Post on 01-Jan-2016
Network Security
Allan G. DyerCISSP, MHKCS, MIAP, AIDPM, MSc (tech), BSc
Past Chair, ISSG, HKCS; President, AVAR
adyer@yuikee.com.hk
Education SuccessSven Jaschan• German Teenager• School Student• Wrote software worth
>US$157,000
•Worldwide Headlines•Interview with Stern Magazine•Job with Securepoint - German IT Security Company
Education Success?
• estimated damages of US$157,000 for 4 specimen victims
• Created Netsky and Sasser Worms• Arrested May 2004
– Tip-off from school friends– Confessed after arrest
• Netsky.Z attacked educational sites: www.educ.ch, www.medinfo.ufl.edu, www.nibis.de
Education Failure
• He "had not considered the consequences or the damage"
• "everyone in Jaschan's class knew what he was doing"
• "some of them helped him distribute [the worms]"• Parents did not recognise the significance:
– 'Papa, I've put out a computer worm.' – 'Sven, you didn't do anything stupid, did you?'
Education Improvements
• Students need to learn about Information Security and Ethics– Protect Themselves– Respect Others
What Is Information Security?
CIAConfidentiality
IntegrityAvailability
Meet The Threats:
Viruses, Worms, Trojans
Meet The Threats:
Spyware
Meet The Threats:
Spam
Meet The Threats:
Phishing
Meet The Threats:
Criminals
Meet The Threats:
PornInappropriate Content
"Ordinary" Organisation
InternetFirewall
"Ordinary" Organisation
• Trusted Users Inside– Users are already Trained
• Threats Outside
A School
InternetFirewall
SAMS
Classrooms
A School
• Firewall is still a useful control point
• Many users (pupils) with minimal computer knowledge
• Some users may be mischievous or malicious
• SAMS an attractive target
SAMS
• Attendance Records– Hide skiving– Sell the service
• Test or Exam Results
• Personal Details– Intimidate or Blackmail others
SAMS: Gaining Access
• Guess Passwords
• Unattended Computer
• Network Sniffing
• Keystroke Loggers
How Young?
• Some macro viruses probably written by 10 to 12 year olds
• Primary Students…– Joke programs?– Plagiarism?
Are
HackersEvil?
The "Hacker Ethic"
• Curiosity
• Exploring
• Learning
• Testing and Pushing Limits
• Freedom
HKCERT/CC• Hong Kong Computer Emergency Response
Team Coordination Centre• Established February 2001• Under Hong Kong Productivity Council, funded by
Innovation & Technology Fund• Virus Alerts:
– http://www.hkcert.org/valert/valert.html
• Security Alerts:– http://www.hkcert.org/salert/salert.html
Questions?
http://www.yuikee.com.hk/computer/info-ctr/newsletter/