Protecting Web Sites by Guarding the Exits
No Safety in Numbers
As business moves online, the web is becoming more and more of a marketplace. It's a place where vendors and buyers meet to interact. Online transactions are now a normal, accepted part of life: You can auction unwanted goods, find a long-lost friend, get an education, keep up with your favorite sports teams... A business that doesn't have a web presence is practically unheard-of these days.
Obviously, this provides a fertile playground for malfeasants to wreak havoc. Even the U.S. government computers are not immune. The White House web site was recently defaced, and the Department of Justice hijacking is legendary. There were more than 15,000 reported cases of break-ins and data alterations in the year 2000, and the rate of break-ins has been increasing exponentially. According to http://defaced.alldas.de/, we're on track for more than 50,000 web site defacements this year. Interestingly, an increasing number of break-ins originate in foreign countries. Some of the well-known hacked sites include those of the U.S. Army, Air Force, and Navy; NASA; the Department of the Treasury; and the IRS. In fact, most organization have a strong incentive to immediately cover up any hijacking incident and to keep them as quiet as possible, in order to maintain customer confidence. So, in reality, the numbers may be much higher than those mentioned above.
Security experts are clamoring to come up with ways of countering all of these attacks. This article looks at a new technique that offers some promise.