Facing increasingly faster, more complex and more targeted computer attacks, a number of network companies and groups are banding together to share information in hopes of stemming the damage done by computer attackers.
The Fingerprint Sharing Alliance — announced by Arbor Networks and including worldwide support from a range of organizations including Asia Netcom, British Telecom, Cisco, Earthlink, Internet2, MCI, Rackspace and others — said its members will share detailed attack information in real time in an effort to block attacks closer to the source.
Despite increased spending and focus on security, companies are vulnerable to a wide range of attacks, including extortion efforts that wield denial of service (DoS) attacks against Internet sites dependent on their “uptime.”
Richard Stiennon, a security expert and vice president of threat research at Webroot, told TechNewsWorld that after years of abrogating their responsibilities, carriers are now taking more initiative to secure their networks.
“This is an evolution of where they’re going,” he said. “I think it is great that they’re going to pool their resources to get a better handle on things.”
Preventing Attacks, Loss
Blaming lost revenue and repair costs from attacks on networked services and disruptions for the loss of more than US$17.5 billion in 2005, the Fingerprint Sharing Alliance said the global partnership will facilitate improved defense of computer systems and infrastructure that cross network and national borders.
“By bringing together key stakeholder groups for trusted, real-time information sharing on threats and attacks, the Fingerprint Sharing Alliance represents a significant advance towards enhancing the security of the global Internet,” said a statement from Steve Corbato, director of network initiatives for Internet2, a network consortium focused on the next-generation Internet.
Other company representatives indicated they each had a particular need for the alliance, which will use Arbor’s Peakflow SP to share attack fingerprints automatically without revealing competitive information.
While companies have historically held back information on attacks, which they sought to keep quiet, they are now waking up to the fact that they can avoid similar and future attacks by sharing data and combining resources. Stiennon said, for example, information from one attack may allow a similar attack to be identified rather easily. Furthermore, the organization’s response may be a simple action, such as throttling data packets to deflect a DoS effort, he added.
While the new alliance referenced defense against distributed denial-of-service (DDoS) attacks, worms, and other cyber attacks, Stiennon also said in his blog that the information sharing — which will pool data from network sensors around the globe to monitor traffic patterns — may also defend against Internet-based extortion schemes.
“This will be a great tool in the battle against the extortionists that use the threat of a denial of service attack to sweat money out of e-commerce sites,” he wrote.
Crisis Mode Challenge
iDefense director of malicious code Ken Dunham said the alliance was a step in the right direction, but he also questioned whether the real-time information sharing would be effective in the heat of battle against computer attackers.
“It’s wonderful to have an expert forum where people can share ideas, but if you’re talking about an active attack, that’s a whole different ballgame,” Dunham told TechNewsWorld. “In panic mode, you need clear lines of authority and you need to know your roles and responsibilities.”
However, Dunham did indicate partnerships such as the alliance may help alleviate misinformation that has historically accompanied computer and Internet attacks.
“The issue with today’s attacks is, you’re not talking about something that is slow-building or easy to figure out,” he said. “These are fast, rapid, sophisticated attacks, and everybody’s got their own piece of the puzzle.”