Amidst the dark, air-conditioned white noise of a server room on Alakea Street, something was going very wrong. Web servers started to labor, microprocessors were generating excessive heat, and network traffic lights on hubs and switches flashed like Christmas tree ornaments. Hawaii Web surfers started to notice things were slow or that their favorite Web sites looked different. Code Red
By Robert Bruce Carleton
Special to the Star-BulletinThe Code Red worm was just starting to infiltrate Internet servers in Hawaii. System administrators who rebooted their servers to rid themselves of the problem were confounded when the problem kept staring them in the face.
How did this happen? Can we guarantee that this will not happen again? The answers are as troubling as the questions.
Today's 'Net community is a bustling metropolis used by everyone. While early users consisted mostly of academics and the military, commerce now dominates. The 'Net is a critical and public part of the world's telecommunications and business infrastructure.
The problem is, it's vulnerable. Code Red and the more dangerous Code Red II represent two particularly virulent variations on an old theme, the Internet worm. They strike at the heart of the Internet: the Web servers that run Microsoft Internet Information Server software. The worm uses a security hole in IIS to install and run software in the memory of the victim Web server. The worm software then instructs the victim Web server to start scanning for other servers to attack. When enough machines fall under the worm's control, the network traffic caused by all the scanning can cause parts of the Internet to slow to a crawl.
Viruses and worms are really an old story. The first worm was launched by Robert Tappen Morris Jr. (a k a RTM) on Nov. 2, 1988, and quickly spread from the MIT Artificial Intelligence laboratory to servers running on the Internet. What RTM said he started as an experiment reproduced so quickly, it soon overwhelmed many servers.
By the time the worm's damage was controlled, between 10 percent and 33 percent of the servers running on the Internet had been infected, according to estimates.
What can we do about this in Hawaii?
In the immortal words of the Boy Scouts, "Be prepared." Internet security is an ongoing process of vigilance, preparation and, when the time comes, decisive action. The only thing you can be sure of is that new viruses or worms are constantly being developed.
System administrators need to keep up to date with software upgrades and fixes for the servers they run. They should also regularly inspect system logs for unusual activity. Data needs to be backed up and stored offsite. Management must support this by providing administrators the necessary time and resources to do this.
Businesses and organizations must consider the risks they face when they run their Web sites. They must decide on the resources they are willing to commit to the security of the servers. Larger entities will want to create policies and procedures to formalize their security posture. Ongoing input from professionals regarding security policies and procedures is critical.
There is no silver bullet. Organizations that create and implement realistic policies and procedures regarding Internet security may still get hit every once in a while, but not nearly as often as those who don't.
Robert Bruce Carleton is the vice president
of operations for Guide.Net Inc., a Honolulu-based Internet
software company.