Information Technology Reference
In-Depth Information
of the network and you start spreading the garbage that you picked up during the trip.
This is one of our most practical and hardest problems to solve and this is in addition to
the question of whether the attacks are coming from within or without; it is very difficult
to distinguish nowadays.
Handy
: Given that, any thoughts in how to harden the laptops? Because we want to
stay connected and get on the Internet. Any idea how to harden those laptops against the
basic picking up of those sundry and dangerous diseases?
Uner
i: I have spoken about security policies and one of these must be the use of
laptops. The acceptable use of laptops is one of the most important policies of an
organization and precautions need to be taken.
Aharoni
: I agree completely. It is mostly a matter of discipline of users who carry
laptops. It is a matter of making sure that the laptops are protected well enough even
when they are outside the network. But I have to admit that we find it a very difficult
task; we do get people coming from trips abroad and they have every possible piece of
garbage that you can imagine on their machines and it is difficult to understand how it
got there and this is a constant battle for us. I also want to mention that one of the other
problems that I am sure that all the organizations nowadays have is the various viruses
that come through e-mails that also appear to attack the organization from within, so
again there is yet another problem of distinguishing between attacks from outside the
network and inside the network. It is no longer that easy to separate the two.
Kolobov
: Mobile users in all companies present the weakest place in the production
system. We usually like to recommend using a VPN technology just to get protection of
non-authorised access and to protect the data from mobile users inside the net, but the
most important non-protected thing is 802.11 wireless. That presents a great vulnerability
for all the nets that would like to use such a kind of service in the net.
Handy
: For the kind of strategy that the CERT co-ordinating centre worked out in the
past, I just wanted to see if everybody's CERTs are doing that here. Whenever there is a
massive virus that seems like it is going to hit the whole world, the CERTs send out
advisories and bulletins that actually co-ordinate with other CERTs, for the CERTs that
are represented here are all part of that already. The point I want to make is that once
there is some type of an intrusion, the other part of the CERT is working with law
enforcement agencies to try to trace it back and sometimes we have been successful in
finding the rogue actor right down to his or her computer. In the US the police invade
premises and arrest the perpetrators, but if it happens outside of the United States,
obviously there has to be some kind of cooperation with multiple law enforcement
agencies to be able to find the source of that perpetrator. Do you all see a need for that
and what does that mean to your CERTs and your governments when you have to trace
these things?
Kolobov
: What I mentioned when I was talking about a global response strategy was
like a procedure for all of us. Anywhere, at any time when things appear, you can let us
know about that within 80 milliseconds. We should know each country, each CERT
Search WWH ::
Custom Search