Daffodil International University

IT Help Desk => Cyber Security => Control Cyber security Risks => Topic started by: mnsalim on April 20, 2017, 03:50:16 PM

Post by: mnsalim on April 20, 2017, 03:50:16 PM
Due to above mentioned consequences cyber security should be maintained. There are a variety of different technical countermeasures that can be deployed to thwart cyber criminals and harden system against attack. Firewalls, network or host based are considered the first line of defense in securing a computer network by setting Access Control Lists (ACLs) determining which what services and traffic can pass through the check point.

Antivirus can be used to prevent  propagation of malicious code. Most computer viruses have similar characteristics which allow for signature based detection. Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs. Virus definitions should be regularly updated in addition to applying operating system hotfixes, service packs and patches to keep computers on a network secure.

Cryptography techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit. Tunneling for example will take a payload protocol such as Internet Protocol (IP) and encapsulate it in an encrypted delivery protocol over a Virtual Private Network (VPN), Secure Sockets Layer (SSL), Transport Layer Security (TLS), Layer 2 Tunneling protocol (L2TP), Point  to Point Tunneling Protocol (PPTP) or Internet Protocol Security (IPSec) to ensure data security during transmission. Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard (DES), Triple Data Encryption Algorithm (3DES) or Advanced Encryption Standard (AES) to ensure security of information in storage.

Additionally, network vulnerability testing performed by technicians or automated programs can be used to test on a full-scale or targeted specifically to devices, systems and passwords used on a network to assess their degree of secureness.  Furthermore network monitoring tools can be used to detect intrusions or suspicious traffic on both large and small networks.

Physical deterrents such as locks, card access keys or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network. Strong password protection both for access to a computer system and the computer’s BIOS are also effective countermeasures to against cyber criminals with physical access to a machine.
 The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It’s no longer possible to write a large white paper about a risk of a particular system. So according to the nature of threat we  have to  take the decision. By maintaining the proper security we can not say that the system is fully secured. So the system can compromise,  in that case we need cyber expert & cyber forensic lab that can help to detect the cyber criminals and to ensure punishment  accordingly by  cyber laws.

Targeting to make a digital Bangladesh by 2021, we have already stepped into the digital era. Lives will be much easier, quicker & meaningful if we use the digital facilities to perform our day to day activities. Once, people did not feel satisfied if a printed newspaper was not at their hands in the morning. Today, the same people feel nasty if the internet is disconnected. It is very easy to think that we will be in a digital Bangladesh in few years. But very few people imagine that the digitalization without proper security measures will make our lives hell overnight.

On 23 August 2004 an email was sent to the Daily prothom- Alo threatening to kill Sheikh Hasina,  the leader of the opposition in the parliament. Two days later on 25 August, 2004 another email was sent to the Bangladesh Police Headquarters, threatening Khaleda Zia, the Prime minister, her elder son and some members of the parliament. These were the first cyber crime incidents in Bangladesh which received due attention of the police authority.

The Prime minister inaugurated the opening of 64 district web portals on 6 January, 2010 while the hackers  invaded 19 of them by 21 March, 2010. This was the first cyber criminality by the foreign hackers. However, the news of cyber crime is sporadically published in the newspapers at interval. But like the traditional ones most of the computer related crimes remain unpublished, unregistered and uninvestigated.

The computer and the internet system have opened not only wide avenues for the development and humanitarian activities across the world, but they have also ushered in a vast world for the criminal section of the society. Unlike the traditional criminals, cyber criminals are sufficiently educated & highly specialized in computer systems and networking. They possess good IQs too. They can crack into your bank account rendering it empty, steal your valuable information and data from your computers and sell them to your enemies to defeat you in your business and even in your war planning. The terrorist organizations are the beneficiaries of the internet communication system. From disseminating motivated information to the innocent public to credit card fraud, the terrorist organizations may use the internet system in their benefits. Many of the terrorist organizations maintain their own web sites. Most communications of the AL Queda networks are performed through the internet. Even the Bangladeshi terrorist organization JMB does not go less. Although their own web site is still unknown, they have developed internet specialization among their operators. The intensity of cyber crime victimization in Bangladesh is yet to be measured. There are no research or data collection efforts on how much money is lost every year due to cyber criminality. Neither the government nor the non government organizations have initiated any data collecting project about it. But many countries of the world collect & preserve statistics on cyber crime and the monetary loss due to cyber criminality across & outside of their countries. Many countries have been adopting innovative measures to detect and investigate the cyber crime. Almost every country has developed  Computer Emergency Response Team(CERT). The Malaysian developed  Computer Emergency Response Team(MyCERT) which operates the Cyber999 help centre, a public service that provides emergency response to computer security related emergencies as well as assistance in handling incidents such as computer abuses, hack attempts & other information security breaches.
The Chinese government has taken the innovative techniques to fight cyber crimes. Their measures are simultaneously preventive, investigative & preoperative. According to  reports from Chinese media ,two virtual police officers –one male, one female will appear at the bottom of user’s browser windows every thirty minutes, a visual reminder that they are being monitored. Many police agencies across the world set up special cyber crime units to fight the cyber crimes. Virtual police stations are common in many countries. Even our neighboring state, west Bengal started the function of cyber police station.

Cyber crime is still a low priority in Bangladesh. As a whole Bangladesh is not aware of her cyber security. Though computers are becoming  common house hold items and the number of internet users have already crossed thirty millions, very few computer related offences are reported to the police. In Bangladesh there is no Computer Emergency Response Team(CERT), no cyber police or virtual police to handle the incidents such as computer abuses, hack attempts and other information security breaches. It is known that there is a cyber crime unit in CID headed by a DIG. Some officers were given  special training on the purpose but for the want of necessary logistic support the unit remains nonfunctional. They have been dealing with cell phone related petty crimes only. The legal provisions to deter the cyber criminals from doing harm to billions of dollars are not sufficient. Bangladesh has enacted the Information and Communication Technology ACT-2006 with a maximum punishment for the cyber crime up to ten years of imprisonment or maximum fine of one crore taka or with the both. But the legislation may not be sufficient to effectively fight cyber crimes, For the offences under the act are non cognizable i.e the police can not arrest the alleged offender without the warrant of arrest. The non cognizance of an offence gives the perpetrators an upper hand over the victims. To fight cybercrime we must not impose all liabilities to the government. Computer and Internet system have facilitated the non government organizations a lot. They should have the largest interest in cyber security. So non government organizations must come forward to augmenting the governmental initiatives with money, logistics and specialized manpower. Mumbai  Cyber Lab is a unique initiative of public-private collaboration  in investigation of cyber crime. Bangladesh should follow their suit. The government should  welcome outsourcing initiatives to prepare a galaxy of virtual police officers and establish  few cyber police stations across the country as soon as possible. These cyber crime fighters should be given specialized training home and abroad. Introduction of cyber crime tribunals should be done at least in divisional headquarters of Bangladesh as early as poss

The present government is expected to invest millions of taka to materialize their promise to build a digital Bangladesh. So the issue of cyber security must get a  due priority and a considerable portion of budget should be allocated to ensure the cyber security. There is no denying that cyber criminals are very much capable of robbing Bangladesh causing the loss  of crores of taka. They can make a havoc in our national life at any time. At that time we will find that our stallions are stolen and we will then be very much careful to lock our empty stables. So, let us prepare for the worst beforehand. Prevention is undoubtedly better than cure. 
Post by: Sadat on April 20, 2017, 05:45:23 PM
Thanks. It was pretty informative :)
Post by: Sadat on April 20, 2017, 05:47:39 PM
Still the measures are not enough. But anyhow, that's a good initiative !