Engineers' Society sponsors presentation on computer security (08/29/04)

Engineers' Society sponsors presentation on computer security

NEW YORK - On April 20 the New York City Chapter of the Ukrainian Engineers' Society of America (UESA) recently presented a lecture by Ivan Durbak, chief information officer at SUNY Downstate Medical Center in Brooklyn, on "Computer Security: Protecting the Integrity, Availability and Confidentiality of Computer Systems, both at Home and at the Office."

Mr. Durbak provided a broad overview of all aspects of computer security, at various levels across organizations and on the home front. He addressed key questions such as: What is security? Can open access and privacy and security co-exist on the Internet? Who polices the Internet? How do we deal with computer viruses and "spam-rage"?

Mr. Durbak began from a national perspective, describing the major federal legislative initiatives: Gramm-Leach-Bliley Financial Modernization Act (1999), Health Insurance Portability and Accountability (HIPAA) Act, USA Patriot Act (2001), Sarbanes-Oxley Act (2003) and the recent CAN-SPAM Act (2004).

He then detailed the typical computer security actions by modern organizations: risk assessment, designation of a chief security officer, physical controls, environmental controls, access controls/password management, audit logs, transmission/network controls, encryption, audit logs, disaster recovery and business continuity, incident response plan and drill, policies and procedures, and awareness, education and training.

Mr. Durbak next described current e-mail problems, for both large organizations and the individual consumer, and described ways to deal with "spam." He then discussed computer viruses, which are small files that attach to e-mails or downloads and infect the user's computer. Mr. Durbak reviewed in depth the "hacking" problem and described in detail hackers as "the underbelly of the Internet: people who randomly scan the Internet to find openings so they can go in and snoop around, and, once in your machine, they have as much access to it as you do, including your online banking, personal data, family data."

Mr. Durbak, who has conducted considerable research on the worldwide hacker community, described their profiles, their habits, their culture, their hacker conferences, and described how hackers use commonly available software in a typical hacker attack: first they reconnoiter the organization's perimeter, then scan servers, ports and services, identify vulnerabilities, plan the attack, then execute the attack, secure back-door access, and finally eliminate all traces and evidence.

He identified the top 12 defense actions to take, at both the corporate and individual PC level, to protect against virus/worm attacks.

Mr. Durbak also described spyware and adware, and how to deal with both.

Finally, Mr. Durbak provided tips and hands-on advice, listing the eight items necessary to ensure computer security: physical controls, access controls (passwords), anti-virus software, patch management, firewalls, IDS (intrusion detection), security awareness and common sense.

Throughout his presentation on April 20 Mr. Durbak kept the audience engaged and involved with a balance of technical material and practical real-world problems.

The evening concluded with informal and convivial discussions over food and drinks.

This was the fourth in a series of engineering and scientific lectures presented by the Ukrainian Engineers' Society of New York City during the 2003/2004 year. The Ukrainian Engineers' Society of America is an association of technical/scientific professionals and students, including engineers, scientists, architects and businesspeople. Its mission is to help advance members' professions, foster interest in technical and economic issues in Ukraine, and provide a social and professional network of mutual support. To learn more about the UESA, visit the website at www.uesa.org or write to UESA, 2 E. 79th St., New York, NY 10021.

| Home Page |