Friday, February 24, 2006

Of Crumpler Bags and Trojan Horses

I have a fascination with Bags made by a company called Crumplers to which I bought 2 from them, one for my own use and the other for my daughter. One of the range is called the "Embarassment" series and the largest is called the "Considerable Embarrasment" is mainly used to carry notebooks and other things. There are so many pockets in them U can hide many things.

I have also been in the Information and Network Security Sphere for the past 20 odd years having to start to hack and bypass Mini computers such as Prime to undertaking Security Audit project based on ISO 17799/BS7799 (Since I am a qualified and certified Auditor for BS7799). Being in the Security Domain, you get to see and expereince security breaches in networks and computers. One of the commonly used attack is known as the trojan horse methodology based on the Greek Mythology of a war between the Greek and its foe the Trojan. The Greek left its foes, a wooden horse as a gift (inside there are greek soldiers) to which the Trojan took the horse into its compound to their detriment.

Common Security breach such as Virus tends to use Trojan Horse method to catch unsuspecting users off guard by attacking their programmes from within. There have also been known of servers/traffic collectors being used as trojan horses for sniffing and espionage purposes withing unsuspecting corporate networks.

However, recently and unsuspectedly Trojan Horses can also be a Strategy to cause considerable embrassment to intercept and dissintermediate information in organization. Now, this can be a serious embarrasement considering that it can cause a major Security Breach to which the Brand Image, Product and Services can be compromised. That would also lead to the conclusion that the organizational control over the matter has lax and the Chief Information Security Officer has not reviewed nor audited the process and control for quite sometime.

The challenge is to identify and put the necessary safeguard that this controls has to be in place, but more importantly, the necessary controls to manage and reduce risk of this Security Breach is broken. But how do u do this on a Trojan Horse which has a perceptably flawless and reputable resume. How would you confirm and battle Trojan which can hide behind unsuspecting allies. Though it could well and easy for the CISO to resign, I think he has a considerable duty to safeguard the organization first and if not possible to remove the Trojan, but to negate any future risk.

I would hate that this can become another of life casulaties.

-

5 comments:

Anonymous said...

wow! too heavy for me... so early in the morning....

spoonfork said...

But how do u do this on a Trojan Horse which has a perceptably flawless and reputable resume.

the principle of least privilege.

Pick Yin said...

What color is the "Considerable Embarrasment"?

The Editor said...

[spoonfork] Watch the Matrix, attack the person at the point what is critical and dear to that person. He has a signature pattern of which he reacts. Provide relevant/necessary infomation for it to kill itself.

[pick yin] purple

abdullahjones said...

pink floyd, queen, elo, cool. but Gary Moore?