“…what should the e-commerce community do about it? Four
sets of actions will turn the tide.
First, users and Internet service providers should apply a
four-pronged approach. One, they should block deliberately
misaddressed packets. Two, they can try to block broadcast-address
processing, a technical action that stops attackers from hiding the
identities of the machines from which they launch attacks. Three,
users and providers should use firewalls with ‘deny all/ allow
some’ rules — as opposed to current ‘allow all/deny some’ rules —
which will cause traffic to be stopped unless it fits known
patterns. And four, they can apply security patches to operating
systems and applications.”
“Second, users, auditors and executives should insist that their
systems be managed by people with certified information-security
skills.”
“Third, apply hardening scripts (programs that turn off
unnecessary services and close known holes) to every system
connected to the Internet and remove all nonhardened systems from
the Net until they’re protected. Sun Microsystems users have taken
the lead in creating hardening scripts, with the active help of Sun
itself. Linux users are also making progress. Sadly, other
operating system software vendors are far behind.
Finally, we must stop accepting the excuse of ‘There’s nothing
worth protecting on my systems.’ Maybe there’s no critical data
there, but a system connected to the Internet is a loaded weapon,
and it shouldn’t be left out where criminals can use it to attack
others.”