Laptop Thefts a Sign of Progress, but Vigilance Still Key

Carl Weinschenk spoke with Sam Kline, chief development engineer, Saint Corp.

Weinschenk: It seems that government laptops are disappearing at a fast rate. Why is this?
Kline: What's happening is that it's not as easy for attackers to be able to penetrate [government computers] as it used to be. When security comes up with new defenses the hackers have to find ways around them. So the motives [behind laptop theft] are the same — attackers are still trying to get the data from the government. Since obviously attackers want to take the path of least resistance, when it is becoming increasingly difficult to penetrate a network due to firewalls and tighter security, they are going to ... resort to the path of least resistance, which is going after the laptop.

Weinschenk: Does this mean that security measures are "beating" hackers?
Kline: I wouldn't say [tighter security is making hacking] less of a problem. I don't want to undermine the importance of maintaining network security. Yes, the increased difficulty for attackers to penetrate networks in that fashion is because of administrators' greater awareness of the need for firewalls and the enforcement of policies for network security. IT managers and administrators need to make sure they stay current. [Initially], they put up firewalls to protect networks. Then attackers used client-side attacks like going after vulnerabilities in Internet Explorer, and then [IT] realized the importance of content filtering. So once content filters [were on line] then the attackers resorted to stealing laptops. It shows no matter what new defenses, attackers find a way around. With regulations such as SOX and HIPAA [the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act], organizations with sensitive materials will be hard pressed to authenticate the security of their networks. They must not just have a high level of security, [they must] be able to document that high level of security. One way this could be done is using products such as vulnerability assessment and penetration testing tools. That continues to be a very competitive market. There are a large number of tools out there, Saint's included.

Weinschenk: What types of hacker activities are common now?
Kline: I think there are two things that are hot right now. One is SQL injection attacks. That occurs when a Web app does not sufficiently check what the user enters into a query. By using invalid characters in a query [hackers] are able to execute arbitrary queries against a backend database. That allows them to execute queries that they should not be allowed to execute. It could lead to compromises of confidential information and integrity. The reason that attack happens is that they usually are not spotted by firewalls. The admin intends to allow access to the application. The other [hot hacker attack] is client-side vulnerabilities such as those in Web browsers. I would say the client-side one is hotter just because IE and other browsers such as Mozilla are widely deployed. Just about everyone uses them.