Learning from History—Web Security in Review
By John Stewart
Many companies don't want to buy security software because their systems haven't been infiltrated and such software isn't perceived as critical to the company's mission. They may even be lulled into thinking that the Internet is more secure now than it was just over a year ago, when large, well-known sites experienced some highly publicized attacks. However, if these companies were aware of the Web crime trends, they might be more open to purchasing security systems.
Last year, more than 4800 sites around the world were defaced or hacked. These numbers are misleading, because some of the items on the list represent a mass hack of several sites—for example, a hosting provider, a machine running a number of different sites, or a Domain Name Service (DNS). I suppose, when you note that there are now over two million Web sites, this isn't a significant percentage. However, sites like MSN.com, eBay.com, and CNN.com have been hit, which shows that anyone is at risk.
Recent History
In November and December of 1996, Dan Farmer, author of the Common Open Policy Service (COPS) protocol and coauthor of Security Administrator Tool for Analyzing Networks (SATAN), examined the security of sites at organizations such as banks and credit unions, some U.S. federal computers, newspapers, and some pure online commerce systems. He compared these sites to a random sample of other sites. Farmer's research concluded with a paper summarizing his findings from a sample of approximately 1700 sites (see "
