KARACHI: PakCon III, the third conference on IT-based security, with the slogan, ‘Where security matters’ was held Thursday at a local hotel and its organizers said that attendance has gone from 70 attendees in the first year to a turnout of around 170.
Faiz Ahmad Shuja, president of PakCon and CEO of Rewterz, said that more and more information is going online in the country and it’s important to make people aware of the risks that come with the likes of online banking and computerized IDs among others. It’s especially important for the companies themselves to protect its own information and the information entrusted to it by its customers.
There were 10 presentations on the first day, including a round-table discussion panel on various information security topics. And training sessions on hacking are supposed to take place today and tomorrow. This is the first time this convention has introduced training workshops, and the response has been very good, said Shuja.
During the day’s events, Faiz Ahmad Shuja talked about enterprise security monitoring. His presentation addressed the problem of excessive noise within the logs that are kept on your systems and how you generally cannot count on the logs that are maintained by various applications, servers and firewalls.
Ahmad Elkhatib, a security consultant from Pointsec in the UAE, gave a presentation on data leaks. Increasing worker mobility and the abundance of unstructured data has introduced new risks to your information. Another speaker from the UAE, Dr Fadi Aloul, a computer security professor from the American University of Sharjah, gave a presentation on how you can secure your wireless networks. It’s not like Pakistan has an abundance of wireless networks in the first place, but tackling this issue preemptively is a wise decision. Because when Pakistan does go wireless, it will at least have some idea on what can be done to stay safe.
Aloul presented the results of some research work that was carried out in the UAE by his students. According to the research, about 50 percent of the wireless networks in the UAE are wide open for attacks – and not only the WiFi systems in residential areas but in corporations as well. He addressed simple methods that you can follow to make your wireless networks secure.
Aloul’s presentation was followed by Jawad Sarwana’s on prosecuting hackers. Sarwana is an advocate of the High Court of Sindh and has advised several international clients in the banking and IT sector on electronic commerce and cyber crime laws in Pakistan. His presentation was on hackers and how the law deals with them. His main focus was the Electronic Transaction Ordinance of 2002 that says that any entry into a system, for any reason what so ever, is punishable by jail time and a fine. This poses a problem even for the hackers that want to help.
He gave an example of someone that called him up and told him about vulnerabilities in a certain bank’s network that they broke through. They told him that they wanted to go to the bank and tell them where their issues were. But he had to advise against it because they could’ve been put in jail for doing so. He said that the only court case that has come up using that ordinance was one of his.
Tan Tiek Guan, from Data Security Systems based in Singapore, talked about two-factor authentication with greater emphasis on financial institutions. Pakistan-based researchers, Muhammad Omer Khan and Muhammad Ahmed Siddiqui, spoke about web application worms and 32-bit Windows exploitation respectively. And then members from Pakistan’s Honeynet project, Syed Jahanzaib Sarfraz and Ayaz Ahmad Khan, talked about botnets and how attackers go undetected.
Source: Daily Times
Date:7/27/2007
