As I hear more about security attacks from abroad, I begin thinking about the future of our military might. I know, the current might of our military is the best in the world. I also know that no one will come close in any time soon in the future. More and more arms use sophisticated methods in networking one another for fast response and immediate attacks. And that’s why Chinese and Russian hackers are doing everything in their arsenal to break into our networks, no holds barred. The experience they gain by attacking us could give them ever slight an edge that can alter the outcome of a war.
I begin to wonder, Do we know how many of their attacks are undetected and sitting dormant right now? What if one of those attacks are done on a company doing data exchange with defense companies? How do we know the extent of their penetration?
So called IDS ,intrusion detection system relies on the check-sum of clean files and are compared to suspected files for changes. Not only is this unrealistic, it only works for Operating Systems. Routers and switches rely on IPS ,intrusion prevention system. IPS checks packets arriving against database of known attacks. That’s why none of IPS is useful if attacks are http or snmp based.
More likely initial attacks will exploit very recently announced vulnerability. Or use social engineering of sorts, leaving no traces.
I think we must start a process of “hunt for red dragon” right now. Operating Systems and ios devices must be reviewed. We must also find a better scanning method to find inactive dormant programs hiding in computers. The use of restricted areas in Vista is a good start. But, there must be a locked down “no entry” partition where hardened part of OS lives. Utilizing Microsoft’s side by side versioning technology, we can easily create a very secure OS that cannot be infected even if attacks are successful.
Imagine our planes not getting proper target updates due to an old hack that never got activated during peace time. Or a worm attacks on services coming in through a supplier network connected laptop that was put away for emergency use only.
These attacks are not simple curiosity kiddie attacks anymore. They are transforming into dangerous assault on our future. I think we should close all ports other than 80 and 443 from China and Russia right now. Until they can prove otherwise, we must treat them as threats. Up until now, China and Russia has demonstrated themselves to be bad citizens of the internet. Until they prove otherwise, we must act as if they own us already. Don’t laugh. Your computer is already, most likely, owned by Red Dragon armies.
