lighting up the darker side of the web colin rose quarter past five limited tuesday 9 th march 2004
DESCRIPTION
The cost of widespread company network security breaches keeps rising… Occurrence and Average Annual Cost of a Security Attack (IDC)TRANSCRIPT
Lighting Upthe Darker Side of the Web
Colin RoseQuarter Past Five Limited
Tuesday 9th March 2004
The cost of widespread company network security breaches keeps rising… Occurrence and Average Annual Cost of a Security Attack (IDC)
InformationWeek estimates:
• Security breaches cost businesses $1.4 trillion worldwide this year
• 2/3 of companies have experienced viruses, worms, or Trojan horses
• 15% have experienced Denial of Service attacks
• “60% of security breaches occur within the company – behind the firewall” (IDC)
What are the drawbacks?Of increased user internet and e-mail access
“Users; who would have them?”
• Users do not know what to do• Users mess things up• Users are lazy• Users change things• Users are a maverick component
What are the consequences?Of increased user internet and e-mail access
“Users; what would you do without them?”
• Users need to be told what to do(and what not to do)
• Users are the main reason why you have a computer network
• Users are the larger half of your information systems
• Users can spot problems• Users need to be “configured”, you just need to
understand how to “configure” them.
Other Issues
• Legal liabilities• Who is on your network - • Sexual or racial harassment• Bad publicity and lost reputation• Improper use of the systems• Inside out and Outside in??
The Dark Side of the WebPornography
Anarchy and theft
Credit card fraud
Telephone fraud
Lock picking
The Dark Side of the WebHacking
Steganography
Spoofs and sucksites
Virus creation
Password crackers
MP3 music files
Cyber WarfareInternational and commercial
• Denial of Service• Commercial cyber warfare• Terminate your existence in cyberspace• Puts you out of business• Easy to carry – downloadable from the web
To re-cap….
The internet can be used safely, we just have to be a bit more sophisticated than we used to…
hard at work at his desk. Fred works independently, without
thinks twice about assisting fellow employees, and he always
measures to complete his work, sometimes skipping coffee
vanity in spite of his high accomplishments and profound
classed as a high-caliber asset, the type which cannot be
offered permanent employment at Quarter Past Five, and a
Fred Smith, currently on placement, can always be found
wasting company time talking to colleagues. Fred never
finishes given assignments on time. Often Fred takes extended
breaks. Fred is an individual who has absolutely no
knowledge in his field. I firmly believe that Fred can be
dispensed with. Consequently, I duly recommend that Fred be
Proposal be executed as soon as possible.
Steganography
Fred Smith, currently on placement, can always be found
wasting company time talking to colleagues. Fred never
finishes given assignments on time. Often Fred takes extended
breaks. Fred is an individual who has absolutely no
knowledge in his field. I firmly believe that Fred can be
dispensed with. Consequently, I duly recommend that Fred be
executed as soon as possible.
Steganography
Confidentiality
• Inadvertent disclosure (MS Word)• Cached information (Hotel Phoenix)• Revelation
Virus Creation
Viruses no longer require a low level understanding of computers.Increased e-mail and web use makes viruses easy to distribute.Viruses are very easy to writeVCL / Mutation Engine / etc...