The availability of broadband has contributed to the growth in the number and popularity of cyber cafes and network gaming centers around the world. One of the biggest challenges of these businesses is managing security while not depriving customers of the services they want. Accommodating customers almost always means making compromises, but companies sometimes go too far in making concessions for the sake of maintaining good customer relationships.
One network gaming center found that its openness in accommodating customers has been interpreted by hackers as an invitation to launch attacks. But instead of cutting off some services to tighten security, this gaming center chose to install additional software to operate more securely without curtailing customer service.
This company's experience offers a valuable lesson to other companies that offer public (or shared) access Internet terminals. It also offers general insights on striking the balance between meeting customer and/or employee demands and taking adequate security precautions.
Vulnerabilities and attacks
GameCTRL, a member of the international network gaming organization iGames, is a network gaming center and cyber cafe located in Louisville, KY. It is owned and operated by Andrew J. Prell, who opened the doors on his venture earlier this year. He's already had to deal with some serious viruses, worms, and hacker attacks. Prell quickly discovered that when you have an always-on Internet connection and your business is all about providing that Internet access to customers, you become a prime target for hackers itching to cause whatever mischief they can.
Of course, Prell has no choice but to have an open door to the Internet—after all, that’s his business. Users are free to surf and chat as they please. Many of them, Prell said, use mIRC or other programs to chat with friends. They are also free to install software as long as they have the original CDs.
This means that not only was the network vulnerable to attack, but some of the attacks could very well have come as a result of customers' actions. In fact, some of the people who have visited GameCTRL weren’t customers at all, but hackers who were trying to find out whatever they could about the place to launch an attack.
One hacker, Prell reported, entered the center, looked around, asked some questions and then sat down at one of the PCs only to leave moments later. Prell later discovered that the person had installed a virus on the system that gave him a back door to break into the network.
Another hacker was able to enter the center and download the Nimda virus to one of the computers, infecting the network. Prell was forced to shut down so he could remove infected files from all the networked systems.
One person visited the store on a number of occasions, asking about the network setup and about ZoneAlarm in particular.
“He asked why ZoneAlarm was installed on only one computer. I told him the other computers were covered by the NAT. At that point, he just nodded and left. Shortly after that, we discovered we had another virus.”
Prell said they called the FBI about that hacker’s visits and the subsequent virus attack, but the FBI was interested in pursuing the matter only if a significant dollar-figure amount of damage had occurred. Since Prell was able to remove the virus from the network without sustaining any serious damage from the attack, the FBI didn't pursue it.
Beefing up security
The attacks that Prell’s network center sustained came in spite of his use of ZoneAlarm to protect the network. Because the attacks were occurring more as a result of social engineering than technology, Prell knew that he had to take other steps to protect his network.
His first step was removing ZoneAlarm and installing Norton AntiVirus Corporate Edition. Since the problem wasn’t so much that attackers were breaking in through the firewall but that they were installing viruses on the computers, Prell reasoned that the Norton program would more effectively eliminate the problems he was experiencing. Prell said the new program has effectively eliminated the virus threats from the network.
In addition to the Norton program, Prell is exploring the possibility of using a program that will allow him to remotely monitor network activity and user actions. This will allow him to intercept potential attacks before they can be carried out. Unfortunately, the local company developing the product that Prell was interested in—Agora Interactive—filed for bankruptcy in January 2001. Agora signed contracts with Lucent and Compaq to set up coin-operated network gaming computers in arcades across the United States. Hewlett-Packard's purchase of Compaq has since reduced Prell’s hopes that the gaming kiosks will be available any time soon.
So Prell is now looking at other solutions to help him better monitor activity on his gaming network. Viable options he has identified include Tinasoft’s EasyCafe and Celco Controls Ltd.’s CyberCafePro. Both programs are designed to help monitor and manage the kind of Internet traffic Prell sees in his gaming center.
In the meantime, Prell plans to continue relying on the antivirus software to detect, block, and remove any viruses that may crop up. He reports that his network has been clean since he installed the Norton product.
He is also more alert to the suspicious behavior of visitors to the center, especially those who are overly inquisitive about the security measures in place on the network or those who ask unusual questions about the network setup.
Protecting open networks
Given the growth in popularity of network gaming centers and cyber cafes like GameCTRL, the network security issues Prell has encountered are likely to increase in number and severity. In addition to attacking businesses with open networks such as these, hackers are likely to use them to launch attacks.
Prell’s experience provides some valuable lessons that can help similar businesses, especially startups, secure their open networks:
- Install reliable enterprise antivirus software and schedule regular definition updates before your network goes live.
- Be aware of the behavior of visitors, especially those who ask a lot of suspicious questions about your systems.
- Don’t reveal any specific details to overly inquisitive visitors.
- If you have an open Internet surfing area such as this one, consider using cyber cafe management software to track activity.