Information Technology Reference
In-Depth Information
Buyukoner
: I would like to come back to Colonel Dexter's question about the
situation in Turkey. As far as I know, and although I retired from the Turkish army in
1996 as chief of the information system of the division of the Turkish staff, I do know
that there is an information system security directive of DGS and it includes instructions
for the system backup, giving the priorities of the functioning departments; for example,
the intelligence department, the operations department, etc. And people follow these
instructions against internal attacks to the system but unfortunately I do not know the
latest version of it.
Handy
: I am dating myself here, but I ask this question because at the US-wide CERT
coordinating center, before they had the government CERT, they looked at the viability
of the Internet as their first and foremost priority because if that is down they cannot
comunicate with anybody else. Their next level was safety; in other words if there was
going to be loss of life, then they restored things to hospitals, fire departments and
emergency medical services and then the next level was further down, perhaps financial
networks and then, of course the command and control networks. I do not know exactly
what the hierarchy is now but they thought about that, and so that was the thrust of my
question - are all the CERTs thinking in terms of what to fix first?
Uner
i: I am surprised that Mário Valente has not used the words 'decentralized' and
'distributed'. My joke. My comment will be that sometimes uniform systems are better
in security. If you have one operating system and one application software and one
browser and one e-mail and you know those systems very well and you secure those
things it is better than, I think, five systems or five operating systems, which you do not
know very well. So, sometimes making the system more uniform, for example, in the
sense of networks means that if you know the system well, if you are trying it, if you are
logging on and monitoring, that is a better security approach.
Erez
: From statistics and research, something between 80% to 90% of the damage
done to enterprises through the net are done internally and not externally.
Uneri
: I would add that it is always difficult for me to classify attacks as internal or
external because I cannot know very well where the attack came from and in this Internet
world in the information age, I cannot classify the attacks. These are external because
sometimes networks are not separated. If the network we are talking about is the
Internet, you cannot say if it is external or internal. It is very probable for the attacker to
change the source of the attack, so it looks like it comes from somewhere in Europe but it
could be from Ukraine or could be anywhere. My point is that it is very difficult to
classify if it is internal or external.
Aharoni
: I would like to share with you some of the experience that we have
internally. We are a company proud of ourselves as security experts but nevertheless we
do get attacked every now and then. One of the biggest problems that we have been
having recently is attacks from within, by employees that take their laptops, as I do, and
go on trips abroad and connect their laptop into a DSL connection in some hotel. In the
US, almost all hotels nowadays have a high-speed Internet connection. You connect
your laptop in a hotel, you pick up all the garbage from that hotel, you come back into
the organization across all the perimeters that you carefully set up, straight into the heart
Search WWH ::
Custom Search