Although Christmas festivities are fast approaching, before network managers relax too much it would be wise to apply the latest Bind patches to DNS servers and lock down CGI access on your web servers.

The word on the lips of security experts is that network managers have more to contend with this Christmas than Santa's elves, as a multitude of advisories recommend that hatches be battened down against Smurfs and Zombies.

A warning from Internet Security Systems (ISS) X-Force, states that hundreds of computers are already infected with 'zombie' agents. These can be used by hackers to commandeer the machines and cripple servers by flooding sites with a huge number of spurious requests, in a repeat of February's massive attack on ebusinesses.

Groups of hackers claim that over the Christmas period, they will target internet retailers with an eye to bringing servers down at their busiest time of year.

According to security experts the year 2000 was 'the year that wasn't' as far as security is concerned. It got off to a bad start with most of the commercial online world - including big names such as Amazon and eBay - on its knees after a torrent of Distributed Denial of Service (DDoS) attacks.

This situation was repeated only months later when it became apparent that network managers still weren't taking security seriously.

Panic stations
The explosion of the Love Bug virus also caught many corporations off-guard and created a wave of panic around the world. Trojan Horses and worm-type viruses were becoming a major threat to network security, forcing email systems or web servers off line for days.

But it's not just small companies that face security problems, as the hacking of Microsoft proved. Again a Trojan Horse proved to be the culprit, with the exploit highlighting the fact that even the mightiest of giants can be toppled by a determined hacker.

In general, network managers haven't faced any new threats over the last year. The Sans Institute's "top 10 reasons for security breaches" has remained unchanged for the last few years.

But what is happening is that electronic intruders are coming up with new twists on old security beating techniques. Neil Barrett, technical director at Information Risk Management, says the Microsoft hack "was done in such a clever way, and was compounded by the fact that it is such a hot target".

But, he adds that the QAZ Trojan Horse, which gave the intruders access, was already on every antivirus vendor's checklist and should have been caught. "Someone inside the network probably turned off their antivirus on the desktop," Barrett says.

Effective security measures
Arlene Brown, managing director of intrusion detection company, Network Ice has another angle. She believes that effective modifications of tried and tested ways of attacking a network can beat certain security measures.

"Some of these guys are sneaking in by breaking the packets sent in their attacks into smaller fragments to avoid detection," she says.

Security experts are in agreement on one matter - corporations are still falling foul of already-recognised network attack techniques. Simon Webb, of Watchguard Technologies, says that there is nothing remarkable about the technology that hackers have been exploiting this year, even in the Microsoft case. "They're still using the same techniques that have been used for years," he says.

Some even suggest that hacking styles and tools come and go in cycles. "It's not that any of the recent attacks have used uncommon tactics - it's more a case of them being all too common," says Matt Moore, security architect for Westpoint, which offers security-scanning services.

Graham Cluley, senior technical consultant for antivirus company Sophos, also believes that internet vandals are not using new technology or tactics: "It's the same old problem - Trojan Horses," he says. "It got the Greeks into Troy and it still works today."

Trojan Horse-style network hijacks were also responsible for bringing the internet to its knees earlier in the year. The first big bang of 2000, after the millennium fireworks, were huge internet retail names such as Yahoo, eBay, Buy.com and Amazon.com, losing a significant amount of uptime after huge DDoS attacks.

The weakest link
Again, this is not a new technique, but the attackers exploited known vulnerabilities in various Remote Procedure Call (RPC) services to install tools such as trinoo (or trin00) and tribe flood network (or TFN).

Although it is a widely held belief that the bigger the network, the more likely it is to have holes, Cluley explains that it is often users that are the weakest link. "In many cases where a known virus or Trojan infiltrates a business, it is because a user has disabled the antivirus software."

Although antivirus is a good defence, it's not 100 per cent bulletproof and other security systems are necessary to complement it. "You're in trouble if you get complacent," he says.

Springtime further highlighted the network manager's frustration at end-user incompetence. A number of government intelligence agents 'misplaced' laptops that contained sensitive information in taxis and tapas bars.

Furthermore, one MI5 agent working on the Northern Ireland situation had his laptop snatched at a station, and government security procedures were called into question after it was debated whether the hard disk had been encrypted and, as Cluley pointed out at the time, information contained in cookies and in swap files would be present on the PC in an unencrypted form.

The experts agree that expanding networks beyond the current boundaries, by adding more mobile devices such as laptops, personal digital assistants and Wap-enabled phones will bring more trouble.

Brown, of Network Ice, believes that Wap, GPRS and the whole m-commerce bandwagon look set to pose the next big security question for the good guys or the next big opportunity for the black hats, depending on how you look at it.

The Love Bug
By the summer, the Love Bug virus had caused havoc across the world, bringing email systems in hundreds of corporations and even the Pentagon and Houses of Parliament to a standstill.

Research group Computer Economics says that the virus was received by 45 million email users in its first day of circulation. This put the cost of the damage at $1.7bn for that first day in May alone.

But Sophos' Cluley, claims that there are actually very few viruses that are considered groundbreaking or change the scene at all. "Most of them are copycats, or a combination of other virus writing techniques. Ultimately, viruses are still preying on end-user gullibility. People are opening attachments they have no logical business receiving, with no concern for the consequences."

Ebusinesses were next to get another good kicking, after a number of online banks and utility companies made a series of embarrassing security blunders. PowerGen left customer info and credit card details for about 7000 customers in a publicly accessible database on the site.

Barclays online service also came under fire after customers logging in were able to view other users account details. High street retailer Woolworths also had to stump up cash compensation for its customers after credit card details were compromised on its website.

Moore from Westpoint, believes that most breaches don't occur because of holes in the software, but because businesses rush to roll out online services and so neglect security for the sake of time to market.

But Richard Barber, strategic development officer at Integralis, warns that although high-profile internet security breaches are well publicised it's the cases you don't find out about, that should be of more concern: "Most banks don't tell you about security breaches because they don't have to," he says.

Corporate costs
Money is also an issue. Big corporates have the means to splash out on a comprehensive security system, but smaller companies, particularly ebusinesses on a budget, don't want to spend the cash.

Network managers are facing the same security issues they have over the past couple of years: poor configuration or simple mistakes such as leaving the default password set. Security surveys have revealed that one in three web servers is insecure, usually with a known vulnerability.

According to Moore, "the same small number of vulnerabilities are still at the core of most compromises, they practically form a ubiquitous foundation of the internet". He warns that "in the future we'll only see improvements, the core problems won't be fixed because new technology is adopted at such a rapid rate bringing more problems with it".

Although people are realising they need more than firewalls, access control needs to be tighter and servers need to be locked down. "In the end, hackers are just picking on an IP address, everyone is equal on the internet," he says.

In the spotlight
Some of the main security risks of the last year were pushed into the spotlight because of the sheer number of users they affected. Cisco's Pix firewall was found to have vulnerabilities if configured to allow FTP access, which allows an intruder to send malicious or unauthorised data through to the protected network by using the 'fixup' protocol command.

The Yankee Group also blew the lid off "the dirty little secret" of the infrastructure service providers sector. The analyst proved that ATM and Frame Relay networks are highly vulnerable to security breaches because of unrestricted access to the physical network infrastructure and known weaknesses in network management systems.

According to the Yankee Group, network service providers refuse to provide security SLAs for this very reason. Yankee said that "virtual" architectures all held similar vulnerabilities.

Webb agrees that remote users, who are usually on virtual technologies such as virtual private networks (VPNs) are another major security headache. "VPNs are not the answer for securing remote users because an infected remote machine opens a tunnel straight into the network."

Security experts add that the rollout of DSL technologies, giving remote users an 'always on' connection, will bring trouble. "The need for security will increase tenfold with the rollout of ADSL, which offers massive implications from a security point of view, particularly from the home users and road warriors," explains Webb.

Westpoint's Moore adds: "Companies could end up running insecure boxes on fat pipes. Anyone who hijacks those boxes has free rein on a huge amount of bandwidth, for major DDoS attacks."

New danger
Although new devices bring inherent risks for the future, a change in the enterprise environment will also attract trouble. With more companies moving online there will be more money moving electronically allowing the devious to manipulate strings of numbers and siphon off money with considerable ease.

Moore predicts that in the coming year "we will see more 'man in the middle' style attacks. A hacker would use DNS poisoning techniques on a secure connection, such as SSL, to hijack the connection and then siphon money off. It offers so much more potential for high profile, high dollar break-ins."

Integralis' Richard Barber warns that he has already seen tools such as 'Achilles' that do just this, but also allow for editing of the HTTP data stream, as well as hijacking the user session.

"Hackers are getting increasingly difficult to track because they have worked out that by breaking geo-political boundaries, and jumping to the target from a terrorist country, a law enforcement agency will get no help in tracking the route of the attack, he says.

Skills shortage
Such difficulties are compounded by the results of a survey from the Sans Institute, that pinpointed the main barriers that need to be overcome when attempting to improve network security.

The top concerns are a distinct lack of security skills in system and network administrators and no universal standards on the highest security priorities, such as which problems to fix first.

The best defence strategy follows the old adage of 'be prepared.' As shown in the list of vulnerabilities most can be avoided by keeping security patches up to date or disabling unused accounts and read/write access on servers where access should be limited.

User awareness is also critical, no matter how tight your security, users are always the weakest link. Otherwise, regular security assessments and risk management, along with an intrusion detection and response strategy, should help keep your network secure.

Although you may not have had a serious incident yet, it doesn't mean hackers are not out to get you. As Graham Cluley says: "Network managers need to have a bit of healthy paranoia."