Lighting Upthe Dark Side of the Web

Colin Rose

Quarter Past Five Limited

Monday 11th October 2004

The cost of widespread company network security breaches keeps rising…

Occurrence and Average Annual Cost of a Security Attack (IDC)

InformationWeek estimates:

• Security breaches cost businesses $1.4 trillion worldwide this year

• 2/3 of companies have experienced viruses, worms, or Trojan horses

• 15% have experienced Denial of Service attacks

• “60% of security breaches occur within the company – behind the firewall” (IDC)

What are the drawbacks?Of increased user internet and e-mail access

“Users; who would have them?”

• Users do not know what to do• Users mess things up• Users are lazy• Users change things• Users are a maverick component

What are the consequences?Of increased user internet and e-mail access

“Users; what would you do without them?”

• Users need to be told what to do(and what not to do)

• Users are the main reason why you have a computer network

• Users are the larger half of your information systems

• Users can spot problems• Users need to be “configured”, you just need to

understand how to “configure” them.

Other Issues

• Legal liabilities• Who is on your network - • Sexual or racial harassment• Bad publicity and lost reputation• Improper use of the systems• Inside out and Outside in??

The Dark Side of the Web

Pornography

Anarchy and theft

Credit card fraud

Telephone fraud

Lock picking

The Dark Side of the Web

Hacking

Steganography

Spoofs and sucksites

Virus creation

Password crackers

MP3 music files

Cyber WarfareInternational and commercial

• Denial of Service• Commercial cyber warfare• Terminate your existence in cyberspace• Puts you out of business• Easy to carry – downloadable from the web

You would be amazed to discover how imaginative users can be.

Seeing might be believing!!

User Abuse of a Computer System

A Word About The Future

•People•Process •Technology

• No matter how much the technology changes, the individuals change, even how much the environment changes.

• There are still some things that remain the same

To re-cap….

The internet can be used safely, we just have to be a bit more sophisticated than we used to…

Fred Smith, currently on placement, can always be foundhard at work at his desk. Fred works independently, withoutwasting company time talking to colleagues. Fred neverthinks twice about assisting fellow employees, and he alwaysfinishes given assignments on time. Often Fred takes extendedmeasures to complete his work, sometimes skipping coffeebreaks. Fred is an individual who has absolutely novanity in spite of his high accomplishments and profoundknowledge in his field. I firmly believe that Fred can beclassed as a high-caliber asset, the type which cannot bedispensed with. Consequently, I duly recommend that Fred beoffered permanent employment at Quarter Past Five, and aProposal be executed as soon as possible.

Steganography

Steganography

Fred Smith, currently on placement, can always be found

wasting company time talking to colleagues. Fred never

finishes given assignments on time. Often Fred takes extended

breaks. Fred is an individual who has absolutely no

knowledge in his field. I firmly believe that Fred can be

dispensed with. Consequently, I duly recommend that Fred be

Proposal be executed as soon as possible.

Confidentiality

• Inadvertent disclosure (MS Word)• Cached information (Hotel Phoenix)• Revelation• Phishing

Virus Creation

Viruses no longer require a low level understanding of computers.

Increased e-mail and web use makes viruses easy to distribute.

Viruses are very easy to writeVCL / Mutation Engine / etc...