intrusion detection needs to stay in touch with
what the world needs."

[Which is poorly reflected at their attack signature database
located at: http://www.axent.com/swat/03a_atk.htm]

SWAT provides an online security alert and update site at
http://www.axent.com/swat Axent customers can download Drop & Detect
security updates there. SWAT also provides graphic details on real world
server attack scenarios and examples. The latest Internet hacks are
described, along with suggested preventative measures. For further
exploration of hackers and their world, the SWAT site links to actual Hacker
Sites, Security Sites, and Attack Demos. An Attack Signatures page is
prefaced with a warning, "Enter at your own risk."

Concerning the need for security policies and measures, the inverse can
easily be assumed: Ignore at your own risk. Axent Intruder Alert is priced
at $1,995 per manager, $995 per server, and $95 per work station. Volume
discounts and bundling with other Axent products is available.