Transcript Tuesday 9 th March 2004

Lighting Up
the Darker Side of the Web
Colin Rose
Quarter Past Five Limited
Tuesday 9th March 2004
The cost of widespread company network security breaches keeps rising…
Occurrence and Average Annual Cost of a Security Attack (IDC)
InformationWeek estimates:
•
Security breaches cost businesses $1.4 trillion worldwide this year
•
2/3 of companies have experienced viruses, worms, or Trojan horses
•
15% have experienced Denial of Service attacks
•
“60% of security breaches occur within the company – behind the firewall”
(IDC)
What are the drawbacks?
Of increased user internet and e-mail access
“Users; who would have them?”
•
•
•
•
•
Users do not know what to do
Users mess things up
Users are lazy
Users change things
Users are a maverick component
What are the consequences?
Of increased user internet and e-mail access
“Users; what would you do without them?”
• Users need to be told what to do
(and what not to do)
• Users are the main reason why you have a computer
network
• Users are the larger half of your information
systems
• Users can spot problems
• Users need to be “configured”, you just need to
understand how to “configure” them.
Other Issues
•
•
•
•
•
•
Legal liabilities
Who is on your network -  
Sexual or racial harassment
Bad publicity and lost reputation
Improper use of the systems
Inside out and Outside in??
The Dark Side of the Web
Pornography
Anarchy and theft
Credit card fraud
Telephone fraud
Lock picking
The Dark Side of the Web
Hacking
Steganography
Spoofs and sucksites
Virus creation
Password crackers
MP3 music files
Cyber Warfare
International and commercial
•
•
•
•
•
Denial of Service
Commercial cyber warfare
Terminate your existence in cyberspace
Puts you out of business
Easy to carry – downloadable from the web
To re-cap….
The internet can be used safely, we just have to
be a bit more sophisticated than we used to…
Steganography
Fred Smith, currently on placement, can always be found
hard at work at his desk. Fred works independently, without
wasting company time talking to colleagues. Fred never
thinks twice about assisting fellow employees, and he always
finishes given assignments on time. Often Fred takes extended
measures to complete his work, sometimes skipping coffee
breaks. Fred is an individual who has absolutely no
vanity in spite of his high accomplishments and profound
knowledge in his field. I firmly believe that Fred can be
classed as a high-caliber asset, the type which cannot be
dispensed with. Consequently, I duly recommend that Fred be
offered permanent employment at Quarter Past Five, and a
Proposal be executed as soon as possible.
Steganography
Fred Smith, currently on placement, can always be found
wasting company time talking to colleagues. Fred never
finishes given assignments on time. Often Fred takes extended
breaks. Fred is an individual who has absolutely no
knowledge in his field. I firmly believe that Fred can be
dispensed with. Consequently, I duly recommend that Fred be
executed as soon as possible.
Confidentiality
• Inadvertent disclosure (MS Word)
• Cached information (Hotel Phoenix)
• Revelation
Virus Creation
Viruses no longer require a low level understanding of
computers.
Increased e-mail and web use makes viruses easy to
distribute.
Viruses are very easy to write
VCL / Mutation Engine / etc...