Bay Computing Newsletter l Issue 1 l 1 Bay v1.pmd
1
2/11/2550, 15:11
EDITOR’S NOTE & NEWS UPDATE 4. . .+ + !7 + % + 4 + & * 4.;. 2550 "# : ; $$ , + ! 18 , ! % : % ! & % 9 4 + & */ ! * >&! + : + # * & ? "# ! * >&' "# & @ B 3 + D% 9 E % 9 !, ! $# $7 & ! # 3 4. . . 4 7 - ! % 9 % : ! & $ 4 !, * 7: F & & @ BayHs Newsletter B 3 ! : 3 4. . . / 7 7 % 9 % : ! & $ / +! F & / ! - - "# 7 : , &* * 4 & 4. . . + + !7 + % + 4 + & * -" 9 ! ! ! 7 -" 9 ! : ! * I / ! $ % 9 / % 9 % : ! + , $ > 9 $ $ ! 4 + & * / !, ! : % & /! , / &, % , The Computer Crime Act B.E.2550 (2007), which has been published in the Government Gazette on June 18, 2007, has affected every internet user and organization that owns network system. These users are regarded as DService ProvidersE in this Act. In order to comply with this Act, management must understand the requirements of the Act and formulate information system policies which later will be enforced to every end-user in an organization. In response to the Computer Crime Act, this issue of BayHs Newsletter will present to you the purposes of the Act and requirements for IT managers as well as guidelines and supporting technologies that can be applied to suit your organizationHs needs. The suggested solutions here have been tested in large organization and proved to be easy to use for collecting computer traffic data. The implementation cost is reasonable and definitely worth your investment. Nida Tangwongsiri, General Manager
01
! * 4 +& 3 $7 % 9 + I + / $ / *+ X* (Bandwidth) $ 4 + 9 $ / *+ X* 4 X & $ / *+ X* !X ' 4 / Traffic Management 4 & @ ! + !7 + % + 4 + & * 4 %9 * & ? : 7: , &* * :
02
,( + !, X* 3 ; Enterprise Solution Manager ! * 4 +& 3 $7 + ! BizIT 2007 "# $ - + ! - - !; (MIST) + ! & ; & * + D/ +- / ( & + ' , ! ! * >&E / : + $$ % 9 6Z "# 9 ' X, $ SME
PatchLink Corporation Lumension Security ! "# $ % &' ()* + ' ( $, ! ! +- + 5,100 Lumension Security $ + + $ PatchLink / SecureWave S.A. % + + $ 3 3 /4 &6 * + ' / , & +/ ,& 7 8 ! + # + + ! 3 + , " *6 + * * / % 9 ! : ! 3
Bay Computing - a leading provider of bandwidth management - has arranged a seminar and workshop on bandwidth and computer traffic management in response to the new Computer Crime Act. Attendees can learn and apply this technology to properly manage their own specific systems.
Khun Avirut Liangsiri, Enterprise Solution Manager for Bay Computing, was a guest speaker on Internet Threat Trends and Case Studies at BizIT 2007 organized by Kasetsart University. The seminar was very well-received by people from SME industries.
Patchlink Corporation was changed to Lumension Security to match the company position as the provider of security solution which has more 5,100 customers worldwide. Lumension Security, formed by the combination of PatchLink and SecureWave S.A, will bring to market the first integrated best-ofbreed, policy-based security platform that manages computers in the entire organization as well as managing all servers and enforcing security policies to end-users.
03
2 l Bay Computing Newsletter l Issue 1 Bay v1.pmd
2
2/11/2550, 15:11
COMPANY PROFILE
! * 4 +& 3 $7 % 9 : ! -" 9 3 7! & !, + & * > & *:4 * : /! $ ! & 3 # 3 [ 4.;. 2539 - , , ! (* + 10 [ 4 &*-" 9 : ! * & ? !;:! + ! 4! + + I! ! / 4 + $ + # , ,(' 4 - ! -" 9 ! ! , /& * Z$$, * 4 +& 3 -" 9 7 !, + & !, * ! 3 -" 9 : ! / + $ (One-Stop IT Handling Solution) ! , & 3 /& + /% ! - - + /% ( 4 &* : $ # " 44 *& / -" 9 : ! B4 + (Field Specific Solutions) : / -" 9 , -" 9 / > 4/ & $, -" 9 >& + * / -" 9 + ' "# + Firewall & IDS / IPS Solutions, Gateways & Anti-Virus Management Solutions, Patch Management Solutions 7 * 4 +& 3 + 7 # + (System Integration) 4 &* 8 / 7 , + 9 & + ZI &*" * - ! + # ! II $ 3 * 4 +& 3 : & $ ! 3 7 + 4 X & ! X, $ + ! ! * : - , 9 , -4 " >& + * , -" + *, 9- , * :"!*, } $ , $ >& + * / ? Bay Computing Company Limited is a leading IT solution provider for large enterprises. It was established in 1996 by a group of people who possesses a decade-long experience in implementing IT solutions for corporate in Thailand. Our company value is to deliver the best results to our customers by a team of service-minded experts who have deep understandings of technical knowledge and strong project management skills. Bay Computing has a wide range of IT solutions that suit every organizationHs needs, with our main solution being One-Stop IT Handling Solution that covers from IT assessment and planning, budget planning, IT implementation to post-implementation support. We also offer Field Specific Solutions, which focus on particular areas, including Systems Management Solution; Backup & Storage Management Solution; Network Management Solution; and Security Management Solution consisting of Firewall & IDS / IPS Solutions, Gateways & Anti-Virus Management Solutions, and Patch Management Solutions. Bay Computing offers many IT services ranging from IT consultation compliance consultation and service, system integration, implementation, system maintenance, incident support, outsourcing to financial services, such as financial lease and operational lease. Furthermore, Bay Computing also partners with many leaders in the IT industry, such as Trend Micro, Lumension, Procera Networks, SonicWaLL, Blue Coat, ArcSight, Lock Logic, Mirage Networks, and many more. Bay Computing Newsletter l Issue 1 l 3 Bay v1.pmd
3
2/11/2550, 15:12
COVER STORY
. . .
. . 2550
! The Computer Crime Act and the supporting technologies , Enterprise Solution Manager/ Senior Security Consultant, By Avirut Liangsiri, Enterprise Solution Manager/ Senior Security Consultant, Bay Computing Co., Ltd. 4 l Bay Computing Newsletter l Issue 1 Bay v1.pmd
4
2/11/2550, 15:12
COVER STORY
! % 9 ? ! : @ ! 7 ! + /+ + : ! !;:! Z$$, &> ? + 4 II &+ + !7 + % + 4 + & * 4.;. 2550 / ; ! + ‚ + 9 $ $ "# $ % * % 9 !, '! ( # [ + ! 21 4.;. 2551 ( + ! % 9 $ $ & : $ > / + 90 + 3 + 3 $ !7 + $ 4 II & B 3 , ! ! - -
@ 3 ! , & + , % 9 !7 + % / + + ƒ !7% 3 % 9 9 / !;/ % 9 $# & $ 9 $ $ ! 4 / , # & + , % 9 !7 + % ' * : 3 / + * & , $& -! % 9 !7 + % ! 3 & -! 7 : F & & @ : 500,000 !/ + : 5,000 !$ + $ 9 $ ! : ( , 3 4 II & / ; ! + 4 & : ! www.baycoms.com)
" # ! $%
4 I I & + + !7 + % + 4 + & *B 3 (& : 3 ? + @ ) @ 4 , % 9! : + ! $ !7% ! $ 4 + & * + # 7 ! ƒ + % ! $ + + % / : + + % / : 7 ! / & + % % 9 ! $ F & 4 $ ! & @ + $ 3 @ ! + ! & 4 , 4 & 9 $ $ (Traffic data) "# % 9 & $ > 4 / & 4 $ !
IT &! !, ! $ # 7 I/ ƒ + % & ? ! , @ B 3 $ / ++ ƒ ! ! 7 IT + & 4 : 4 8 : * & % 9 !7% / ,&+ % 9 !7% * : 1. $ & 3 ( !7 % 9 % 4 + & ? ! 3 / * 2. ! !
The Computer Crime Act B.E. 2550 (2007) has quickly become the new buzzword in town lately. This Act along with the promulgation on computer traffic data will come into force in the next year or on August 21, 2008. Until the set date, a company must be able to maintain its computer traffic data at least 90 days. In this article, we will present to you the technical point of view in this Act.
should be able to collect necessary computer traffic data and identify persons who commit an offence. Otherwise, those organizations shall be liable and fined up to 500,000 Baht and 5,000 Baht a day until the data were submitted to the officials. The complete details of this Computer Crime Act and the Amendment can be found on the Bay Computing website (http:// www. baycoms.com).
The aims of the Computer Crime Act
The requirements
The aim of this Computer Crime Act (hereinafter called DThe ActE) is to protect persons from being damaged by computer-related offences as well as to stipulate computer-related offences and to designate the relevant competent officials. Furthermore, the Amendment Act stated that the collected computer traffic data must be submitted to the relevant competent officials. The Act aims at identifying offenders and producing evidence of the commission of an offence. Thus, system administrators and executives of any organizations
Once you fully understand the requirements of the Act and its purposes, as an IT person, you should get prepared to protect your organization from legal liability issues and to identify the possible offenders. 1. Designate a committee to coordinate with other departments in an organization. 2. Evaluate the computer traffic data and the collection method to determine which pieces of information the organization should collect and how to keep them up to 90 days. Then set up a system to support this. Bay Computing Newsletter l Issue 1 l 5
Bay v1.pmd
5
2/11/2550, 15:12
COVER STORY " ! # $ % " ! & ' ( )' " # ) " )* 90 + -/ 1 $/ / 3 # +1 + $ % !* 3. 7 - / & & +$ + ' * + ! 3 , ! 9 / ! !X ' 4
! ' " " &!" ( 1. Firewall $ > 9 $ $ ! ! , $ > Log Firewall "# $ !7 : 9 ! 3 Public / Private IP + # NAT ! # 3 /& 9 3 $7 + / I $ > ! !X ' 4$# ! 7 I $ 3 & : / + >+ - $ > & $ > !, Connection ! 3 ! Allow / Deny 2. Authorization Log $ > 4 > + & & +& & ? "# 9 : # & +% 9 !7 + % :
3. Formulate information system security policy and measures as well as keep the system up-to-date and make sure that all policy and measures are enforced.
Types of traffic data that should be collected and related technologies
3. Web Server $ > 9 # (Access Log) ! & & % 9! 7 9 ! : !>$ 9 ' & 9/ : 4. Mail Server $ > 9 ; ! + ‚ 7 & $ > SMTP Log "# , e-mail address ! 3 % 9 / % 9 5. Instant Messaging $ > 9 & 49 , % - / Instant Messaging $7 ! 3 8 9 +: / 9/ !X ' 4 !7 , 6. HTTP Log $ > 9 # +> :"&*& ? % HTTP $7 & !7 4 # & + , ! : !7 3 ? - HTTP /& 3 * + % 9 & + - % 9 9 % 4 ƒ # & + , ! $ : 4 / : # 4 4 + & * ! 3 7. FTP Log > + HTTP Log $7& $ > 4 # % 9 !7% ! : % /4 9 ! :
1. Firewall log contains the traffic data on both public and private IP as well as NAT and is the easiest way to collect the traffic data. However, the size of firewall log is quite large, so it needs a qualified retention system with advanced search tool. The collected data should include both allowed and denied access information. 2. Authorization log collects the information on identities of persons who have accessed the system. With this log, the offenders can be traced back . 3. Web server collects the information on user access log to determine who bring illegal data into the system. 4. Mail server retains SMTP log which keeps e-mails of both recipients and senders. 5. Instant messaging log is necessary to detect data leakage and to monitor the staff performance. 6. HTTP log contains the information on website access through HTTP. Every time a staff accesses a
6 l Bay Computing Newsletter l Issue 1 Bay v1.pmd
6
2/11/2550, 15:12
COVER STORY
# + 9 ! : # (* / + : + + $ 3 9 7 !X ' 4
8 / 7$ Malware 3 +
) *+ 4. . . + + !7 + % + 4 + & * 4.;. 2550 @ ! 4 !X † / + X ( ! * >& / $ ' % 9 !; /& - *! : / * >: !7 & # $ !;! 9 # 3 !X ' 4 !7 & ? ! !7: #3 & $ ZI * / 8 !7 + % - 4 * !>$ 8. Malware Log $ > Malware (Virus, Spyware, Trojan, Botnet, etc) Log 3 4 ƒ 7 / + ! $ #3 $ ! Botnet Spyware / * -$ & 4 + & * % 9 $ : + "# Log 3$7 7
website, he/she must supply his/her user name and password. Therefore, the user identity can be traced back, not just the computer. 7. FTP log, like HTTP log, is used to identify persons who publish illegal information.
3 ƒ : ! # $# + - 3 4 & 4 / , + & ? & ƒ 4 !X ' 4 !; * #3 # / + % /4 + 9 + $! 9 & / 4 4 / % 9 & ? >$ # 3
but will prove useful in the future since it gives an organization the opportunity to enhance and facilitate the evaluation of its information system as well as minimizing existing problems and human errors. As IT people, we should seize this opportunity to build more effective information system and communicate knowledge to other members of the organization.
8. Malware log keeps information regarding malware (Virus, Spyware, Trojan, Botnet, etc) and will be used as evidence against the accusation that may arise from Botnet or Spyware which send spam mails or attack computers and may cause damage to other people. The log is supporting evidence that these malicious activities are performed not knowingly and not involved with the organization. Also it evaluates the methods that are used to protect and eliminate this malware.
Conclusion The 2007 Computer Crime Act aims to protect persons from being damaged by computer-related offences and manage the internet usage by organization staff. It may cause some difficulties for management at first, Bay Computing Newsletter l Issue 1 l 7 Bay v1.pmd
7
2/11/2550, 15:12
SOLUTION UPDATE
Computer Crime Act Solution , Engineer, By Kong Chantem, Engineer, Bay Computing Co., Ltd.
* 4 +& 3 : + / 7 ! - - , ! % ! / + % % Computer Crime Act Solution 4 & & 7 & 4 II & + + !7 + % + 4 + & * 4.;. 2550 / ; ! + ‚ ! 4 ;
To comply with the Computer Crime Act and the Promulgation B.E.2550 (2007), Bay Computing has created the new Computer Crime Act Solution which is a combination of the latest technologies that has been tested and properly researched. This solution comprises of: 8 l Bay Computing Newsletter l Issue 1 Bay v1.pmd
8
2/11/2550, 15:12
SOLUTION UPDATE
1. Traffic Data Recognition ! ; ! - - Deep Flow Inspection (DFI) / Datastream Recognition Definition Language (DRDL) !7 : 9 $ $ (Traffic Data) + & & 7 ; ! + ‚ ! - - 3$ !7 ! & +$ ! &* Network traffic Application layer !7 & * Network traffic !7 / :! * ! & +$ (/ ! 66ˆ : 9 & / 7 !7 * $ / * + X* / 44 ! $7 & 7 X, $: !X ' 4 $ 3 !7 ( Layer 7 Firewall !7 > ! &* " *+ ! : & : ! 3 9 & Network traffic ! 9 !# :+ 7 & +$ ( / + * Z I ! $ 9 : / + !7
9 / Layer 2 Transparent (Bridge) !7 & & 3 !7 + ! 9/ +
1. Traffic Data Recognition that utilizes both the Deep Flow Inspection (DFI) and Datastream Recognition Definition Language (DRDL) to produce all traffic data as required by the Act. To facilitate the monitoring of the network traffic, this technology examines the content of the network traffic at the Application layer. It also operates in the real-time manner and is able to gather all the needed network traffic data correctly and completely. Organizations can use this data to effectively manage their network traffic. The Traffic Data Recognition also includes the Layer 7 firewall, which helps blocking the unwanted content and service. The network traffic statistical data can be analyzed for network usage and problems. With the Layer 2 Transparent (Bridge), it can be installed and implemented with the existing systems immediately without any further configuration.
: ! ! - : & 6ˆ 9 2. Logger Appliance !7 $ > 9 $ $ ! & $ > 90 + # 1 [ !7: !X ' 4 / 9 & & 7 @ ! - - 3 + + 9 $ $ 4 + & * !, , (* $ > :+ ! ;9 * / 4 4 3 ! $ > & $ 9 4 Z / !7 9 9 + :+ + / + 4 X* : ! X ' 4 $ " 3 4 3 ! 4 $ > 9 $ 7 , / 7 ! @ 8 / 9 ! 9 > :+ $ #
! @ : ! 3 3 $ > 9 + & 7
@ & ; ! $7 ?
: 3 & 4 $ ( ! 4 3 ƒ /& * ! + # : / Network Time Synchronization, User identification and access management, Instant messaging logger, E-Mail logger &
Computer Crime Act Solution
! " # kong@baycoms.com $ . 0-2962-2223
2. Logger Appliance can efficiently and cost-effectively store network traffic data from 90 days up to 1 year as required by the Act. This technology collects the network traffic data of all sorts, which will be suppressed and stored in one place for easy searching, saving spaces, and maintenance cost reducing. The data will also be encrypted to protect it from being compromised and to comply with the computer forged data protection section of the Act. This stored data can be used as evidence in a court of law. However, to gather all data required by the law, some additional applications may be needed, depending on the organizationHs infrastructure. These applications can be Network Time Synchronization; User identification and access management; Instant messaging logger; E-Mail logger; and so on.
For further information on the Computer Crime Act Solution, please e-mail us at kong@baycoms.com or call 0-2962-2223.
Bay Computing Newsletter l Issue 1 l 9 Bay v1.pmd
9
2/11/2550, 15:12
SOLUTION UPDATE
Data Leakage Prevention Solution By SecureWave Device Control ! " #" , Engineer, By Pramote Uthayochat, Engineer, Bay Computing Co., Ltd. $ 7 +$ Computer Crime and Security Survey CSI/FBI [ 2549 4 + 75 * "> &* !! 3
Fortune 1000 ZI 9 ! + +: / 7 +$ IT Policy Compliance , ' 4 X* 2550 4 + 9 5 / * ! 9 - + : 9 !7 : / 9 + 9 ! 4 / + ' !; / &, $ + % 4 4 @ ! / $ -9 $ 9 ! 9 - + : 9I : 3!7 + / & * ! 3 ! / & -& ! & !7 !&
According to a 2006 CSI/FBI Computer Crime and Security Survey, 75 percent of Fortune 1000 companies fell victim to data leakage. Additionally, a February 2007 survey conducted by IT Policy Compliance indicated that the top five organization data that are most likely to be stolen, leaked or corrupted are customer data, financial data, corporate data, employee data, and information security system data, respectively. The findings also said that the top leading causes of this data loss are user error and violations of policy. In the end, the possible attacks along with the lost data could harm organizations financially; destroy the companiesH reputations; and obstructing plans for their future growths. With a good security
+ 7 I -" 9 4 8 9 +: + + SecureWave Device Control -" 9 8 9 +: ! % 9 /4 + 2 1,700 * ! + - + , , (* & ? ! & 4 + & * 4 7 , (* 3 !# 9 : & !X †! * 7 :+ 7 !X † !7 + - - 7 : , (* / 3 , (* / , !X † 4 /& /& & : $ 3 !# 9 ! % :6 * !7 7 :6 * 3 ? > :+ " *6 + *
solution, organizations can mitigate the risks of data loss. SecureWave Device Control is a security solution that protect against data leakage and has been used by more than 2 million users in 1,700 organizations worldwide. The solution controls removable devices connected to computers by specifying the types of information that can be opened and saved in these devices. The authorized devices can be specified on the White List by their types or their names; the user authorization can also be implemented via this list. In addition, the Access Control List (ACL) can be set on servers to permit only authorized users entering the systems. The ACL can be copied and
The connection types that can be controlled are : USB, FireWire, Bluetooth, WiFi, PCMCIA, PS/2, LPT, IrDA, IDE, COM, S-ATA, SCSI
!" # $ !" % & %'# ( )* + ( % # ( !) , % +" # + - ' % . ( ) / %0 .( +
% 1 2 ! / 0 ( 2 - # / 0 % # ( % # ( ' % % 2 % # . 3
Data Leakage Prevention Solution
! " pramote@baycoms.com #$ %"#. 0-2962-2223 #$ " & 30 # ' ( ) # ! " http:// www.baycoms.com
viewed later for auditing. The solution also allows users to set the files type that can be saved into removable devices along with the encryption ability to ensure that the inside information will not be leaked or stolen in case when the devices were lost. Computers brought outside of companies will be granted with the same permissions unless users request for temporary authorization on the automatic system or new authorization has been granted when reconnects to the system.
For further information on the Data Leakage Prevention Solution, please e-mail us at pramote@baycoms.com or call 0-2962-2223. You can download our 30-day free trial version on our website at http://www. baycoms.com
The removable devices that can be controlled are : USB Memory, Sticks, ZIP Drives, PDAs, Tape Drives, Hard Drives, Floppy Drives, Biotech Drives, Modems, Wireless LAN, Adapters, Digital Cameras, CD/DVD, Burners/Players, Scanners, Smart Card, Readers, USB Printers.
10 l Bay Computing Newsletter l Issue 1 Bay v1.pmd
10
2/11/2550, 15:12
SOLUTION UPDATE
Bay Computing Newsletter l Issue 1 l 11 Bay v1.pmd
11
2/11/2550, 15:12
12 l Bay Computing Newsletter l Issue 1 Bay v1.pmd
12
2/11/2550, 15:12