The Dream of the Internet Becomes Worst Nightmare Manhasset, N.Y., Feb. 16 -- Technology managers, who dreamed of the Internet as a new business tool and championed their cause to senior management, are waking up to nightmares of security gone awry, reports CMP's InformationWeek in its February 19 issue. "The incidence of cybercrook attacks to mine or sabotage a company's information resources is rising rapidly," states Bob Violino, editor-at-large of InformationWeek. "What is especially alarming is that despite the fact that companies like Rockwell International and Merrill Lynch and various government agencies employ the latest firewall and encryption technology available, they are experiencing security breaches on a regular basis." Business users have been particularly skittish about the Internet since last September, when two computer science students at the University of California at Berkeley cracked the public-key encryption code used by Netscape Communications Corp.'s popular browser software. "There are more experts than ever in the intruder community who know the infrastructure of the Internet," explains Cathy Fithen, CERT's team leader of strategic incident response. "In the past we saw people breaking into systems using passwords. Now they look for flaws to exploit involving networking protocols and source codes for operating systems." The fear of invasion is well founded, according to federal law enforcement agencies, which have stepped up their investigations of online intrusions. "We're aware that this is a serious problem for any industry using the Internet," says Jim Freeman, special agent in charge of the FBI's San Francisco office. "Salvation from the government, or from vendors with new security products, seems unlikely," says Violino. "History shows that as soon as new security tools are developed, hackers learn to crack them. And while not every company possesses trade secrets, security is still a must for everyone in business. For now, at least, absolute security is one thing the Net can't offer." But, companies are so focused on Internet intrusions from outsiders that they often fail to consider the possibility of an inside hacker. According to John Reinke, chief information security architect at Merrill Lynch & Co., Inc. in New York, "There is no modern large organization that I now of that does internal firewalls." At Bell Laboratories, where an internal network links some 300,000 host computers around the world, security is a constant concern. "We're bigger than the entire Internet was in the late 1980s," says Bill Cheswick, technical staff manager at the labs' computer science research department in Murray Hill, N.J. "Our firewall keeps the bad guys out but you can't say there aren't bad guys inside the company." --