The 6th International Workshop on ‘Internet Security: Enhancing Information Exchange Safeguards’ was held from 19th to 23rd December 2016, in Rabat, Morocco. The event was jointly organized by COMSATS; the Islamic Educational, Scientific and Cultural Organization (ISESCO); and the Inter Islamic Network on Information Technology (INIT). The workshop was inaugurated by Dr. Tariq Mahmood, Director (Science and Technology), ISESCO, on the morning of 19th December 2016, at ISESCO’s Headquarters in Rabat. The inaugural ceremony was attended by a number of IT professionals, researchers and students, belonging to universities, R&D organizations and government departments of Morocco.
During his address, Dr. Tariq Mahmood welcomed and thanked the subject experts/resource persons as well as foreign and local participants for their participation in the event. He stated that the rate of evolution of Internet is very high, as the world-wide demand of connectivity is increasing, which requires IT experts and cyber security professionals to continuously update their knowledge and skills. He informed that ISESCO is striving to create a critical mass of IT experts in the Islamic countries, in order to protect information available online. In this regard, he admired the five resource persons of the workshop for traveling long distances in order to train the participating IT professionals and update their skill-sets so that they in turn effectively perform their duties, and possibly contribute as master trainers in their respective organizations/countries in the future. He hoped that the event, which is the last capacity building activity of ISESCO for the year 2016, will be able to achieve the desired results, and thanked COMSATS and INIT for collaboration in this regard.
Earlier, Mr. Fazal Abbas Maken, Executive Director COMSATS, in his message read out on the occasion by Mr. Tajammul Hussain, Advisor (Programmes) COMSATS, extended gratitude to ISESCO and INIT for joining hands with COMSATS in order to organize the workshop. He noted that the general public and organizations/companies rely heavily on computers, laptops and smart phones connected to the Internet for performing various day-to-day activities. He stated that the cloud-based operations require the information/personal documents to be stored on remote servers, which render organizations, particularly businesses and financial institutions, at a higher risk as the stolen internal documents can cause a tremendous amount of financial losses. He, therefore, stressed the need of capacity-building of cyber security professionals and IT experts in order to ensure that the identities, documents and passwords of individuals, organizations and businesses are not compromised. He acknowledged the consistent support of ISESCO and INIT towards COMSATS’ programmes and activities in the common Member States, and looked forward to more fruitful collaboration in future.
Mr. Tahir Naeem, Executive Director INIT, stated that Internet is continuously evolving, and has been successful in reducing the cost of, and increasing the convenience in, many daily life activities. However, he noted that the online environment is infinite and much less governed, due to which the cyber crimes and misuse of information available on Internet is a critical issue having tremendous financial consequences. He, therefore, called for greater efforts and collaboration in order to safeguard the online environment. He also shared the mission and ongoing activities of his organization in the field of Information Technology.
The technical sessions of the five-day workshop were attended by 40 young researchers, academicians, system administrators and cyber security professionals, belonging to Palestine, Uzbekistan, Iran, Sudan, The Gambia, Ivory Coast, and Morocco. The event provided a forum to the participating researchers and professionals to learn about the latest advancements in the field of Internet security; use of state-of-the-art technologies for protection of network and network accessible resources from different types of software attacks; and working out effective Internet/information security solutions for general public, governmental organizations and commercial enterprises through rigorous risk analyses and security management approaches.
During the first technical session, Dr. Haider Abbas, Research Fellow/Assistant Professor, Center of Excellence in Information Assurance, King Saud University, Saudi Arabia, imparted training on ‘Organizational Security’. During the session, he covered the following topics: Certification of Organizations; Practical Approaches to Organizational Information Security Management; ISO 27001: Information Security Management System; Risk Assessment; Risk Calculation Methods and Treatment Strategies; Gap Analysis; Information Security Policy/Procedures Writing; and Information Assets Identifications & Valuation. He also conducted practical exercises on: Gap Analysis; Risk Assessment & Treatment; Statement of Applicability; Internal/External Auditing; and Organization’s Certification Process.
The second technical session was conducted by Mr. Zafar Iqbal Mir, Deputy Head, Information Security Risk, MENA – HSBC, UAE. He covered topics related to dissecting a cyber-attack, including Reconnaissance (Recon), Scanning, Gaining Access, Maintaining Access, and Covering and Hiding Tracks. He also touched upon topics related to various types of attacks, including Anatomy of a Sample Distributed DoS (DDoS) Attacks, Evolution of Botnet Configurations and DDoS Attacks, the concept of Kill Chain, Mitigation Techniques and Layered Security Approach.
The third session was conducted by Mr. Syed Mustafa Raza, Director – Solutions & Consulting (Info Sec), IXTEL Dubai, and Consultant (Pre-sales Solutions), Gulf Bridge International, Qatar Foundation Group, UAE. He imparted training on the following aspects of cyber security: Defining Vulnerability, Exploit, Threat and Risk; Creating a Vulnerability Report; Conducting an Initial Scan; Common Vulnerabilities and Exposure (CVE) List; Vulnerability Detection Methods; Types of Scanners; Port Scanning and OS Fingerprinting; Enumerating Targets to Test Information Leakage; Types of Exploits: Worm, Spyware, Backdoor, Rootkits, and Denial of Service (DoS); Deploying Exploit Frameworks; Implementing Scanner Operations and Configuration; Choosing Credentials, Ports and Dangerous Tests; Creating Custom Vulnerability Tests; Customizing Nessus Scans; Filtering and Customizing Reports; Interpreting Complex Reports; and Contrasting the Results of different scanners.
During the fourth session, Mr. Asad Raza, Professional Technical Faculty Member, Information Security Engineering Department, Institute of Applied Technology, UAE, imparted training on: Steps in Incident Handling; Information Gathering and Reconnaissance; Vulnerabilities in Microsoft Windows; Metasploit Framework; Exploits and Payloads; Auxiliary Modules; Security Issues in Wireless Networks; Social Engineering Toolkit and Prevention Methods.
The final session of the workshop was conducted by Mr. Muhammad Faheem Qureshi, Lecturer, Abu Dhabi Polytechnic, Institute of Applied Technology, UAE, during which he covered the following aspects of Digital Forensics: Evidence Handling; Roles and Responsibilities; Phases of a Digital Forensic Process; Memory Forensics; Storage Forensics; and Microsoft Windows Forensics. All the technical sessions were highly interactive.
Speaking at the Concluding Ceremony held on 23rd December 2016, Dr. Tariq Mahmood thanked the subject experts/resource persons of the workshop for sharing knowledge and expertise with participants. He called for greater collaboration among the developing countries in this important field. Dr. Mahmood thanked the Organizing Committee members from ISESCO, INIT and COMSATS for working hard to make this event a success. He also thanked the local and foreign participants for their active participation during the workshop. He hoped that the connections made during the workshop will be maintained for future collaborations and learning.
The ceremony concluded with the distribution of certificates by the representatives of ISESCO, COMSATS and INIT among the resource persons, local and foreign participants, and Organizing Committee members.