Karel Rode reports back from the Gauteng chapter of the Information Security Group Africa's monthly meeting.
Karel Rode, solution strategist, Security Practice, CA
Congratulations to Securedata! Its new offices in the Medscheme Building in Bryanston was a very suitable venue for the latest ISG Africa meeting.
Our first speaker, after Craig Rosewarne dealt with the usual thank you messages to our venue sponsor, legal guardians and other contributing parties was Beaunard Grobler from the Cyber Crime Unit of the South African Police Services.
Grobler spoke about cybercrime in South Africa, the team that they have assembled into this specialist area and how SAPs are bringing criminals to justice. Keep in mind that this team is only concerned with the process of investigation of cybercrime, they do not prosecute. Finally Grobler theorised about computer forensics as if computer forensics should be part of your IT security procedures. It became very apparent that very few attendees knew of such capabilities within their own organisations.
The second speaker was Andrew Ochse from Securedata. The topic of mobile and mobile network security was appropriate to all of us as users of mobile technologies we so often ignore the obvious when utilising such pervasive solutions in our day-to-day lives. Of note was the fact that cellphones do have encrypted channels with the base stations, but from there onwards the data flows mostly in the clear.
Therefore, the use of some VPN functionality when using data communications over GSM networks must be considered if confidentiality and integrity of the message is required. Also the fact that most organisations' lack a mobile device security policy is of major concern to the industry!
Cross-site scripting and cross-site request forgery attacks are making regular news headlines as attackers are making use of new techniques to exploit websites. We were entertained by Dominic White from Deloitte & Touche who not only positioned these attacks, but went one step further in educating us through some very well thought through demonstrations. It was clear to all attending that this mode of attack will be hard to detect even by some of the more knowledgeable attendees.
White stressed that a software development life cycle is of paramount importance to mitigate this type of risk. Moreover, a third party review of your code should also be considered for older web codes, or engage a third party to test your site for such vulnerabilities.
The ongoing deluge of spam is forcing e-mail administrators as software vendors of e-mail scanning solutions to look to more and more new technologies. The topic of the last discussion was 'How to configure your mail servers to utilise an extension of SMTP known as Sender Policy Framework (SPF) to reduce spam.' With a brief introduction by yours truly, we heard form Jaco Kroon form Kroon Information Systems about a number of new and maturing solutions to continue the fight against spam. Kroon also provided some insightful statistics about the effectiveness of some of these new methods based on his hosting experience and information gathered over the last six months.
He divided the defence mechanisms into those that act at receipt time and those that act on the actual data received. A clear indication from his statistics was that to use both is the key to success. Though the effectiveness of using technology to scan at receipt time inclusive of: sender callout verification, recipient callout verification, DNS blacklists, greylisting, relay checks, sender policy framework (SPF) and client SMTP authorisation (CSA) proved at least three times as effective compared to having to accept the e-mail and complete a data scan, plus you are saving on bandwidth in that with the aforementioned approach you will reject mail before it traverses your links. Kroon concluded that all e-mail administrators should publish at least CSA records in DNS.