-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
1/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
11
Network Security &Network Security &ApplicationsApplications
Global PerspectiveGlobal Perspective
Forum on ICTs, Trade andForum on ICTs, Trade andEconomic GrowthEconomic Growth
Addis Ababa, EthiopiaAddis Ababa, Ethiopia March 14March 14--16, 200616, 2006
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
2/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
22
According to an FBIAccording to an FBI
study, 90% of USstudy, 90% of US
companies suffered acompanies suffered a
security incident in 2005security incident in 2005
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
3/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
33
The FBI also estimatesThe FBI also estimatesthat cyber crime cost USthat cyber crime cost US
companies an average ofcompanies an average of$24,000 last year, down$24,000 last year, down
from $56,000 in 2004from $56,000 in 2004
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
4/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
44
But, they estimate thatBut, they estimate that
the total cost of cyberthe total cost of cyber
crime to the US was overcrime to the US was over
$400 billion in 2005 alone$400 billion in 2005 alone
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
5/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
55
THE INTERNETTHE INTERNET
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
6/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
66
The Internet (ARPANET), wasThe Internet (ARPANET), was
started in 1960s, established itsstarted in 1960s, established its
first connection in 1969, wasfirst connection in 1969, wasspread across the US by 1971,spread across the US by 1971,
and reached Europe by 1973and reached Europe by 1973
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
7/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
77
ARPANETs LegacyARPANETs Legacy
It all starts with a handshakeIt all starts with a handshake
Transmission Control ProtocolTransmission Control Protocol
(TCP) & Internet Protocol (IP)(TCP) & Internet Protocol (IP)
Well designed with manyWell designed with many
different paths to a destination,different paths to a destination,
where routers constantly monitorwhere routers constantly monitor
the integrity and select the bestthe integrity and select the bestpath, making it robust in the facepath, making it robust in the face
of severe physical damageof severe physical damage
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
8/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
88
Despite its apparent goodDespite its apparent good
design, the Internet was notdesign, the Internet was not
originally conceived with internaloriginally conceived with internalsecurity in mind, making itsecurity in mind, making it
vulnerable to attacksvulnerable to attacks
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
9/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
99
NetworkTrafficNetworkTraffic
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
10/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1010
CYBERCRIMECYBERCRIME
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
11/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1111
Criminal acts using computersCriminal acts using computers
and networks as tools or targetsand networks as tools or targets
Traditional crimes conductedTraditional crimes conducted
through the use of computersthrough the use of computers
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
12/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1212
Modern Computer CrimesModern Computer Crimes
Can be based on malicious code such as aCan be based on malicious code such as a
virus, email virus, worm or Trojan horse.virus, email virus, worm or Trojan horse.
a.k.a. Passive Attacksa.k.a. Passive Attacks
Or actively perpetrated byOr actively perpetrated by
knowledgeable individuals,knowledgeable individuals,
whowho attempt to exploit network,attempt to exploit network,
computer, and software flawscomputer, and software flaws
a.k.a. Active Attacksa.k.a. Active Attacks
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
13/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1313
Traditional CrimesTraditional Crimes
PrePre--existing crimes that are facilitated by theexisting crimes that are facilitated by the
Internet or ones that have found new lifeInternet or ones that have found new life
because the Internet has madebecause the Internet has made
them lucrative endeavours.them lucrative endeavours.
Theft, theft of information,Theft, theft of information,
financial crimes, fraud, copyrightfinancial crimes, fraud, copyrightinfringement, child pornography, scams, harassment,infringement, child pornography, scams, harassment,
and terrorismand terrorism
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
14/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1414
A BriefWord On PhishingA BriefWord On Phishing
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
15/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1515
WHAT AREWE UPWHAT AREWE UPAGAINST?AGAINST?
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
16/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1616
FIRSTFIRST
We are faced with weakWe are faced with weak
underlying technology andunderlying technology and
inherently vulnerable softwareinherently vulnerable software
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
17/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1717
SECONDSECOND
Issues such as users anonymityIssues such as users anonymity
coupled with uninformed,coupled with uninformed,misguided, and malicious usersmisguided, and malicious users
contribute to the problemcontribute to the problem
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
18/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1818
FINALLYFINALLY
Weak or nonWeak or non--existent legal,existent legal,
regulatory, and policy environmentsregulatory, and policy environmentslimit many countries ability tolimit many countries ability to
tackle cyber crimestackle cyber crimes
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
19/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
1919
CYBERCRIMINALSCYBERCRIMINALS
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
20/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2020
Cyber criminals come inCyber criminals come in
many forms. The mostmany forms. The most
harmful can be maliciousharmful can be maliciousinsiders, and disgruntled orinsiders, and disgruntled or
uninformed employeesuninformed employees
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
21/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2121
The Internet also has its share ofThe Internet also has its share ofprofessional criminals likeprofessional criminals like
hackers, organized crime andhackers, organized crime andpedophiles, who make a living offpedophiles, who make a living off
of their well honed skills andof their well honed skills and
criminal endeavourscriminal endeavours
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
22/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2222
Finally, competing business,Finally, competing business,
governments and terroristsgovernments and terrorists
will also use the internet towill also use the internet toimprove their position orimprove their position or
further their causefurther their cause
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
23/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2323
IS AFRICA ATARGET?IS AFRICA ATARGET?
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
24/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2424
Ongoing analysis by SymantecOngoing analysis by Symantec
and McAfee indicate thatand McAfee indicate thatAfrica is not a major source orAfrica is not a major source or
target of cyber attackstarget of cyber attacks
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
25/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2525
Limited connectivity, fewLimited connectivity, few
appealing targets and a smallappealing targets and a small
number of users, are factors thatnumber of users, are factors thatcurrently shield potential Africancurrently shield potential African
targets from most attackstargets from most attacks
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
26/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2626
As the African eAs the African e--environmentenvironment
evolves, so to will its cyberevolves, so to will its cyber
crime environmentcrime environment
Most likely for the worseMost likely for the worse
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
27/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2727
A shift from active toA shift from active topassive attacks willpassive attacks will
probably accelerate theprobably accelerate theproblem, negating anyproblem, negating any
protection limitedprotection limited
connectivity providesconnectivity provides
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
28/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
2828
CAN ANYTHING BECAN ANYTHING BEDONE?DONE?
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
29/50
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
30/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3030
HUMAN FACTORSHUMAN FACT
ORS
Industry, government andIndustry, government and
educators must first addresseducators must first addresshuman behaviour that allowshuman behaviour that allows
cyber crime to thrive and/orcyber crime to thrive and/or
undermine security effortsundermine security efforts
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
31/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3131
A significant number ofA significant number of
security breaches are in partsecurity breaches are in part
caused by human actions,caused by human actions,whether intentional orwhether intentional or
otherwiseotherwise
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
32/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3232
Examples include:Examples include:Use of weak passwordsUse of weak passwords
Divulging passwords
Divulging passwordsUse of unauthorised softwareUse of unauthorised software
Opening of unknown emailOpening of unknown email
Unauthorised use of networkUnauthorised use of network
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
33/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3333
Breaches are not limited toBreaches are not limited to
novice or inexperienced users.novice or inexperienced users.Incidents have been caused byIncidents have been caused by
network administratorsnetwork administrators
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
34/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3434
Outlining acceptable networkOutlining acceptable network
use, authorised software, alonguse, authorised software, along
with awareness campaigns andwith awareness campaigns andtraining, can help mitigatetraining, can help mitigate
against human errorsagainst human errors
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
35/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3535
TECHNOLOGY FACTORSTECHNOLOGY FACTORS
Technology plays a key role inTechnology plays a key role in
securing computers andsecuring computers and
networks, but only if properlynetworks, but only if properly
deployed and maintaineddeployed and maintained
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
36/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3636
There are a panoply of securityThere are a panoply of security
tools at your disposal. If usedtools at your disposal. If usedproperly they will shield yourproperly they will shield your
organization from most attacksorganization from most attacks
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
37/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3737
Security ranges from theSecurity ranges from thebasics likebasics like limiting access tolimiting access to
the networkthe network, forcing users to, forcing users tochange passwordschange passwords at regularat regular
intervals, to physicallyintervals, to physically limitinglimiting
accessaccess to certain computersto certain computers
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
38/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3838
A step up would involveA step up would involvevirusvirus
scannersscanners that inspect incomingthat inspect incoming
files for viruses, tofiles for viruses, to firewallsfirewalls,,which limit incoming andwhich limit incoming and
outgoing network trafficoutgoing network traffic
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
39/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
3939
To sophisticated tools likeTo sophisticated tools likeintrusion detection systemsintrusion detection systems,,
which constantly analyzewhich constantly analyzenetwork traffic and send outnetwork traffic and send out
alerts or shut off access in thealerts or shut off access in the
event of anomaliesevent of anomalies
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
40/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4040
If information must be sentIf information must be sent
over the Internet,over the Internet, encryptionencryption
technologytechnology can shieldcan shieldsensitive data when it must besensitive data when it must be
transmittedtransmitted
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
41/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4141
POLICY FACTORSPOLICY FACTORSEnsure laws, regulations andEnsure laws, regulations and
policies provide the necessarypolicies provide the necessarysupport and focus that cansupport and focus that can
complement cyber securitycomplement cyber security
endeavoursendeavours
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
42/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4242
A strong legal framework sendsA strong legal framework sends
a message that cyber crime willa message that cyber crime will
be dealt with seriously and thatbe dealt with seriously and thatlimits on online conduct will belimits on online conduct will be
imposed.imposed.
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
43/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4343
It must also ensure thatIt must also ensure that
countries are able tocountries are able toinvestigate, arrest andinvestigate, arrest and
prosecute cyber criminalsprosecute cyber criminals
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
44/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4444
A well articulated regulatoryA well articulated regulatoryscheme will ensure that keyscheme will ensure that key
players such as TSPs,players such as TSPs,government and industrygovernment and industry
understand their roles inunderstand their roles in
ensuring a secure environmentensuring a secure environment
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
45/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4545
Well articulated policies thatWell articulated policies that
outline the roles, responsibilitiesoutline the roles, responsibilities
and commitments of users, TSPand commitments of users, TSPand governments will bring alland governments will bring all
this togetherthis together
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
46/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4646
A FEWWORDS ABOUTA FEWWORDS ABOUTSECURITY POLICIESSECURITY POLICIES
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
47/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4747
INDUSTRY POLICIESINDUSTRY POLICIES
Should address acceptable usage,Should address acceptable usage,
minimum security standards, andminimum security standards, andcommitments by organisation tocommitments by organisation to
educate and support userseducate and support users
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
48/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4848
GOVERNMENT POLICIESGOVERNMENT POLICIES
Identify short and mid termIdentify short and mid term
security objectives, support tosecurity objectives, support to
key players, investments inkey players, investments insecurity technology andsecurity technology and
training, and awarenesstraining, and awarenessinitiativesinitiatives
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
49/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
4949
FINAL COMMENTSFINAL COMMENTS
-
8/3/2019 Network Security and Applications - Global Perspective - Michael Bitz
50/50
UNITED NATIONSUNITED NATIONS
ECONOMIC COMMISSION FOR AFRICAECONOMIC COMMISSION FOR AFRICA
5050
Michael BitzMichael Bitz
ee--Security & Cyber Crime ConsultingSecurity & Cyber Crime Consulting
Dar es Salaam, TanzaniaDar es Salaam, Tanzania
[email protected]@rogers.com
(+255) 746 77 64 76(+255) 746 77 64 76