Information Security involves a wide variety of IT fields ranging from application to the physical layer. In order to provide better services, we have categorized our services into four parts:
To keep our network devices safe, we have to make sure that our devices are being patched constantly. To do that we will initiate active port scanning and firewall testing to make sure that all our hardware are working as intended.
Each terminal on the Internet must be running some sort of Operating System and they are the ultimate target in every attack. It is important to make sure that each terminal has some sort of firewalls, anti-virus, host intrusion prevention system (HIPS) and unwanted-programs scanner depending on the level of importance it has in our network. It is also important to make sure that all the defensive mechanisms are being updated constantly. Host security is the last line of defense if everything else fails and it has the highest difficulty in maintaining them since the end users has more control. Therefore, host security will also include basic information security education for the average user.
Web Application Security
The Internet has become one of the most popular applications in the cyber world, and web browsers are the windows to the ever changing world. Because of the popularity web browsers are receiving, and increase security awareness in the network layer, hackers are now looking at flaws and vulnerabilities in the application layer. The application layer is the most popular means for hackers to steal personal information, username and passwords, or even simply hacking into the systems. We will constantly conduct active scanning on websites that are housed in ASCC, and will report any potential flaws or vulnerabilities to the related departments and developers.
Wireless Networks are gaining popularity among computer savvy users and users that are constantly on-the-go. When a user hooks on to an insecure wireless network, it exposes the user to the outside world, thereby increasing the chance of being infected by bots, malwares or spywares. And when the user connects to company local networks, there is a higher chance for the unwanted programs to propagate through the networks and infect other systems locally. It is important to educate the users to watch out for such activities when they connect to the wireless networks, and we will be constantly monitoring the available wireless networks to make sure they are either encrypted or safe from phishing.
Information Security is a learning process and it is important to raise the awareness and understanding on current security issues within Academia Sinica. Our group will be conducting classes and talks to achieve this objective and to help create a safe and enjoyable working environment.
- Team: Group of information safety
- Location: Rm. 4005
- Phone: 2789-8884
- Email: kaebin10 at gate.sinica.edu.tw, cloud at gate.sinica.edu.tw