IEC 818 SECTION 6 ©
National Institutes and IT Security Organizations
  • SANS (System Administration, Networking, and Security) Institute
  • ECRC - Electronic Commerce Resource Center 
National Government Security Agencies
  • Federal Bureau of Investigation
    • Carnivore
  • National Infrastructure Protection Center (NIPC)
  • National Security Agency
    • Echelon
  • Royal Canadian Mounted Police
  • Canadian Security Intelligence Service
National Government Scams
  • Nigeria
Leading Companies in IT Security
  • KPMG Investigation and Security Inc.

As taught by Prof. Tim Richardson School of Marketing & e-Business, Faculty of Business, Seneca College, Canada

last updated 2001 July 4
 
http://www.sans.org
  • In SAN's web page, which includes the listing "How To Eliminate The Ten Most Critical Internet Security Threats" their introduction serves to provide some important points we should consider in beginning this section of the IEC 719 course, namely:

  •  
    • The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws. 
    • Recent compromises of Windows NT-based web servers are typically traced to entry via a well-known vulnerability. 
    • A few software vulnerabilities account for the majority of successful attacks because attackers are  opportunistic – taking the easiest and most convenient  route. They exploit the best-known flaws with the  most effective and widely available attack tools. They  count on organizations not fixing the problems, and  they often attack indiscriminately, by scanning the  Internet for vulnerable systems.
    • System administrators report that they have not corrected these flaws because they simply do not know which of over 500 potential problems are the ones that are most dangerous, and they are too busy to correct them all
    .
     
    http://www.sans.org The SANS Institute http://www.sans.org
    Bethesda, Maryland, USA

    in their own words "The SANS (System Administration, Networking, and Security) Institute is a cooperative research and education organization through which more than 96,000 system administrators, security professionals, and network administrators share the lessons they are learning and find solutions for challenges they face. SANS was founded in 1989."
     

    What products does SANS offer people interested in the most contemporary and reliable internet security information?
    SANS offers three different free electronic subscriptions: 
    • Security Alert Consensus (SAC) - weekly
      • One definitive weekly summary of new alerts and countermeasures week with announcements from: SANS, CERT, the Global Incident Analysis Center, the National Infrastructure Protection Center, the U.S.  Department of Defense, Security Portal, Sun, and several other vendors.
    • SANS NewsBites - weekly 
      • NewsBites keep up with everything going on in the computer security world. A dozen or two articles, each just one, two, or three sentences in length, elaborate a URL that points to the source of the  detailed information
    • SANS Windows Security Newsletter - monthly 
      • provides updates to NT Security: Step-by-Step and guidance on new Hotfixes and Service Packs that should and should not be implemented. It also summarizes new threats and bugs found in Windows and its services.
    .

    The ECRC Program is sponsored by the U.S. Department of Defense Joint Electronic Commerce Program Office (JECPO). The Bremerton ECRC is operated by Concurrent Technologies Corporation, EDC of Kitsap County and Olympic College for JECPO
    Electronic Commerce Resource Center 'ECRC'
    Bremerton, WA  USA 

    The ECRC describes itself as a "clearinghouse and jumpstation for electronic commerce information and resources"

    "The Security Resources page includes resources on a variety of security issues, including document transfers, financial transactions, firewalls, and virus information. The ECRC also offers a free Internet Security Issues seminar"   http://www.becrc.org/security.htm

     

    . .
    .

    .

    National
    Government
    Involvement
    in
    internet
    security
    http://public.srce.hr/~mprofaca/echelon01.html Echelon

    "Designed and coordinated by NSA, [America's National Security Agency] the ECHELON system is used to intercept ordinary e-mail, fax, telex, and telephone communications carried over the world's  telecommunications networks. Unlike many of the electronic spy systems developed during the Cold War, ECHELON is designed primarily for non-military targets:  governments, organizations, businesses, and individuals in virtually every country. It potentially affects every person communicating between (and sometimes within) countries anywhere in the world. "
     

    .
     
    National Government's involved in internet scams

    Nigeria


    Nigerian Flag
     
     
     
     
     
     

    National Government's involved in internet scams

    Nigeria


    Nigerian Flag
     
     
     
     
     
     
     
     
     
     

    National Government's involved in internet scams

    Nigeria


    Nigerian Flag

     
    . In discussing this scam, we are not making any value judgement on Nigerian people, rather we are referring to the geographic place where a popular scam format has originated for many years, and is now becoming very popular using internet communication means.

    WTGR

    click to read larger version For 10 years now, there have been many scams come out of Nigeria, and with the popularization of the internet, contact with target victims is facilitated more easily by email. In the screen capture to the left, you can see an example of an email that was sent to your professor, attempting to solicit contact.

    The best thing to do if you receive such contact, is pass the information to the RCMP. You should NOT reply to the person because then they will know they have a "live contact".

    You should understand that they contact thousands and thousands of potential targets and you are nothing "special"

    http://www.rcmp-grc.gc.ca/html/nigerian.htm From the official web site of the RCMP

    Most letters are variations of the following: 

    • You receive an "urgent" business proposal "in strictest confidence" from a Nigerian civil servant /businessman.
    • The sender, often a member of the "contract review panel",  obtained your name and profile through the Chamber of Commerce or the International Trade Commission.
    • The sender recently intercepted or has been named  beneficiary of the proceeds from real estate, oil products, over-invoiced contracts, cargo shipments, or other commodities, and needs a foreign partner to assist with  laundering the money. 
    • Since their government/business position prohibits them from opening foreign bank accounts, senders ask you to deposit  the sum, usually somewhere between $25-50 million, into your personal account.
    • For your assistance, you will receive between 15-30% of the total, which sits in the Central Bank of Nigeria awaiting   transfer.
    • To complete the transaction, they ask you to provide your bank name and address, your telephone and fax numbers, the name of your beneficiary, and, of course, your bank account numbers.
    • The sender promises to forward your share within ten to fourteen working days! 
    It is not true - it is a scam - DO NOT BECOME A VICTIM. Do not reply, make no contact.
     
    .
    Professional
    Security
    Service
    Companies
    KPMG Investigation and Security Inc.
    part of the large KMPG accounting and consulting group of companies
     http://www.kpmg.ca/english/services

    Norman Inkster is the President of KPMG ISI and is best known for being the former Commissioner for the RCMP

    Many of the large professional service firms such as KPMG, Price Waterhouse Coopers, Ernst & Young have publications on their web sites re: e-commerce
    KPMG has e.fr@ud.survey.2000 
     http://www.kpmg.ca/english/services/fas/publications/efraudsurvey2000.html
     

    .