How to celebrate the day of information security
Today is the thirtieth International Information Security Day. We tell about the history of the holiday and how to celebrate it.
/ photo by Joe Grand CC BY
In 1988, the non-profit organization ISSA (Information Systems Security Association) declared November 30 as the International Information Security Day. Its main idea is to recall the importance of cyberhygiene.
')
The holiday was born in 1988 not by chance - then the first mass distribution of the worm virus occurred. Thirty years ago, users of APRANET - a network that was a prototype of the modern Internet - found that the programs on their computers began to load slowly, and even the simplest commands did not respond to the machines. The culprit of the collapse, which “paralyzed” 6 thousand computers (10% of the entire network), was the Morris network worm. It was the first successful mass cyber attack.
The attack was not deliberate, it was the result of an experiment that had gone out of control. The creator of the malware is a graduate student at Cornell University, Robert Morris (Robert Morris). He worked on a program that exploits a number of known vulnerabilities of the time.
The Morris virus attacked the email accounts of users of the ARPANET network, selecting passwords using a dictionary. The dictionary was small - about four hundred words - but it was enough. At that time, few people thought about computer security, and for many users the login often coincided with the password.
Having gained access to the account, the worm used a vulnerability in the Sendmail mail server for self-copying over the network. However, a logical error was made in the code, which led to the fact that computers were infected by the worm many times. All of this slowed down their work, depleting the already small resources of computing systems of the time.
Solve the problem began at the Institute of Berkeley. There came the best data protection specialists in America. They began to analyze the worm code and neutralize the consequences. Today, the diskette with malware is in the Science Museum in Boston, and the code can be found in the public domain .
The total damage caused by the Morris worm was close to one hundred million dollars. In addition to financial damage, the November incident had other consequences:
In this case, the attack of the Morris worm revealed the main problem (which has not lost its relevance until today) - people use simple passwords. It became clear that the level of awareness of information security issues should be raised. Therefore, a new international holiday on the topic of information security was proposed.
Although today there is no holiday even in the calendar of ISSA events , it is often used as a reason to refresh the knowledge of employees of companies about cyber security and “instill” cyber hygiene. For example, here are some “activities” that should be done at work (and at home):
Earlier, Information Security Day had a website where enthusiasts collected ideas for corporate events for the holiday. One option is to make a presentation and discuss computer security issues at a local school or university. Together with students, you can watch movies or TV shows related to information security issues.
Some companies use Information Security Day as an opportunity to share information about data protection not only with students, but with the whole world. For example, the publisher Springer on this day offers free access to thematic literature.
/ photo by Travis Isaacs CC BY
If there is a desire to do something “hardcore”, then the information security day may be an occasion to arrange a competition on hacking computer systems in the style of Capture the Flag (CTF) .
In such contests, two teams are given a server or laptop with various applications and services. These services have a certain number of vulnerabilities. Knowing this, participants must protect the information on their system and capture data from the opponent’s computer.
Hacking and speed competitions are also held. For example, a similar event is held at the DEFCON hacker conference. This year, participants were offered to hack voting equipment connected to copies of official sites. The victory this year was won by eleven-year-old Audrey Jones (Surrey), overtaking the defense in 10 minutes.
In general, such activity will help draw additional attention to cyber literacy issues and remind you of the importance of digital hygiene.
PS Several posts on the topic from our corporate blog:
PPS About cloud technologies and virtualization from our Telegram channel:
/ photo by Joe Grand CC BY
Dashing 80s: the origins of the holiday
In 1988, the non-profit organization ISSA (Information Systems Security Association) declared November 30 as the International Information Security Day. Its main idea is to recall the importance of cyberhygiene.
')
The holiday was born in 1988 not by chance - then the first mass distribution of the worm virus occurred. Thirty years ago, users of APRANET - a network that was a prototype of the modern Internet - found that the programs on their computers began to load slowly, and even the simplest commands did not respond to the machines. The culprit of the collapse, which “paralyzed” 6 thousand computers (10% of the entire network), was the Morris network worm. It was the first successful mass cyber attack.
The attack was not deliberate, it was the result of an experiment that had gone out of control. The creator of the malware is a graduate student at Cornell University, Robert Morris (Robert Morris). He worked on a program that exploits a number of known vulnerabilities of the time.
The Morris virus attacked the email accounts of users of the ARPANET network, selecting passwords using a dictionary. The dictionary was small - about four hundred words - but it was enough. At that time, few people thought about computer security, and for many users the login often coincided with the password.
Having gained access to the account, the worm used a vulnerability in the Sendmail mail server for self-copying over the network. However, a logical error was made in the code, which led to the fact that computers were infected by the worm many times. All of this slowed down their work, depleting the already small resources of computing systems of the time.
Solve the problem began at the Institute of Berkeley. There came the best data protection specialists in America. They began to analyze the worm code and neutralize the consequences. Today, the diskette with malware is in the Science Museum in Boston, and the code can be found in the public domain .
The total damage caused by the Morris worm was close to one hundred million dollars. In addition to financial damage, the November incident had other consequences:
- Robert Morris was the first to be charged under the new Computer Fraud and Abuse Act , passed just four years before the worm incident. Morris received three years probation.
- The attack of the worm for the first time attracted the attention of advanced US media to network threats.
- An organization CERT (Computer Emergency Responce Team) was created. It works to this day, taking information about possible holes and cracks in the system and publishing recommendations for their prevention.
In this case, the attack of the Morris worm revealed the main problem (which has not lost its relevance until today) - people use simple passwords. It became clear that the level of awareness of information security issues should be raised. Therefore, a new international holiday on the topic of information security was proposed.
How to celebrate this day
Although today there is no holiday even in the calendar of ISSA events , it is often used as a reason to refresh the knowledge of employees of companies about cyber security and “instill” cyber hygiene. For example, here are some “activities” that should be done at work (and at home):
- Update all software. This simple step helps to reduce the risk of hacking the system, since in most cases hackers exploit known vulnerabilities. For example, the Equifax credit bureau’s data breach could have been avoided - a patch for the vulnerability that the attackers used was released two months before the attack .
- Change passwords. The most common password is still “123456”. It is necessary to use a password with letters of different register, as well as numbers and special signs. To set and remember complex passwords it was easier, you can refer to special applications like LastPass or 1password.
- Discuss the rules for working with mail and instant messengers. For example, talk about the importance of separating personal and work correspondence, and discuss the dangers of social engineering. As a reference, you can use this story on Habré .
If you go a little further
Earlier, Information Security Day had a website where enthusiasts collected ideas for corporate events for the holiday. One option is to make a presentation and discuss computer security issues at a local school or university. Together with students, you can watch movies or TV shows related to information security issues.
Some companies use Information Security Day as an opportunity to share information about data protection not only with students, but with the whole world. For example, the publisher Springer on this day offers free access to thematic literature.
/ photo by Travis Isaacs CC BY
If there is a desire to do something “hardcore”, then the information security day may be an occasion to arrange a competition on hacking computer systems in the style of Capture the Flag (CTF) .
In such contests, two teams are given a server or laptop with various applications and services. These services have a certain number of vulnerabilities. Knowing this, participants must protect the information on their system and capture data from the opponent’s computer.
Hacking and speed competitions are also held. For example, a similar event is held at the DEFCON hacker conference. This year, participants were offered to hack voting equipment connected to copies of official sites. The victory this year was won by eleven-year-old Audrey Jones (Surrey), overtaking the defense in 10 minutes.
In general, such activity will help draw additional attention to cyber literacy issues and remind you of the importance of digital hygiene.
PS Several posts on the topic from our corporate blog:
- Features of two-factor authentication: does it work in the IaaS cloud
- GDPR effect: how the new regulation has affected the IT ecosystem
- How to test cloud security
PPS About cloud technologies and virtualization from our Telegram channel:
Source: https://habr.com/ru/post/431636/
All Articles