The Slammer computer worm that hit Internet servers worldwide this weekend serves as a reminder that security is not just a set of static protection mechanisms. Slammer is the first major security attack since Code Red 18 months ago. It has affected over 250 000 computers but fortunately it was relatively harmless. However, there is growing concern that copycat attacks may be far more destructive.
Surprisingly, many companies still do not take information security seriously. The world of computing, and in particular the Internet, is subject to a wide range of security-related threats. No matter what type and how many countermeasures are deployed, security-related incidents continually occur. Trends over the last few years in fact indicate that not only are more incidents occurring, but the impact and severity is growing all the time.
Respondents to the 2002 FBI/CSI survey reported that their organisations lost a total of over $455 million last year to security-related breaches. Incident response has become a mainstream activity, partly out of necessity, but also because increasingly more organisations realise that a security practice that does not achieve a reasonable balance between controls deployment and incident response cannot be effective.
International security expert Dr Eugene Schultz will present papers at the Info Sec Africa 2003 conference to be held at the Sandton Hilton from 24 to 26 February. Dr Schultz is a highly regarded security expert. During Operation Desert Storm, Dr Schultz led a team of US security experts to track down hackers attempting to bring down the US military`s computers. One of the sessions he will present at the conference addresses the security issues of Microsoft Web servers, the target of the Slammer attack.
In addition to the security conference, Dr Schultz will present two one-day seminars "Incident Response" and "Intruder Detection" on the 27 and 28 February respectively. These seminars will enable companies to be better prepared for future attacks similar to that of Slammer and Code Red. The first seminar will cover the major aspects of responding to incidents, starting with planning and going on to day-by-day activities in which those who respond to incidents must engage.
There is a lot more to intrusion detection than meets the eye. Intrusion detection involves considerably more than deploying intrusion detection systems (IDSs). The particular manner in which IDSs are deployed greatly affects their usefulness. Dr Schultz has found that few people genuinely understand the "ins and outs" of intrusion detection sufficiently to use it optimally.
Info Sec Africa 2003 is a three-day, three track event sponsored this year by Symantec, a leader in enterprise security solutions. Details about these events can be found at www.infosecafrica.co.za or obtained from Peter Hill at 082 55 88 732.
Share
Editorial contacts