Você está na página 1de 50

1

Network Security & Applications


Global Perspective
Forum on ICTs, Trade and Economic Growth
Addis Ababa, Ethiopia March 14-16, 2006 14UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

According to an FBI study, 90% of US companies suffered a security incident in 2005


UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

The FBI also estimates that cyber crime cost US companies an average of $24,000 last year, down from $56,000 in 2004
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

But, they estimate that the total cost of cyber crime to the US was over $400 billion in 2005 alone
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

THE INTERNET

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

The Internet (ARPANET), was started in 1960s, established its first connection in 1969, was spread across the US by 1971, and reached Europe by 1973
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

ARPANETs Legacy


It all starts with a handshake


Transmission Control Protocol (TCP) & Internet Protocol (IP)

Well designed with many different paths to a destination, where routers constantly monitor the integrity and select the best path, making it robust in the face of severe physical damage
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

Despite its apparent good design, the Internet was not originally conceived with internal security in mind, making it vulnerable to attacks
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

Network Traffic

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

10

CYBER CRIME

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

11

Criminal acts using computers and networks as tools or targets Traditional crimes conducted through the use of computers
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

12

Modern Computer Crimes




Can be based on malicious code such as a virus, email virus, worm or Trojan horse.
a.k.a. Passive Attacks

Or actively perpetrated by knowledgeable individuals, who attempt to exploit network, computer, and software flaws
a.k.a. Active Attacks

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

13

Traditional Crimes


PrePre-existing crimes that are facilitated by the Internet or ones that have found new life because the Internet has made them lucrative endeavours.
Theft, theft of information, financial crimes, fraud, copyright infringement, child pornography, scams, harassment, and terrorism
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

14

A Brief Word On Phishing

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

15

WHAT ARE WE UP AGAINST?

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

16

FIRST We are faced with weak underlying technology and inherently vulnerable software

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

17

SECOND Issues such as users anonymity coupled with uninformed, misguided, and malicious users contribute to the problem
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

18

FINALLY Weak or non-existent legal, nonregulatory, and policy environments limit many countries ability to tackle cyber crimes

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

19

CYBER CRIMINALS

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

20

Cyber criminals come in many forms. The most harmful can be malicious insiders, and disgruntled or uninformed employees
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

21

The Internet also has its share of professional criminals like hackers, organized crime and pedophiles, who make a living off of their well honed skills and criminal endeavours
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

22

Finally, competing business, governments and terrorists will also use the internet to improve their position or further their cause
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

23

IS AFRICA A TARGET?

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

24

Ongoing analysis by Symantec and McAfee indicate that Africa is not a major source or target of cyber attacks

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

25

Limited connectivity, few appealing targets and a small number of users, are factors that currently shield potential African targets from most attacks
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

26

As the African e-environment eevolves, so to will its cyber crime environment Most likely for the worse
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

27

A shift from active to passive attacks will probably accelerate the problem, negating any protection limited connectivity provides
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

28

CAN ANYTHING BE DONE?

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

29

There is no one solution, be it technological or otherwise, to address cyber crime. It exists for a multitude of reasons and requires a multifaceted approach to combat
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

30

HUMAN FACTORS Industry, government and educators must first address human behaviour that allows cyber crime to thrive and/or undermine security efforts
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

31

A significant number of security breaches are in part caused by human actions, whether intentional or otherwise
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

32

Examples include: Use of weak passwords Divulging passwords Use of unauthorised software Opening of unknown email Unauthorised use of network
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

33

Breaches are not limited to novice or inexperienced users. Incidents have been caused by network administrators

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

34

Outlining acceptable network use, authorised software, along with awareness campaigns and training, can help mitigate against human errors
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

35

TECHNOLOGY FACTORS Technology plays a key role in securing computers and networks, but only if properly deployed and maintained
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

36

There are a panoply of security tools at your disposal. If used properly they will shield your organization from most attacks

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

37

Security ranges from the basics like limiting access to the network, forcing users to network, change passwords at regular intervals, to physically limiting access to certain computers
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

38

A step up would involve virus scanners that inspect incoming files for viruses, to firewalls, firewalls, which limit incoming and outgoing network traffic
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

39

To sophisticated tools like intrusion detection systems, systems, which constantly analyze network traffic and send out alerts or shut off access in the event of anomalies
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

40

If information must be sent over the Internet, encryption technology can shield sensitive data when it must be transmitted
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

41

POLICY FACTORS Ensure laws, regulations and policies provide the necessary support and focus that can complement cyber security endeavours
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

42

A strong legal framework sends a message that cyber crime will be dealt with seriously and that limits on online conduct will be imposed.
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

43

It must also ensure that countries are able to investigate, arrest and prosecute cyber criminals

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

44

A well articulated regulatory scheme will ensure that key players such as TSPs, government and industry understand their roles in ensuring a secure environment
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

45

Well articulated policies that outline the roles, responsibilities and commitments of users, TSP and governments will bring all this together
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

46

A FEW WORDS ABOUT SECURITY POLICIES

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

47

INDUSTRY POLICIES Should address acceptable usage, minimum security standards, and commitments by organisation to educate and support users
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

48

GOVERNMENT POLICIES Identify short and mid term security objectives, support to key players, investments in security technology and training, and awareness initiatives
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

49

FINAL COMMENTS

UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA

50

Michael Bitz
e-Security & Cyber Crime Consulting
Dar es Salaam, Tanzania michaelbitz@rogers.com (+255) 746 77 64 76
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA