cio vietnam talkshow 40th
DESCRIPTION
In CIO Vietnam Talkshow 40 Mr. Jim Fitzsimmons gave an interesting presentation about IT Security in Vietnam. There are some facts that are really bad. Jim also proposed some framework of actions that will help fix the IT Security in businesses. In the event, audience and speaker also discussed a lot about the trend in using online services such as email, server, application, etc and the matter of security when use these services. Thank Jim and all the audience very much. We look forward to seeing you in the upcoming event Link to download the presentation belowTRANSCRIPT
The Failure of IT Security in VietnamAnd How an IT Compliance Program Can Help Companies Fix Their
Problems
copyright 2014 MF8 International, all rights reserved
VIETNAM & THE INTERNET
stats source: Internet World Stats 10.2014VN image from Free Vector Maps
Total population: 93.4 million
#7 in selected Asia countries for % of population online
#5 in selected Asian countries for number of internet users
#124 in the world for % of population online
#18 in the world for number of internet users
44% of the population online
Internet users: 41 million
#121 in UN Human Development Index, a Medium Human Development country
copyright 2014 MF8 International, all rights reserved
DIGITAL CITIES
ONLINE NATIONS
FUTURE STATES
source: Internet World Stats
copyright 2014 MF8 International, all rights reserved
VIETNAM & INTERNET SECURITY & THE OTHER FUTURE STATES
#13 in the world for spam servers (projecthoneypot.org)
#1 in the world for unpatched Stuxnet vulnerability (kaspersky labs)
#1 in the world for active XP PCs (kaspersky labs)
#8 in the world for Gameover Zues infections (shadowserver.org) VNPT #5 network in world
#3 source of zombified botnet computers (botnet-tracker.blogspot.com)
#3 source of spam in the world (spamrankings.net) VNPT #2 network in world
#6 for email harvesting dictionary attacks (projecthoneypot.org)
#18 source of DDOS attacks (akamai) #8 in last 24 hours 15/10/2014
THAILAND (20 MILLION ONLINE) IS SIGNIFICANTLY LOWER IN ALL LISTS
THE PHILIPPINES (44 MILLION ONLINE) HARDLY SHOWS UP IN THE SAME RANKINGS
INDONESIA (70 MILLION ONLINE) HAS PROBLEMS, BUT NOTHING LIKE IN VIETNAM
copyright 2014 MF8 International, all rights reserved
VIETNAM TELNETPORT 23COMMAND LINE REMOTE ACCESS
SHOULD NEVER BE USED OVER A PUBLIC NETWORK
14,591PHILIPPINES
NETBIOSPORT 139WINDOWS FILE SHARES
COMMON ATTACK TARGET AND SHOULD NEVER BE ACCESSIBLE ON A PUBLIC NETWORK
721
VNCPORT 5900FULL SCREEN REMOTE ACCESS TO A SERVER
REMOTE ACCESS ONLY IF STRICTLY NECESSARY AND WITH VPN, STRONG AUTHENTICATION IN PLACE
160
RDPPORT 3889FULL SCREEN REMOTE ACCESS TO A WINDOWS SERVERREMOTE ACCESS ONLY IF STRICTLY NECESSARY AND WITH VPN, STRONG AUTHENTICATION IN PLACE
50
MSSQLPORT 1433MICROSOFT SQL SERVER ACCESS
SHOULD NEVER BE REMOTELY ACCESSIBLE
380TELNETPORT 23COMMAND LINE REMOTE ACCESS
2,094
NETBIOSPORT 139WINDOWS FILE SHARES
1,299
VNCPORT 5900FULL SCREEN REMOTE ACCESS TO A SERVER
165
RDPPORT 3889FULL REMOTE ACCESS TO A WINDOWS SERVER
94
MSSQLPORT 1433MICROSOFT SQL SERVER ACCESS
195
copyright 2014 MF8 International, all rights reserved
WHY VIETNAM? WHAT ARE THE ROOT CAUSES?
NO ONE, INCLUDING IT DEPARTMENTS, KNOW WHAT IS GOING ON WITH THEIR PCs & NETWORKS
SYSTEMS ARE NOT CONFIGURED CORRECTLY
NO ONE BOTHERS TO UPDATE OLD & UNLICENSED SOFTWARE
LACK OF STANDARDS FOR IT STAFF MEANS A FAILURE IN SYSTEMS ADMINISTRATION
copyright 2014 MF8 International, all rights reserved
HOW ARE VIETNAMESE BUSINESSES AFFECTED?
LOWER STAFF PRODUCTIVITY WITH TIME LOST DUE TO SLOW OR FAILED COMPUTERS & APPLICATIONS
IT INVESTMENTS WASTED AS SYSTEMS DO NOT PERFORM WELL
COMPROMISED COMPUTERS MEAN THAT NO DATA IS SECURE
IT DEPARTMENTS HAVE TROUBLE SHOWING VALUE TO THE BUSINESS
copyright 2014 MF8 International, all rights reserved
FIXING THIS IS MORE ABOUT MANAGEMENT, NOT JUST TECHNOLOGY
THROWING MORE PEOPLE AT THE PROBLEM WONφT FIX IT
Understand and document the information that you need to manage & secure and which business stakeholder owns it
Train IT staff to policy requirements
Work with HR to tie compliance accountability to staff performance
Define compliance measurements for both technology and the people responsible for it
Develop a management plan to tie every policy requirement to a role
Use policies to define the right technical and administrative controls for your data
Organize your IT team into roles & responsibilities
Audit quarterly until results consistently demonstrate compliance
HOW DO BUSINESSES START TO FIX THE PROBLEM?
12345678
copyright 2014 MF8 International, all rights reserved
Information inventory & ownership
Team roles & responsibilities
Develop policies
Assess if existing technology meet
policies
Resolve technology & policy gaps
Train team on policies
Match roles to policies
Link compliance to HR performance
assessment
Develop reporting to information
owners
Establish measurements for
policiesPublish policies
1st internal audit
Publish results to information owners
Information owners to review & approve
policies
PLANNING AN IT COMPLIANCE PROGRAM
copyright 2014 MF8 International, all rights reservedcopyright 2014 MF8 International, all rights reserved
Harvesterprojecthoneypot.orgA harvester is a computer program that surfs the internet looking for email addresses. Harvesting email addresses from the Internet is the primary way spammers build their lists.
Spam Serverprojecthoneypot.orgA spam server is the computer used by a spammer in order to send messages. Many do not belong to the spammers themselves, but instead are "zombies" compromised by viruses or other malware.
Comment Spammerprojecthoneypot.orgComment spammers do not send email spam. Instead, comment spammers post to blogs and forums. These posts typically include links to sites being promoted by the comment spammer.
Dictionary Attackerprojecthoneypot.orgA dictionary attack involves making up a number of email addresses, sending mail to them, and seeing what is delivered.
Spamrankings.netAugust 2014VNPT #2 source in the world
Botnet-Trackerbotnet-tracker.blogspot.comSeptember 2014 data Top 25 w/ suspected botnet IPsVNPT #5 in the world, Viettel #13
Gameover Zeus InfectionsShadowserver.orgVNPT #5 in world
Stuxnet VulnerabilityFrom Kaspersky, known systems vulnerable to infamous stuxnet attack, presumed to because they run Windows XPVN has 38.79% of the world’s active XP computers
Source of DDOS Attacksprolexic.comAll time data(last 24 hours on 15.10.2014)Targets in USA
VN 13 6 3 3 8 1 18 (8)
TH 16 23 20 38 10 8 12 (13)
PI 35 (28)
HK 20 38 (27)
SG 64 (43)
JN 15 7 3 3 (9)
KO 16 7 28 9 9 (3)
TW 19 17 14 15 19 1 19 (6)
MY 14 18 32 (24)
IN 23 15 7 2 17 (18)
copyright 2014 MF8 International, all rights reservedcopyright 2014 MF8 International, all rights reserved
Symantec Malicious Activity by source 2012-13
symantec spam zombies 2012-13
Symantec bot 2012-13
Symantec web attack origins 2012-13
Symantec network attack origins
Symantec top 10 bot by lifespan 2012-13
Symantec top 10 source of botnet spam by location 2013
Countries most affected by online banking malware 2Q 2014 TrendMicro
Top spam sending countries 2Q 2014 TrendMicro
Vietnam 6 6 10 5 7
Thailand
Philippines
8
HK
Singapore
Japan 5 6 6 10 1
South Korea
7
Taiwan 4 4
Malaysia 9
Indonesia 4 2 7