AT&T security guru talks DoS attacks, hackers

Botnets, protection of personal information pose biggest challenges, AT&T CSO Edward Amoroso says.
Page:

Edward Amoroso is the chief security officer at AT&T in the US, as well as a professor who has written several textbooks on information security. Amoroso spoke with Jon Brodkin last week in Boston, where he delivered a keynote about network security during Forrester's Security Forum.

What are your biggest security challenges at AT&T?

The biggest challenge right now is sensitive personal information being all over the place, Social Security numbers, credit card numbers. It's an IT problem. I'm not even convinced it's appropriate to call it a security problem, it's just IT infrastructure has developed in a way where that stuff is all over the place. We're encrypting the whole company. That's a pretty heavy-handed approach to solving the problem, but that's really the only option.

Have you lost any sensitive data?

We've had some laptops that have been lost just like anybody else. So we report those and move on. That's been the extent of it, it could be worse.

You also spoke about network security and defending against botnets and denial-of-service attacks in your keynote.

That's our second-biggest challenge. Keep in mind, we're a service provider, so the availability threat is way more important than if we were selling software. If Microsoft.com is down for an hour, it wouldn't be good but it's not a stock-price-affecting problem. If our network services are down for an hour, that is a very big problem.

Will AT&T be able to successfully defend against these botnets?

We do it now. These things we see, a lot of them are aimed at us all the time. Any carrier that says 'we're not under attack' is lying to you.

Last December, we saw some pretty significant increases in traffic aimed at our host. We think that somebody was aiming big denial of service attacks at our hosting DNS services. We just filter the traffic, we survive it. It's just the normal course of business for that stuff to be lobbed at you, and you block it.

You're an adjunct professor of computer science at the Stevens Institute of Technology. What can we expect from the next generation of computer scientists?

They're good hackers, that's for sure. They come in and they've been reading hacking magazines since they were little kids. There's a lot of foolishness in youth so a lot of young people do design attack tools. They're better [than previous generations]. But they're also better as computer scientists. I would say there's a general uplift in capability, good and bad. It keeps me sharp. They let me have it if I don't know the answer to something.

Page:
More about: AT&T, AT&T, Carnegie Mellon University, CNN, eBay, Information Coordination Center, Mellon, Microsoft, Sharp
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/171/gadwin-web-snapshot/

Gadwin Web Snapshot

Gadwin Web Snapshot will effectively capture the entire page including all design elements when capturing web pages. It makes an image of the browser’s content ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia