Topics Discussed

ABS 2009


Topic 1: Honeypots and Botnet

New vulnerabilities are discovered daily and threats occur every day.

How do we know the impact and the consequence of a threat? One measure is through the Honeypots; Honeypot is security resource that acts as a surveillance and early warning tool. These honeypots are placed in an isolated network which is meant to be attacked, probed and compromised.

It will capture the details of an attack which can be used for further analysis and research purposes. Besides this, a large number of malware can also be captured by use of honeypots. From there, system designers/developers can hopefully create a more secure system and system administrators would be able to find out what are the controls required to minimize and mitigate the threats.

One of Honeypots’ uses is for tracking of botnets. A botnet is a network that consists of thousands to millions of compromised computer systems and of which pose a huge threat to the internet community, therefore there is a need to find out more about botnets and how we can deal with it. With the rich amount of information gathered through honeynet technologies, in depth studies can be conducted on botnets, common attacking techniques and the bot owners involved.

Cecil Su, the founder of Singapore Honeynet Chapter and Director of Grant Thornton, will be sharing more information on Honeypots, Honeynet’s initiatives, Tools & Techniques developed by member chapters, who is the malware capture alliance and lastly research on botnets.

Topic 2: Information Leakage

Data leaks are gaining more press attention nowadays.

Recent surveys have also shown that security professionals are becoming very concerned about data leakages.

Existing industry solutions provide good protection against leakages from end points and corporate intranet. However, most, if not all, solutions are inadequate in addressing leakages from publicly accessible web servers.

Being exposed to the public 24/7, web servers have the greatest exposure risks to information leaks.

Wong Onn Chee, Chief Technology Officer, Resolvo System, will walk through case studies, both foreign and local, of information leakages from web servers. He will also share the “best practices” of preventing information leakages from web servers.

Topic 3: Detecting and Removing malware without antivirus

Malware, as defined in Wikipedia, is software designed to infiltrate or damage a computer system without the owner’s informed consent. It is a portmanteau of the words “malicious” and “software”. The expression is a general term used by IT professionals to denote various forms of hostile, intrusive, or annoying software or program code.

In the last one year, malware has created a massive damage in a lot of organisations and within the end-user environment. The emergences of botnets, rootkits and worms have lead to most organisations scrambling for a strategy to mitigate the spread of malware and to contain the damage it can cause. In the 2008 CSI Computer Crime and Security Survey, 20% of the respondents suffered from a botnet attack, and 50% of the respondents still continue to be affected by a virus attack. These figures are not a significant improvement from the same survey done in 2007, indicating that malware will continue to be a major security issue in the year 2009.

In this presentation, Tim Meng will provide an update on some of the latest malware trends in the last six months, sharing his knowledge on how malware typically works, and what an end user can do to minimise their exposure to malware with a few simple checks in place. Through a live demo session, Tim Meng will offer practical advice on removing stubborn malware without the use of anti-spyware or anti-virus tools, so that the audience can learn and empower themselves with the knowledge to remove malware in their own systems.