Network security: as the worms turn.

• Author: Marshall, Jeffrey
• Position: Special section

Code Red. Nimda. MSBlaster. SoBig. Love Bug. The simple and colorful names given to "worms" and other viruses unleashed against computers around the world only hint at the damage they can do, primarily in knocking out systems and costing corporations big sums in down time and emergency restoration.

While it's commonly agreed that corporations have become considerably more sophisticated about computer security in recent years, the universality of the viruses' target--Microsoft systems--makes defense difficult. Worms, "Trojan horses" and other viruses use new and different techniques to destroy the hosts' code, making it difficult for businesses to anticipate and block them. And things aren't getting better.

"There's been a significant increase in the rates, the types and the voracity of attacks over past year," says Tina LaCroix, vice president, Integrated Services and Technology Solutions (ISTS) Information Security, at Aon Services Corp. "Part of what we face is really an inverse curve. It used to be that 10 years ago, you had to have significant knowledge about computers [to be a hacker]. Now, you only need rudimentary knowledge. You can go to 10,000 Web sites and put together the necessary components--an average 10 year-old can exploit these."

Some hackers may have altruistic motives, she says, but many are political activists (so-called "hacktivists") or teenagers following Internet "scripts." Then there is "underground and underworld activity" coming from countries like Brazil and China.

"Any kind of development is open to someone to prove it's vulnerable," says James Wade, chief information security officer at KeyCorp, the regional bank based in Cleveland. "We are seeing increased sophisticated attacks from anywhere in the world. We know security is critical to our infrastructure, and the opportunities to attack are really increasing almost daily."

"Today, lots of people are probing and monitoring networks to launch automated exploits," says Louis J. Carpenito, vice president of information security/business strategies for Symantec Corp., a provider of the popular Norton antivirus software, as well as network security software appliance products to enterprises and service providers.

"There's a lot of external activity, much more than internal," he adds. "But the success rate is significantly less. Most organizations have a layer of protection, but there may be other channels into the organization." In fact, studies show that while...