Information Security Challenges to SMEs - PowerPoint PPT Presentation

About This Presentation
Title:

Information Security Challenges to SMEs

Description:

Hong Kong Computer Emergency Response Team. Recent Security ... Power Outage. Multi-tenant sites. Computer Failure. Computer Viruses. Hackers. Loss of Records ... – PowerPoint PPT presentation

Number of Views:344
Avg rating:3.0/5.0
Slides: 36
Provided by: HKC2
Category:

less

Transcript and Presenter's Notes

Title: Information Security Challenges to SMEs


1
Information Security Challengesto SMEs
Roy Ko, Center Manager
2
Agenda
  • Recent Incidents in Hong Kong
  • Security Risks
  • Managing Security Risks
  • Protection Strategies
  • Response Actions
  • HKCERT

3
Recent Security Incidents in Hong Kong
  • MS Blaster Worm
  • Welchia/Nachi
  • SoBig.F

4
Blaster Worm
  • July 16, 2003 - Microsoft Security Bulletin
    MS03-026 Buffer Overrun In RPC Interface Could
    Allow Code Execution
  • August 11, 2003 - W32.Blaster Worm infected
    300,000 PCs worldwide
  • August 16, 2003 - Tried to start a
    denial-of-service attack to windowsupdate.com.
    UNSUCCESSFUL

5
Blaster Worm
  • RPC Service terminated, causing system
    auto-reboot
  • Scan Internet for computer with vulnerability
    unpatched
  • Internet System slowdown.
  • In Hong Kong, affected mainly Home Users

6
Blaster WormIt Should Have Been Avoided
  • Microsoft Patch Available
  • Windows Update
  • Web Site Downloads available
  • Security Bulletins
  • Other Announcements
  • CERT Alerts
  • Magazines - email notices
  • Department of Homeland Security
  • Hackers Activities

7
Blaster WormIt Should Have Been Avoided
  • Apply Patches
  • Firewall
  • Install Anti-virus Software and Update Virus
    Definition File

8
Welchia/Nachi
  • Blaster Worm Removal Tool (?)
  • Stop and Delete Blaster Worm
  • Download and install patch of RPC vulnerability
  • Replicate and Spread
  • Self-destruction
  • Network Slowdown, Denial-of-Service
  • System Hang or Unstable

9
SoBig.F
  • Email Address from files found in computer as
    Sender and Recipient
  • Content - See the attached file for details
  • Attachment - .pif .scr
  • Download software - potential risks UNSUCCESSFUL
  • Side Effect - Spamming

10
Information Security Risks to SMEs
  • Will these happen to you?
  • Terrorist attack
  • Bomb threats
  • Typhoon
  • Flood
  • Fire
  • Power Outage
  • Multi-tenant sites
  • Computer Failure
  • Computer Viruses
  • Hackers
  • Loss of Records
  • Loss of Personnel
  • Information Leakage

More scenarios at URL http//www.contingencyplan
ning.com/disruption.cfm
11
Hong Kong Security Incidents Statistics
12
HKCERT Survey on Local Industry
  • Many companies still ignore the importance of
    information security -- adopted only basic or no
    security technology

13
HKCERT Survey on Local Industry
  • Financial Loss of surveyed organizations due to
    security attack has been increasing in the past
    two years.

2001/2000 Growth 2002/2001 Growth
Total Financial Loss 10.8 20.5
Per Victimized Company 58.0 44.9
14
Consequences of the Risks
  • Financial Loss
  • Legal Liability
  • Damage to Reputation
  • Damage and Leakage of Information
  • Cost of Recovery
  • Loss of Productivity

15
Managing Information Security Risks
  • Protect yourself from these risks
  • You have to know the risks and mitigate them
  • Build up Incident Response Capability
  • You have to be prepared to react when it actually
    come
  • HKCERT/CC focuses on this area

16
Identify your information assets
  • Non-electronic (paper, physical items)
  • Contract Agreement
  • Case files
  • Company Seal
  • Electronic (list is increasing)
  • Staff personnel record
  • Customer database
  • Username/password
  • Encryption keys
  • Email message
  • PC workstation
  • Database
  • File server
  • Web server
  • Mail server (more to list)

17
Identify the risks
Info. asset Risk
Contract agreement (hardcopy) Fire, theft
Contract agreement document (softcopy) Modified by ignorant staff or third party
Contract agreement Leakage by Disgruntled staff
Information indexing filing system Staff leaves or having accident
etc. etc.
18
Identify and Select the controls
Control Cost () Effectiveness ()
Fire theft rent a flat in grade-A building store document in fireproof safe () ()
Softcopy modified - save in optical medium - store extra copy offsite () ()
Staff leave or loss Separation of duty shift of duty Better documentation () ()
etc. etc.
19
Internet Threats by Virus/Worms
  • Virus is more and more capable
  • State of art virus/worms are blended attacks.
    They make use of security holes of your system to
    attack you, e.g. Blaster, Nimda, Code Red
  • They travel so much faster than before. In 2001,
    Nimda peaked its attack globally in 2 days!
    SoBig.F - Fastest Spreading Worm
  • Some are capable of removing your antivirus
    software and firewall protection
  • Build its own email engine to spread
  • Open Backdoor

20
Internet Threats by Virus/Worms (2)
  • Virus damages
  • Delete or modify system and data files
  • Some send out message using your address book
    using your email address account (makes your
    liable)
  • Some send out OLD messages and attachments to
    other email addresses (leak of confidential
    information)
  • Some send out message using another email address
    of your address book to other people ? makes
    tracking of the virus hard, e.g. Klez. That is
    why Klez has survived as top worm till now.

21
Protection against Virus/Worm
  • Implement anti-virus solution
  • at email server, desktop and notebook
  • Keep the virus signature file updated
  • Daily and Automatically (best just before office
    hour starts)
  • Automate a weekly scanning of whole hard disk
  • best during non-office hour, e.g. lunch time
  • Be careful in opening emails you do not expect
  • For a firm, make sure you use a corporate
    edition of anti-virus solution with central
    management feature
  • administrator in front of one workstation ? can
    manage signature update, schedule automatic
    scanning, read reports for all PCs

22
Threats from Hacking
  • Hackers not necessarily your competitors or
    somebody hostile with you.
  • Scripting Tools for kids available
  • point-n-click, as easy as Windows
  • curiosity and sense-of-achievement tempt kids
  • Blended attack from virus also perform automatic
    hacking
  • If you install a firewall or intrusion detection
    system, you will notice your PC is scanned all
    the day.

23
Protection from Hacking Threat
  • Firewall baseline protection vs. hacking
  • A network device that filters network traffic
    going in and out of your network
  • Cost
  • Varies from x,xxx to xxx,xxx (hundreds of
    thousands)
  • Need ongoing software subscription to update
  • Need firewall administration expertise to manage
  • Feature Differences
  • capacity of traffic it can handle and no. of
    networks managed
  • fine control of traffic to pass through

24
Protection from Hacking Threat by Firewall
  • Block most scanning and attacking of hackers
  • Allow internal server and PCs can go out freely
  • Fine control possible -- open only Web, Mail,
    FTP, but disallow ICQ going out !

25
Management Control Measure
  • Make sure your systems is properly protected
  • Password control
  • Minimum password length
  • Use different password for public access (e.g.
    Yahoo) and sensitive systems
  • Access control
  • Limit what a user account can access
  • Not everyone should have Administrative Rights on
    systems
  • Zoning
  • Put sensitive information (e.g. customer data, HR
    information) in separate machine locked in
    separate room

26
When Security Incident Occurs
  • You cannot reduce risks to ZERO
  • you must be prepared to tackle the incidents
  • Preparation (??)
  • Detection (??)
  • Containment (????)
  • Eradication (??)
  • Recovery (??)
  • Follow Up (??)

27
Get Published Guideline and Information
  • HKCERT has a series of publications
  • Free-of-charge
  • Available on web site and hardcopy
  • Internet Security Handbook (co-op with HKUST)
  • Guideline for Virus Prevention, Wireless LAN
    Secure Configuration, etc.
  • Available via email to subscribers
  • Monthly Newsletter

28
Get Informed Earlier? Respond Faster
  • HKCERT Web Site (free-of-charge)
  • updated everyday
  • both English and Chinese information

29
Subscribe Security Alert
  • Subscribe HKCERT Security Alert Services
  • It is free-of-charge.
  • Email alerts will be sent to subscribers on
    vigorous virus threats ? helps the public to
    react faster
  • HKCERT Security Alert Service through SMS
  • allow people out of office to react faster with
    alert from mobile phone SMS alert message
  • Again it is free-of-charge

30
When Security Incident Occurs
  • HKCERT Incident Response Service
  • Our hotline 8105-6060
  • It is 7x24 run.
  • It is free-of-charge on-phone service.
  • We keep all reported incidents confidential.

31
Establish the Mechanism of Security Incident
Response
  • HKCERT/CC established in Feb 2001
  • As the centre of coordination of computer
    security incidents for local enterprises and
    individuals
  • Provide free services to the public
  • Funded by Innovation Technology Fund
  • Operated by Hong Kong Productivity Council

32
HKCERT Services
  • Security Incident Report and Response
  • 7 x 24 report and response (phone and email)
  • All reported information is kept confidential
  • Security Alert (Chinese and English)
  • Monitor closely the virus and security
    vulnerabilities
  • Publish information and the fix tools
  • Security Information Publishing
  • Publish via WEB the security vulnerabilities and
    guideline for prevention
  • Publish information security newsletter monthly

33
HKCERT Services
  • Awareness and Training
  • Periodically arrange free open seminars to public
    to promote information security awareness
  • Organize (paid) Training Course to provide more
    in-depth knowledge and skills on information
    security
  • Research and Development
  • Study and research on specific security topic
  • Note every organization can establish their own
    response mechanism to handle internal computer
    security incidents

34
Security Incident Response Contacts
  • You should FIRST inform Company Management
    in-charge of Information Security
  • HKCERT Hotline 8105-6060
  • Web site http//www.hkcert.org
  • HK Police Force Hotline 2528-3482 (for criminal
    cases enquiry and report)
  • ITSD InfoSec Web http//www.infosec.gov.hk
    (information)
  • Your ISP (for Internet account password, impolite
    probing and email spamming cases)
  • If you ISP does not respond to your email
    spamming report, you can also call OFTA 2961
    6333 (complaint on service provider)
  • If your ISP does not respond in other cases, call
    HKCERT to help

35
Question Answer
roy_at_hkpc.org www.hkcert.org
Write a Comment
User Comments (0)
About PowerShow.com