The Cambodia Chapter of the Internet Society had the opportunity to host a special workshop on the main trends in Cyber Security and Counter Strategies in 2011. This was possible because an expert from Japan, Mr. KAMATA Keisuke, an IT security expert from Japan, was prepared to share his experience in this field with members of our chapter and other interested persons in this field.
The workshop was held on 23 November 2011, organized together with the ISP MekongNet; the company Anana Computers provided the venue for this event.
The workshop participants were welcomed by the president of the ISOC Cambodia Chapter, thanking the expert speaker, and extending a welcome to all, especially also to those who are not – yet? - members of the Chapter.
The presentation dealt first with the most common problems, following with considerations about counter strategies.
Unfortunately the progress in the development of the Internet as an important global tool of communication has also led to ever more sophisticated disruptive activities. They can be categorized as follows:
Advanced Persistent Threat (APT) – these disruptive activities go beyond old type virus attacks, where even an individual was able to launch a virus. APTs require more resources to establish and maintain persistent threats, as they are a combination of attacks that include malware, zero-day exploits, and social engineering. The aim at specific targets to either gain access to economic data, or to spy for information.
Malware - “malicious software” - places programs into networks of computers that can disrupt their operation or to gain information, where privacy or access control to resources is exploited.
Zero-day Attacks happen when a computer program has weak elements which can be criminally exploited before the programmer of such programs, or its users, know about the weak elements and can act against the threat.
Social engineering refers here activities where an attacker gains important access information by exploiting the trust of an administrator – or an account holder who is disclosing a password in response to a fraudulent mail – or where social media like Facebook and Twitter are used to gain administrator information.
Denial-of-Service attack (DoS attack) or Distributed Denial-of-Service attack (DDoS attack) - make a network or a computer unavailable: an Internet site or a service cannot functioning well or not at all. Such attacks often target banks, or their payment systems, but also web sites may be attacked and paralyzed to silence political opinion.
What can you do?
Encryption of information – encrypting information must be considered carefully and deeply. If stored or transmitted data are encrypted – if they are changed according to a specific method, so that only somebody who has the “key” to read these data, even if such data are stolen they are useless if the criminal does not have the key.
There are different ways where to encrypt data: a) at the communication layer, b) at the HDD layer, or c) at the application layer. So encryption can give a certain amount of security, but it is not a perfect way to protect information.
Network Access Control (NAC) – as the name says, NAC procedures do exactly what the name says, to control access to a whole network when an outside connection is requested.
Intrusion Detection Systems – IDS – are mainly to detect access and other program policy violations and inform the network manager to take action.
Payment Card Industry Data Security Standard - PCI DSS – are recommendations how to secure payment systems like credit cards, ATMs at banks, prepaid-card arrangements etc. But there are different standards from various organizations – not only for the payment card industry. Other recommended standard are from the US National Institute of Standards and Technology Special Publications in the 800 Series (NIST SP800), but these procedures are huge.
Client Awareness – but, in addition, to all the technical facilities to control malicious intrusions, more awareness of computer users in general is needed, as many attacks and violations become only possible, when users have not secured their computers with regularly updated anti-virus and other protection programs, or simply give away their password in response to fraudulent e-mail requests.
Though there was only 15 participants - persons responsible for networks at banks, from a government ministry, from the security company licensed by the Securities and Exchange Commission of Cambodia, and from ISPs and NGOs - this offer in a crucial field, but not well served, was well received.