section, contributor Ed Skoudis explains how an enterprise can prepare for a hacker's detonation.
In investigations conducted by my network forensics consultancy, Intelguardians, we've seen several logic bomb situations in the wild. In one case that combines the above ideas with an interesting and common twist, an administrator set up a logic bomb designed to trigger if he didn't log in for 90 days. The organization had actually fired this admin for other reasons and had removed his access from the system. His logic bomb attack persisted, however, acting as a silent sentinel. After 90 days, the organization was faced with massive data destruction.
To deal with logic bomb attacks, make sure your enterprise employs regular backups that are verified on a consistent basis. Secondly, make sure you have Hot Standby Router Protocol (HSRP) enabled on your routers, which will ensure connectivity even when first-hop routers fail. And, finally, identify the personnel in your management chain who should be informed in the case of extortion threats. Determine these critical decision makers in advance, so that they can be quickly notified if and when such nefarious activity does occur.
About the author: This was first published in July 2007
Ed Skoudis is a SANS instructor and a founder and senior security consultant with Intelguardians, a Washington, DC-based information security consulting firm. His expertise includes hacker attacks and defenses, the information security industry and computer privacy issues. In addition to Counter Hack Reloaded, Ed is also the author of Malware: Fighting Malicious Code. He was also awarded 2004, 2005 and 2006 Microsoft MVP awards for Windows Server Security, and is an alumnus of the Honeynet Project. As an expert on SearchSecurity.com, Ed answers your questions related to information security threats.
This was first published in July 2007