Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security on the Internet: The Problem, Solutions and Perspectives Alain Patrick AINA Copyright, ECA, June 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security on the Internet: The Problem, Solutions and Perspectives Alain Patrick AINA Copyright, ECA, June 2006."— Presentation transcript:

1 Security on the Internet: The Problem, Solutions and Perspectives Alain Patrick AINA aalain@trstech.net Copyright, ECA, June 2006

2 The Internet has Become Indispensable to Life A place where many live, work and play. A critical resource for many business The Internet allows organizations to: Conduct electronic commerce Provide better customer service Collaborate with partners Reduce communications costs Improve internal communication Access needed information rapidly

3 The Risks(1) While computer networks revolutionize the way you live, play and do business, the risks computer networks introduce can be fatal. Network attacks lead to lost: money time products reputation lives sensitive information Confidence in e-commerce Confidence and security are very important for information society and particularly on the Internet

4 The Risks(2) Source: http://www.cert.org/stats/certstats.html

5 The Risks(3) Source : 2005 CSI/FBI Computer crime and security survey http://gocsi.com

6 Network and Information security Network and information security can be understood as the ability of a network or information system, to resist at a given level of confidence, accidental events or malicious actions. Such events or actions could compromise the availability, authenticity, integrity and confidentiality of stored or transmitted as well as related services offered via these networks and systems Some cybersecurity actions give rise to cybercrimes as spoofing, phishing, intellectual property theft, stealing of credit card, storing pornographic material, illegal distribution of racist materials, spamming.....

7 Spyware(1) Broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. Spread by various means : Voluntary downloaded because of deceptive licence agreements Embedded in desired software Exploit various security holes Sometimes spread by worms

8 Spyware(2) Theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. Serious security threat for end users

9 Phishing Rapidly-growing form of identity and credential theft Simple technical solutions won’t work. There is an human dimension to the problem -paypal.com versus paypa1.com -login.paypal.com versus login-paypal.com Site can supply cryptographic credentials, but users have to verify them properly

10 Security services(1) Confidentiality: Requires that the information in a computer system and transmitted information be accessible only for reading by authorized parties. This type of access includes printing, displaying, and other forms of disclosure, including revealing the existence of an object. Authentication: Requires that the origin of a message be correctly identified, with the assurance that the identity is not false.

11 Security services(2) Integrity : Requires that computer system assets and transmitted information be capable of modification only by authorized parties. Modifications includes writing, changing, changing status, deleting, creating, and the delaying or replaying of transmitted messages Nonrepudiation: Requires that neither the sender nor the receiver of a message be able to deny the transmission.

12 Security services(3) Access control: Requires that access to information resources be controlled by or for the target system. Availability: Requires that computer system assets be available to authorized parties when needed

13 Security services(3) There is no single mechanism which provides the security services listed above. However, Cryptographic techniques underlie most of the security mechanisms Conventional Encryption ( Symmetric encryption) Public-key Encryption ( Asymmetric encryption)

14 The Problem(1) In the rush to benefit from using the Internet, organizations often overlook significant risks. The engineering practices and technology used by system providers do not produce systems that are immune to attack Network and system operators do not have the people and practices to defend against attacks and minimize damage There is continued movement to complex,client- server and heterogeneous configurations with distributed management.

15 The Problem(2) There is little evidence of security improvements in most products; new vulnerabilities are found routinely. Comprehensive security solutions are lacking; current tools address only parts of the problem. Users are not educated.

16 The Problem(3) Source:http://www.cert.org/stats/cert_stats.html

17 The Problem(4) Intruders are building technical knowledge and skills gaining leverage through automation exploiting network interconnections and moving easily through the infrastructure becoming more skilled at masking their behaviour

18 The Problem(5) High Low password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools Attackers Intruder Knowledge Attack Sophistication “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics DDOS attacks Attack Sophistication vs. Intruder Technical Knowledge

19 The Problem(6) Policy and law in cyberspace are limited to the jurisdiction of the state Detecting and prosecuting most offences on global network are challenges Lack of collaboration between the different stakeholders involved Governments, Private sectors, civil society, international organizations, etc... Difficulties in harmonizing law and policy globally Privacy protection in Europe versus freedom of information in US OPT-in versus OPT-out

20 Since 1990, AFRICA has its networking revolution with Internet services penetration Infrastructures generally deployed without adequate security protections With very limited resources and in a difficult environment System resources, connectivities, etc... OS, tools and application outdated Difficulties with licences and updates management Situation in AFRICA (1)

21 Difficulties to get security information Absence of CERT (Computer Emergency Response Team) Insufficient qualification of technicians in general,mainly on security aspects Absence of security procedures and strategies Computer security budget very small or non- existent in most organizations Users not educated Situation in Africa(2)

22 Lack of legislation and laws on cybersecurity and cybercrimes Absence of collaboration between the different stakeholders Government, private sector, civil society, etc... These Infrastructures also faced security incidents and cybercrimes Accomplices of attacks ( zombies, amplifiers) Often easy preys Important undergone damages Security incidents generally badly managed Situation in Africa(3)

23 Solutions BUILDING TRUST ENVIRONMENT FOR E-LIVE

24 The interaction of threat and countermeasure pose distinctive problems for security specialists: The attacker must find but one of the possible multiple vulnerabilities in order to succeed; the security specialist must develop countermeasures for all.

25 Legal and administrative Solutions(1) Reinforce legislation framework against cybercrime at national, regional and international level The example of the Council of Europe -C onvention on cybercrime -http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm - Additional Protocol to the Convention on cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems -http://conventions.coe.int/Treaty/EN/Treaties/Html/189.htm Encourage international collaboration in detection and prosecuting cybercrimes Develop capacities and skills of national security entities (polices, lawyers etc...) to allow them to face challenges created by cybercrimes

26 Legal and administrative Solutions(2) Develop national information security plan and strategies Create CERT and disseminate security information( vulnerabilities, solutions, etc....) Encourage participation in organizations intended to improve E-business trust environment AfriPKI, etc....

27 Legal and administrative Solutions(3) Increase collaboration across all the stakeholders in fight against cybercrime (government, private sector, civil society, international organizations...) Develop a more appropriate curriculum in computer science trainings Train more computer engineers and security specialists Educate users

28 Technical Solutions Encourage and promote a better software engineering and industry Better coding practices Better update mechanisms IETF, ITU, W3C,... to continue to look for better and more secure protocols and security mechanisms The Industry to develop better security tools to provide security services: Confidentiality, Authentication, Integrity, Nonrepudiation, Access control, Availability

29 Perspectives Information and network security situation is not globally interesting The case of our continent is worse Efforts are made, much remains to be made. To create a favourable framework. To reinforce the technical skills. To sensitize and educate more. It requires more resources and initiatives.

30 Conclusions Information and network security is a complex system, which need to be designed, maintained, evaluated and improved. Some of the cybercrimes such as fraud, privacy are old crimes committed in new ways. The Internet has a way of magnifying both the good and the bad of our society. Part of the work consist of finding new answers for old crimes

Download ppt "Security on the Internet: The Problem, Solutions and Perspectives Alain Patrick AINA Copyright, ECA, June 2006."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Legal and Ethical Issues in Computer Security

Legal and Ethical Issues in Computer Security
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.

Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Similar presentations

Ads by Google