[ISN] Korea Strengthens Internet Security

From: InfoSec News (isnat_private)
Date: Tue May 27 2003 - 00:03:25 PDT

  • Next message: InfoSec News: "[ISN] ISS hatches 'virtual patching' plan"

    http://times.hankooki.com/lpage/tech/200305/kt2003052518225511790.htm
    
    By Kim Deok-hyun
    Staff Reporter
    kdhat_private 
    05-25-2003
      
    Anyone who thinks the Internet is just a convenient tool for the
    coming information society, should take another look at its side
    effects.
    
    Despite growing concerns about online security, computer networks
    remain more vulnerable than ever to cyber attacks, Internet worms and
    unforeseen security breaches.
    
    ``As a result of increasing interconnectivity and communication
    networks, the Internet is now exposed to a number of various threats
    and vulnerabilities,'' Moon Kyung-il, country manager of Network
    Associates' Korean unit, said.
    
    Simply put, in a race between security measures and potential
    vulnerabilities, the latter gain an upper hand since no perfect
    solutions exist, he said.
    
    ``We're not improving fast enough to keep pace with foreseeable
    security problems in cyberspace, but new and changing threats will be
    continuously emerging,'' he said.
    
    Ironically, because of its highly wired broadband Internet
    infrastructure, South Korea is rapidly emerging as one of the targets
    of international cyber attacks.
    
    According to the National Police Agency, from August 2001 to March
    2002, the country received a total of 4,376 reports on security
    breaches and hacker attacks in computer servers, accounting for 39
    percent of worldwide online attacks. The U.S., China and Taiwan ranked
    second, third and fourth, respectively.
    
    Early this year, the country's Internet networks were severely hit by
    a new class of worm. Unlike computer viruses, worms do not need human
    intervention to be spread.
    
    The unprecedented Internet attack hit the U.S. first and Canada and
    spread quickly, hitting Korea especially hard. Korea was in a
    pandemonium, with almost all Korean Internet users experiencing
    difficulties in gaining access to the Internet for almost half the
    day.
    
    The ``Slammer'' worm sent huge volumes of data randomly, exploiting a
    well-known vulnerability of Microsoft's SQL server software. The huge
    traffic caused disruption in information networking of Internet
    service providers, paralyzing online shopping malls and Internet
    banking services.
    
    Korean civic groups, including the People's Solidarity for
    Participatory Democracy, and Internet service providers filed a
    lawsuit against Microsoft's Korean unit to seek compensation from the
    damage.
    
    ``At that time, actual damage was relatively limited because the worm
    attacked only servers,'' Moon said. ``If the worm attacks personal
    computers, we won't be able to calculate the scope of damages.''
    
    He pointed out the importance of periodical maintenances of computer
    system such as frequent updating of anti-virus programs and checking
    out potential security breaches at homes and workplaces.
    
    ``Individuals should incorporate security as an essential part of
    computer systems and networks,'' he said. ``With computer networks
    becoming increasingly wired, security breaches and online attack risks
    will always be there in our everyday life.''
    
    Computer security experts said an information society without online
    security would face a distinct threat because the Internet has become
    indispensable to national security and economic well-being.
    
    An unsolicited e-mail advertising or ``spam'' has also posed a threat
    to the coming information society. According to the Korea Information
    Security Agency, a government-affiliated Internet security research
    group, unwanted e-mails are estimated to cost 2.6 trillion won a year
    in both tangible and intangible damages.
    
    The study found that the amount of spam e-mails jumped at a blistering
    pace. As of the end of 2002, an individual got an average of 34.8 junk
    e-mails a day, most of them designed to lure recipients to
    pornographic Web sites. In 2001, only 4.7 unwanted messages were
    delivered every day.
    
    The flood of e-mail advertisings also means Internet service providers
    have to bear the cost of extra hardware and filtering software, not to
    mention unhappy e-mail users.
    
    In addition, outbound spam e-mails from Korea have been a source of a
    string of complaints from abroad.
    
    ``Every day I get 20 or more e-mails in Korean although I can't read
    Korean,'' Joel Rubin, a U.S. resident, said in an e-mail message.
    
    ``Frequently, the e-mail has a phone number with no country code,'' he
    said. ``Since incoming spam costs 10 percent of the monthly Internet
    service provider fee, I regard this as theft by laziness.''
    
    To halt the relentless spam e-mails, the government has pledged to
    employ tougher measures, but it isn't easy to cut down junk e-mails
    with online marketers getting smarter and computer networks getting
    more complex, experts said.
    
    On May 22, the Ministry of Information and Communication announced it
    would form a country-wide organization, including the government and
    the law enforcement authorities, civic groups, Internet service
    providers and e-mail service operators, to fight a joint war against
    spam e-mails.
    
    Currently, Korean online marketers are required to register their
    Internet addresses when they send unwanted commercial e-mails to allow
    recipients to send complaints not to send those messages again.
    
    In a recent study titled ``Internet Security Concerns in
    Asia-Pacific,'' Internet Data Corp. (IDC), a technology consultancy,
    said 60 percent of enterprises surveyed felt their greatest security
    threat is a virus attack, while 22 percent perceived hacker attacks as
    the overriding threat.
    
    The study found that 72 percent of the enterprises reported they had
    experienced an Internet security breach, and 39 percent felt the
    degree of security threats has increased over the past year.
    
    About 26 percent said that increasing Internet use pushes up their
    spending on Internet security, while 7.1 percent cited e-commerce
    initiatives as the key factor, the study said.
    
    Nathan Midler, IDC's senior analyst, said 97 percent of all
    enterprises surveyed had some form of Internet security in place, but
    security solutions were more focused on off-the-shelf anti-virus
    products and less on robust, high-end solutions.
    
    ``The perception that security threats are increasing, coupled with
    further integration of e-businesses at workplaces, is driving
    companies to look beyond a mere anti-virus software toward more
    advanced solutions, such as disaster recovery services and
    encryption,'' Midler said in a statement.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue May 27 2003 - 02:31:34 PDT