lighting up the dark side of the web colin rose quarter past five limited monday 11 th october 2004
TRANSCRIPT
The cost of widespread company network security breaches keeps rising…
Occurrence and Average Annual Cost of a Security Attack (IDC)
InformationWeek estimates:
• Security breaches cost businesses $1.4 trillion worldwide this year
• 2/3 of companies have experienced viruses, worms, or Trojan horses
• 15% have experienced Denial of Service attacks
• “60% of security breaches occur within the company – behind the firewall” (IDC)
What are the drawbacks?Of increased user internet and e-mail access
“Users; who would have them?”
• Users do not know what to do• Users mess things up• Users are lazy• Users change things• Users are a maverick component
What are the consequences?Of increased user internet and e-mail access
“Users; what would you do without them?”
• Users need to be told what to do(and what not to do)
• Users are the main reason why you have a computer network
• Users are the larger half of your information systems
• Users can spot problems• Users need to be “configured”, you just need to
understand how to “configure” them.
Other Issues
• Legal liabilities• Who is on your network - • Sexual or racial harassment• Bad publicity and lost reputation• Improper use of the systems• Inside out and Outside in??
The Dark Side of the Web
Pornography
Anarchy and theft
Credit card fraud
Telephone fraud
Lock picking
The Dark Side of the Web
Hacking
Steganography
Spoofs and sucksites
Virus creation
Password crackers
MP3 music files
Cyber WarfareInternational and commercial
• Denial of Service• Commercial cyber warfare• Terminate your existence in cyberspace• Puts you out of business• Easy to carry – downloadable from the web
You would be amazed to discover how imaginative users can be.
Seeing might be believing!!
User Abuse of a Computer System
A Word About The Future
•People•Process •Technology
• No matter how much the technology changes, the individuals change, even how much the environment changes.
• There are still some things that remain the same
To re-cap….
The internet can be used safely, we just have to be a bit more sophisticated than we used to…
Fred Smith, currently on placement, can always be foundhard at work at his desk. Fred works independently, withoutwasting company time talking to colleagues. Fred neverthinks twice about assisting fellow employees, and he alwaysfinishes given assignments on time. Often Fred takes extendedmeasures to complete his work, sometimes skipping coffeebreaks. Fred is an individual who has absolutely novanity in spite of his high accomplishments and profoundknowledge in his field. I firmly believe that Fred can beclassed as a high-caliber asset, the type which cannot bedispensed with. Consequently, I duly recommend that Fred beoffered permanent employment at Quarter Past Five, and aProposal be executed as soon as possible.
Steganography
Steganography
Fred Smith, currently on placement, can always be found
wasting company time talking to colleagues. Fred never
finishes given assignments on time. Often Fred takes extended
breaks. Fred is an individual who has absolutely no
knowledge in his field. I firmly believe that Fred can be
dispensed with. Consequently, I duly recommend that Fred be
Proposal be executed as soon as possible.
Confidentiality
• Inadvertent disclosure (MS Word)• Cached information (Hotel Phoenix)• Revelation• Phishing
Virus Creation
Viruses no longer require a low level understanding of computers.
Increased e-mail and web use makes viruses easy to distribute.
Viruses are very easy to writeVCL / Mutation Engine / etc...