Date post: | 28-Nov-2014 |
Category: |
Education |
Upload: | dr-cv-suresh-babu |
View: | 874 times |
Download: | 0 times |
1
E-Security
2
According to an FBI study, 90% of US
companies suffered a cyber security
incident in 2005
3
The FBI estimates that cyber crime cost US
companies an average of $24,000 last year,
down from $56,000 in 2004
4
However, they also estimate that the total cost of cyber
crime to the US was over $400 billion in
2005 alone
5
THE INTERNET
6
The Internet (ARPANET), was started in ’60s, established its first
connection in ’69, was spread across the US by ’71, and reached Europe
by ’73
7
ARPANET’s Legacy
• It all starts with a handshake– Transmission Control Protocol
(TCP) & Internet Protocol (IP)
• Well designed with many different paths to a destination, where routers constantly monitor the integrity and select the best path, making it robust in the face of severe physical damage
8
Despite its apparent good design, the Internet was not
originally conceived with internal security in
mind, making it vulnerable to cyber
attacks
9
Network Traffic
10
CYBER CRIME
11
“Criminal acts using computers and networks
as tools or targets”
“Traditional crimes conducted through the
use of computers”
12
Modern Computer Crimes
• Can be based on malicious code such as a virus, email virus, worm or Trojan horse.– a.k.a. Passive Attacks
• Or actively perpetrated by
knowledgeable individuals,
who attempt to exploit network,
computer, and software flaws– a.k.a. Active Attacks
13
Traditional Crimes• Pre-existing crimes facilitated by
the Internet or those which have found newlife on the Internet
– Theft, theft of information,financial crimes, fraud, copyrightinfringement, child pornography, scams, harassment, and terrorism
14
A Brief Word On “Phishing”
15
WHAT ARE WE UP AGAINST?
16
FIRST
We are faced with weak underlying technology
and inherently vulnerable software
17
Also improperly configured Internet
servers, firewalls and routers, and relying
primarily on firewalls for protection without
intrusion detection and prevention systems
18
SECOND
Issues such as users anonymity coupled with uninformed, misguided,
and malicious users contribute to the
problem
19
FINALLY
Weak or non-existent legal, regulatory, and
policy environments limit many countries’ ability to
tackle cyber crimes
20
CYBER CRIMINALS
21
Cyber criminals come in many forms. Most
harmful can be malicious insiders, and
disgruntled or uninformed employees
22
The Internet has its share of professional criminals like hackers, organized crime and pedophiles,
who make a living off of their well honed skills and
criminal endeavours
23
Competing businesses,
governments and terrorists will also
turn to the internet to undermine the
“competition” or further their cause
24
CAN ANYTHING BE DONE?
25
There is no one solution, be it technological or otherwise, to address
cyber crime. It exists for a multitude of reasons and requires a multifaceted
approach to combat
26
HUMAN FACTORS
Industry, government and educators must first
address human behaviour that allows cyber crime to thrive and/or undermine
security efforts
27
A significant number of security breaches are in part caused by human
actions, whether intentional or otherwise
28
Examples include:Use of weak passwords
Divulging passwordsUse of unauthorised software
Opening of unknown emailUnauthorised use of network
29
Breaches are not limited to novice or
inexperienced users. Incidents have been caused by network
administrators
30
Outlining acceptable network use, authorised
software, along with awareness campaigns and training, can help
mitigate against human errors
31
TECHNOLOGY FACTORS
Technology plays a key role in securing
computers and networks, but only if properly
deployed and maintained
32
There is a panoply of security tools at your
disposal. If used properly they will shield your
organization from many common cyber attacks
33
Security ranges from the basics like limiting access
to the network, forcing users to change
passwords at regular intervals, to physically
limiting access to certain computers
34
A step up would involve virus scanners that
inspect incoming files for viruses, to firewalls,
which limit incoming and outgoing network traffic
35
To sophisticated tools like intrusion detection systems,
which constantly analyze network traffic and send out alerts or shut off access in
the event of anomalies
36
If information must be sent over the Internet, encryption technology
can shield sensitive data when it must be
transmitted
37
POLICY FACTORS
Ensure laws, regulations and policies provide the necessary
support and focus that can complement cyber security
endeavours
38
It must also ensure that countries are able to
investigate, arrest and prosecute cyber
criminals
39
A strong legal framework sends a message that cyber
crime will be dealt with seriously and that limits on online conduct will be
imposed
40
A well articulated regulatory scheme will ensure that key players
such as TSPs, government and industry understand their roles in ensuring a
secure environment
41
Well articulated policies that outline the roles, responsibilities and
commitments of users, TSP and governments will
bring all this together
42
A FEW WORDS ABOUT SECURITY POLICIES
43
INDUSTRY POLICIES
Should address acceptable usage, minimum security
standards, and commitments by
organisation to educate and support users
44
GOVERNMENT POLICIES
Identify short and mid term security objectives, support to key players, investments in security technology and training, and awareness
initiatives