Centre to combat cyber threats

Malaysian Communications and Multimedia Commission (MCMC - SKMM) is investing some RM5 million under the first phase of its project to establish a network security centre (NSC) to address rising cyber attacks, hacking activities & spreading of viruses in local Internet network. The centre, to be located in Cyberjaya, will be the hub for monitoring incoming Internet traffic to the local Internet service providers (ISPs).

The first phase will involve setting up the physical infrastructure & linking the first 7 main ISP's in the country via a dedicated leased line. The second phase, meanwhile, will see the rest of the ISPs be linked up to the NSC. The 7 main ISPs are said to collectively cover about 90% of the country's 12 million Internet subscribers. With the centre in place, any threat that comes into the local ISP network will be shared among all the players, hence benefiting the whole industry. The NSC will provide a 'layer' of security on top all the ISPs. That as a regulator to all the ISPs, it will be easier for MCMC to issue directives to the ISPs on any actions to take regarding cyber security. Based on the latest findings by CyberSecurity Malaysia, the number of cybercrime incidents reported has increased from just 347 cases in 2000 to 1,372 cases in 2006.

Most of these threats & malicious activities will go through the ISPs first before they reach consumers, and by having a centralised monitoring mechanism, the security threats can be better controlled & information about all teh identified threats can be shared with all the ISPs in the country. Although each ISP has its own mechanism of security handling, most of the time the threats that one ISP discovers will remain in that particular ISP & not shared. The NSC will be operated & managed by MCMC from its headquarters in Cyberjaya, and is expected to be completed by year-end. It should be fully operational by the first quarter of this year. The NSC functions will overlap that of order establishments liek CyberSecurity Malaysia.

CyberSecurity Malaysia addresses issues related to the Internet Web sites such as blogs, contents & the Web sites. MCMC will address issues relating to the ISPs. As the ISPs are our licensees, it would be better & more effective if we control these issues & regulate the instructions to the licensees. However, we are also getting help from CyberSecurity & security industry players like F-Secure and Symantec to assist us in this initiative.

Malware

Malware is malicious software that has been designed to infiltrate or damage a computer system. The effects of malware can range from mere frustration to serious problem that require a lot of time & money to fix. Some common types of malware include computer viruses, worms & Trojan horses. A computer virus is a self-replicating program that spreads by inserting copies of itself into documents or other programs. The insertion of a virus into the document or programs is called an infection, and the infected file is called a host. A virus spreads from one computer to another when its host is transferred to an uninfected computer, for instance when a user sends it over a network or carries it on a removable medium such as floppy disk. Viruses can also spread to other computers by infecting files on a network file system or on a file system accessed by another computer. Although some viruses can be destructive, for example by deleting or destroying data, many are fairly benign or simply annoying. The uncontrolled self-replication, which wastes or overwhelms computer resources (memory, disk space, etc.), is the main negative effect of viruses.

A computer worm is a seld-replicating computer program, similar to a virus. Unlike a virus, however, a worm does not need a host to spread. A worm uses a network to send copies itself to other computer systems. Although a worm can be prorgammed to damage files on a computer, more often it harms the network by consuming bandwidth & slowing it down. Viruses generally do not affect network performance as their malicious activities are mostly confined within the target computer.

A Trojan horse ia any program that invites the user to run it, but conceals a harmful purpose. It pretends to do something useful or interesting while causing damage. A Trojan horse is technically a normal computer program. It cannot replicate & spread by itself, nor is it able to function on its own. It needs to deceive the computer user into allowing it to perform actions such as deleting the user's files or installing other harmful software. This may occur when the user opens an e-mail or e-mail attachment, or visits a malicious website. the software installed by a Trojan Horse often includes prorgams that record & send valuable information, such as the user's passwords or credit card numbers, to the creator of the Trojan horse. Trojan horses can also install programs that make a computer send out unsolicited e-mails, which may include advertisements & other malware.

Keystroke logging

Keystroke logging (often called keylogging) is a technique used by software programmers to record the keys typed by a user. It can be useful to determine sources of error in a software program, for example to recall the keys typed before the software program crashed. This technique is also applied in law enforcement to track a suspect's use of a computer, for example. Unfortunately, it can also be used to provide a means to obtain passwords or encryption keys & thus bypass other security measures. Keyloggers are widely available on the Internet & can be used by anyone for legitimate as well as illegal purposes.

Firewall

Most PC users know that malicious programs like spyware, viruses & worms can attack their PCs through the Internet & cause serious problem. Yet, many users do not have a firewall running on their networks or PCs.

A firewall is a device that checks every piece of data entering & leaving your computer. It helps protect your computer by restricting the data, based on a set of rules that you define. A firewall can be a special piece of equipment that you connect to a network or a program that you install on your computer. As its name suggests, a firewall is like a fence built around your PC to protect it form unauthorized access & attack through the Internet.

Most users complain that firewalls prevent them from using the Internet properly, so they choose not to use one. Some don't even know the difference between firewalls, antivirus programs & spyware removers. However, there's no excuse. Every PC connected to the Internet needs a firewall. Not having one is like leaving all the doors & windows of your house open & inviting people to enter and do whatever they like. Some malicious users use programs called port scanners to look for online PCs, they will try to hack or break into them. But remember - although firewalls are necessary, never use more than one at a time as this could cause unexpected behaviour on your PC.

Firewalls are easy obtain. Search for them online and you will find many, which you can purchaseor download for free. Also, some operating systems come with their own firewalls, although it is very basic & only checks incoming data. However, using this is good enough for most people as it makes it harder for malicious programs to find & attack their PCs. A good firewall should monitor all programs that try to access your PC from the Internet or any other network & alert you accordingly. It should never allow any unauthorized data to enter or leave your PC without your permission. A good firewall should also hide your PC's presence from the Internet, so if anyone tries to hack into your PC, he or she will not be able to find it. Of course, an ideal firewall should have all these qualities, while still being affordable or even free.