information security challenges to smes l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Information Security Challenges to SMEs PowerPoint Presentation
Download Presentation
Information Security Challenges to SMEs

Loading in 2 Seconds...

play fullscreen
1 / 35

Information Security Challenges to SMEs - PowerPoint PPT Presentation


  • 247 Views
  • Uploaded on

Information Security Challenges to SMEs Roy Ko, Center Manager Agenda Recent Incidents in Hong Kong Security Risks Managing Security Risks Protection Strategies Response Actions HKCERT Recent Security Incidents in Hong Kong MS Blaster Worm Welchia/Nachi SoBig.F Blaster Worm

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Security Challenges to SMEs' - PamelaLan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
agenda
Agenda
  • Recent Incidents in Hong Kong
  • Security Risks
  • Managing Security Risks
  • Protection Strategies
  • Response Actions
  • HKCERT
recent security incidents in hong kong
Recent Security Incidents in Hong Kong
  • MS Blaster Worm
  • Welchia/Nachi
  • SoBig.F
blaster worm
Blaster Worm
  • July 16, 2003 - Microsoft Security Bulletin MS03-026 “Buffer Overrun In RPC Interface Could Allow Code Execution”
  • August 11, 2003 - W32.Blaster Worm infected 300,000 PCs worldwide
  • August 16, 2003 - Tried to start a denial-of-service attack to windowsupdate.com. UNSUCCESSFUL
blaster worm5
Blaster Worm
  • RPC Service terminated, causing system auto-reboot
  • Scan Internet for computer with vulnerability unpatched
  • Internet & System slowdown.
  • In Hong Kong, affected mainly Home Users
blaster worm it should have been avoided
Blaster WormIt Should Have Been Avoided
  • Microsoft Patch Available
    • Windows Update
    • Web Site Downloads available
    • Security Bulletins
  • Other Announcements
    • CERT Alerts
    • Magazines - email notices
    • Department of Homeland Security
  • Hackers Activities
blaster worm it should have been avoided7
Blaster WormIt Should Have Been Avoided
  • Apply Patches
  • Firewall
  • Install Anti-virus Software and Update Virus Definition File
welchia nachi
Welchia/Nachi
  • Blaster Worm Removal Tool (?)
    • Stop and Delete Blaster Worm
    • Download and install patch of RPC vulnerability
    • Replicate and Spread
    • Self-destruction
  • Network Slowdown, Denial-of-Service
  • System Hang or Unstable
sobig f
SoBig.F
  • Email Address from files found in computer as Sender and Recipient
  • Content - “See the attached file for details”
  • Attachment - .pif .scr
  • Download software - potential risks UNSUCCESSFUL
  • Side Effect - Spamming
information security risks to smes
Will these happen to you?

Terrorist attack

Bomb threats

Typhoon

Flood

Fire

Power Outage

Multi-tenant sites

Computer Failure

Computer Viruses

Hackers

Loss of Records

Loss of Personnel

Information Leakage

Information Security Risks to SMEs

More scenarios at URL:

http://www.contingencyplanning.com/disruption.cfm

hkcert survey on local industry
HKCERT Survey on Local Industry

Many companies still ignore the importance of information security -- adopted only basic or no security technology

hkcert survey on local industry13
HKCERT Survey on Local Industry
  • Financial Loss of surveyed organizations due to security attack has been increasing in the past two years.
consequences of the risks
Consequences of the Risks
  • Financial Loss
  • Legal Liability
  • Damage to Reputation
  • Damage and Leakage of Information
  • Cost of Recovery
  • Loss of Productivity
managing information security risks
Managing Information Security Risks
  • Protect yourself from these risks
    • You have to know the risks and mitigate them
  • Build up Incident Response Capability
    • You have to be prepared to react when it actually come
    • HKCERT/CC focuses on this area
identify your information assets
Non-electronic (paper, physical items)

Contract & Agreement

Case files

Company Seal

Electronic (list is increasing)

Staff personnel record

Customer database

Username/password

Encryption keys

Email message

PC workstation

Database

File server

Web server

Mail server … (more to list)

Identify your information assets
internet threats by virus worms
Internet Threats by Virus/Worms
  • Virus is more and more capable
    • State of art virus/worms are blended attacks. They make use of security holes of your system to attack you, e.g. Blaster, Nimda, Code Red
    • They travel so much faster than before. In 2001, Nimda peaked its attack globally in 2 days! SoBig.F - Fastest Spreading Worm
    • Some are capable of removing your antivirus software and firewall protection
    • Build its own email engine to spread
    • Open Backdoor
internet threats by virus worms 2
Internet Threats by Virus/Worms (2)
  • Virus damages
    • Delete or modify system and data files
    • Some send out message using your address book using your email address account (*makes your liable*)
    • Some send out OLD messages and attachments to other email addresses (leak of confidential information)
    • Some send out message using another email address of your address book to other people  makes tracking of the virus hard, e.g. Klez. That is why Klez has survived as top worm till now.
protection against virus worm
Protection against Virus/Worm
  • Implement anti-virus solution
    • at email server, desktop and notebook
  • Keep the virus signature file updated
    • Daily and Automatically (best just before office hour starts)
  • Automate a weekly scanning of whole hard disk
    • best during non-office hour, e.g. lunch time
  • Be careful in opening emails you do not expect
  • For a firm, make sure you use a “corporate” edition of anti-virus solution with central management feature
    • administrator in front of one workstation  can manage signature update, schedule automatic scanning, read reports for all PCs
threats from hacking
Threats from Hacking
  • Hackers not necessarily your competitors or somebody hostile with you.
  • Scripting Tools for kids available
    • point-n-click, as easy as Windows
    • curiosity and sense-of-achievement tempt kids
  • Blended attack from virus also perform automatic hacking
  • If you install a firewall or intrusion detection system, you will notice your PC is scanned all the day.
protection from hacking threat
Protection from Hacking Threat
  • Firewall – baseline protection vs. hacking
    • A network device that filters network traffic going in and out of your network
    • Cost
      • Varies from $x,xxx to $xxx,xxx (hundreds of thousands)
      • Need ongoing software subscription to update
      • Need firewall administration expertise to manage
    • Feature Differences
      • capacity of traffic it can handle and no. of networks managed
      • fine control of traffic to pass through
protection from hacking threat by firewall

Internet

Firewall

Servers

attack

PC users

Hacker

Protection from Hacking Threat by Firewall
  • Block most scanning and attacking of hackers
  • Allow internal server and PCs can go out freely
  • Fine control possible -- open only Web, Mail, FTP, but disallow ICQ going out !
management control measure
Management Control Measure
  • Make sure your systems is properly protected
    • Password control
      • Minimum password length
      • Use different password for public access (e.g. Yahoo) and sensitive systems
    • Access control
      • Limit what a user account can access
      • Not everyone should have Administrative Rights on systems
    • Zoning
      • Put sensitive information (e.g. customer data, HR information) in separate machine locked in separate room
when security incident occurs
When Security Incident Occurs
  • You cannot reduce risks to ZERO
    • you must be prepared to tackle the incidents
  • Preparation (準備)
  • Detection (偵測)
  • Containment (控制損失)
  • Eradication (根除)
  • Recovery (恢復)
  • Follow Up (跟進)
get published guideline and information
Get Published Guideline and Information

HKCERT has a series of publications

Free-of-charge

Available on web site and hardcopy

  • Internet Security Handbook (co-op with HKUST)
  • Guideline for Virus Prevention, Wireless LAN Secure Configuration, etc.

Available via email to subscribers

  • Monthly Newsletter
get informed earlier respond faster
Get Informed Earlier Respond Faster

HKCERT Web Site (free-of-charge)

  • updated everyday
  • both English and Chinese information
subscribe security alert
Subscribe Security Alert
  • Subscribe HKCERT Security Alert Services
    • It is free-of-charge.
    • Email alerts will be sent to subscribers on vigorous virus threats  helps the public to react faster
  • HKCERT Security Alert Service through SMS
    • allow people out of office to react faster with alert from mobile phone SMS alert message
    • Again it is free-of-charge
when security incident occurs30
When Security Incident Occurs
  • HKCERT Incident Response Service
    • Our hotline: 8105-6060
    • It is 7x24 run.
    • It is free-of-charge on-phone service.
    • We keep all reported incidents confidential.
establish the mechanism of security incident response
Establish the Mechanism of Security Incident Response
  • HKCERT/CC established in Feb 2001
    • As the centre of coordination of computer security incidents for local enterprises and individuals
    • Provide free services to the public
  • Funded by Innovation & Technology Fund
  • Operated by Hong Kong Productivity Council
hkcert services
HKCERT Services
  • Security Incident Report and Response
    • 7 x 24 report and response (phone and email)
    • All reported information is kept confidential
  • Security Alert (Chinese and English)
    • Monitor closely the virus and security vulnerabilities
    • Publish information and the fix tools
  • Security Information Publishing
    • Publish via WEB the security vulnerabilities and guideline for prevention
    • Publish information security newsletter monthly
hkcert services33
HKCERT Services
  • Awareness and Training
    • Periodically arrange free open seminars to public to promote information security awareness
    • Organize (paid) Training Course to provide more in-depth knowledge and skills on information security
  • Research and Development
    • Study and research on specific security topic

Note: every organization can establish their own response mechanism to handle internal computer security incidents

security incident response contacts
Security Incident Response Contacts
  • You should FIRST inform Company Management & in-charge of Information Security

HKCERT Hotline: 8105-6060

Web site: http://www.hkcert.org

  • HK Police Force Hotline: 2528-3482 (for criminal cases enquiry and report)
  • ITSD InfoSec Web: http://www.infosec.gov.hk (information)
  • Your ISP (for Internet account password, impolite probing and email spamming cases)
    • If you ISP does not respond to your email spamming report, you can also call OFTA: 2961 6333 (complaint on service provider)
    • If your ISP does not respond in other cases, call HKCERT to help
question answer

Question & Answer

roy@hkpc.org

www.hkcert.org