Thursday February 24 08:33 AM EST Web attacks? The ISPs strike back! By Robert Lemos, ZDNet News

Internet service providers band together to form a security alliance in hopes of avoiding another DoS debacle.

The battle for an attack-proof Web rages on.

Eight Internet providers have teamed with Internet security firm ICSA.net in an alliance to prevent denial-of-service attacks like the ones that downed several major Web sites earlier this month.

The nine founding members of the Alliance for Internet Security promise to adopt security measures that will not only make it difficult to attack their computers but, more importantly, prevent their systems from being used in an attack against others.

"The members of the Alliance are coming forward to be part of the solution and demonstrate their commitment to the right thing on behalf of all of the Internet," said Peter Tippett, AIS chairman, in a statement.

"The first step for each of us is to clean up our own backyards, ensuring that our systems cannot be used as attack agents."

Starting Feb. 7 with Yahoo! (Nasdaq: YHOO - news), a series of attacks slowed or, in many cases, downed major Web sites when a deluge of meaningless data and spurious access requests were targeted at their servers by unknown attackers.

By week's end, eBay (Nasdaq: EBAY - news), E*Trade (Nasdaq: EGRP - news), Buy.com (Nasdaq: BUYX - news), ZDNet (NYSE: ZDZ - news), CNN, Amazon.com (Nasdaq: AMZN - news), The Microsoft (Nasdaq: MSFT - news) Network and Excite joined Yahoo! as victims of what are known as distributed denial-of-service attacks.

Lessons to be learned - The lesson for Internet service providers? Individuals and businesses on the Internet must not only protect their own computers from attack but also make sure the systems aren't being used to attack others.

'The first step for each of us is to clean up our own backyards, ensuring that our systems cannot be used as attack agents.'|Peter Tippett, AIS chairmanEach member company must pledge to secure its own internal systems, add filtering technology to prevent "spoofing" or forging the source address of a piece of data, and provide support for others to do the same.

Founding members include Cable One, Cable & Wireless, Digex, Global Crossing and its U.S. subsidiary Global Center, GTE Internetworking, Level(3), Road Runner, and Sprint.

"All Internet users should assure that their own network is in order and that their ISP is doing the appropriate filtering on behalf of everyone," said Harris Schwartz, director of security for Time Warner's (NYSE: TWX - news) high-speed Internet provider, Road Runner.

Broadband providers offering individuals and small businesses fast connections are quickly becoming a stomping ground for Web vandals looking for easy targets.

Most customers security-challengedMost users of such services know little of how to secure their systems -- and as much as 10 percent of such systems are completely open to anyone on the network.

Educating such users about their role in making the Internet secure should be a top priority, said Stephen E. Cross, director of Carnegie Mellon University's Software Engineering Institute, speaking Wednesday before the Congressional Joint Economic Committee.

"Support programs that provide early training in security practices and appropriate use ... should be integrated into general education about computing," Cross said.

Yet, for the most part, the AIS will continue to overlook users and instead focus on businesses.

"This is about companies that are Internet-connected companies," said Laurie Wagner, senior vice president of business development for ICSA.net.

Wagner pointed out that the alliance first needs to concentrate on the 5,000 or so small Internet providers that may not know much about security.

For now, users are on their own, she said. "ISPs are not being paid to be security consultants for their users."

See this story in context on ZDNN's Page One Section.

http://dailynews.yahoo.com/h/zd/20000224/tc/20000224140.html

-- Jen Bunker (jen@bunkergroup.com), February 24, 2000