E-Business 28th May 2008

Question 1:

What is intrusion detection? (Intrusion = how the system detect when something come to the system)

With the exponential growth of internet and network computers, cybercrime has become one of the most pertinent problems in the computer world. All over the world, companies and governments are increasingly dependent on their computer networks and communications, hence the need to protect the system from attack. From online credit card, compromise computer server and other primary enormities have created a crowd of distrust among online customers. There is a need to find the best way possible to protect our information system.

A single intrusion of a computer network can result is lost, unauthorized utilization or modification of large amount of data and caused the paralyses of normal usage of the network communications. Intrusive behaviors can be categorized by different attack types. Intrusion Detection System (IDS) can deal with the compucational intelligence involved in realizing that some attacks are underway, alert the system administrator of its form and severity and perhaps take preprogram or adaptively learnt measures to prevent the intrusion.

Intrusion detection is identifying unauthorized users in a computer system. It is also define as a problem of protecting computer network systems from being compromise. In the early days of computing security was not considered a big concern for system and software design. The security problem which appeared in 1970 was mainly unauthorized users breaking into users account with the intention of stealing important information. Starting from the exponential growth of the internet from a network system and devices has make securities a major concern. Over the years, the network security community have developed several specialize system to secured network infrastructure that include network scanners, vulnerability analyzer, firewall and IDS.

Every system focuses on different aspects of providing protection with different functionality. Individually, the systems do not provide complete security, but on the other hand if a few of the system properties are combining and deployed throughout the network, they might provide robust security services.

Question 2:

What are the current threats on the network infrastructure?

The issues related to network security has been lingering for a long time now, specifically on the numerous potential threats to information on a network. Threats to network security range from harmless trend, demonstrating crime of destruction and theft. This threat can come from sources that are either internal or external to the network.

Internal threats to a network are a major source of strain on the level of security attained by that network. This threat generally comes from unethical employees in the organization.

External threats to network securities generally referred to as hackers, can be equally or view sensitive information, hackers must use password sniffers, IP flooping and e-mail attacks. Regardless of the method used to gain entry on through a network or view communication data. Hackers can fully jeopardize the network security and potentially to strongly damaged to the data and system within. The virus is potentially one of the most dangerous threats to network securities. Viruses can corrupt or destroy data, alter files and possibly bring a network to a grinding halt. (Halt = Stop)

Additional forms of malicious software such as Trojan Horse, Worms and Logic Bombs exist as threats to network securities. Recent threat for the network users us huge DDOS attacks. A denial of service can be launch in many different ways. This is to denial a victim (host, router or entire network) providing or receiving normal services in the internet.

Question 3:

What are the existing protection measures for network?

As the network growths faster, threats to the network also rise together. Unfortunately, the preventive measures of preventive techniques are not hardened and are unable to handle the issue raise by the threats.

The first method of protection is to address the actual physical layer of the network to assure that it is properly equipped. Physical security is an initial concern when designing a secured network. The easiest and best way of protecting important machines like servers is to secure them under lock and key. However, this is not a complete solution instead it should be use in parallel with other crimitive measures.

Additionally, firewalls and encryptions should be incorporated into a network to heighten the security. A firewall is a gateway to which information enter and exit. On one side of the feet side on the information needed from the outside world combine with the undesirable threats if external networks.

Encryption is a method to which network security is heightened and encrypted document cannot be raid by anyone who does not posses the key or formula that is used to translate the original text into chipper text. Use properly and in combination of this techniques to provide a concrete foundation for a secured network.

Question 4:

What are the desirable characteristics of any Intrusion Detection System (IDS)?

There are a few desirable characteristics based on (Sundaram 1996, Gross 1997, Jackson 1999, Base 2000) and most of the currently available IDS satisfied few conditions:

i) It must run continuously with minimum human supervision

ii) It must be fault tolerant. The system must be able to recover from system crashes

iii) It must resist subversion that must be significant difficulty for an attacker to disable or modify IDS. The IDS must be able to monitor itself and detect if an attacker had modified it

iv) It must be host only a minimal overhead on the system where it runs to avoid interfering with their normal operations

v) It must be configurable to accurately implement to security policies of the system that are being monitored

vi) It must be easy to be deployed. This can be achieve to portability to different architectures and operating system through simple installation mechanism

vii) It must be adaptable to changes in system and uses behavior overtime

viii) It must not flat any legitimate activity as an attack and must not be failed in any attack

Technically it is not feasible to build a system with the entire above characteristic as the hardware industry has not come of age to take this burden. Further processing of network packets need resources that there are more delegated. Also, the normal user profile might change from time to time as new network techniques come into the market. Consequently, any IDS must have constant updates about the normal user behaviors. Although IDS without human intervention is highly impossible at this moment, yet it is possible with minimum supervision.

E-Business Law 21st May 2008

Question 1:

What is Cyberlaw?

It is the law, governing the use of computers and the internet and focuses on a combination of a statutory decisions and administrative law arising out of the use of the internet as any other law. Cyberlaw can be in the category of criminal or civil, because crime and civil wrongs can take place in the cyber space. Cyberlaw has no traditional safeguards. Therefore, those who pioneer the new world of online commerce need to understand both the existing laws and those elements of the new environment.

Question 2:

Why is there a need for Cyberlaw?

In the current transition into the new virtual internet world of unseen parties and machine interactions, old laws are loosing their effectiveness to ensure that the innocent are protected and the guilty paralyzed. This happens when e-commerce becomes part of our daily life and the involvement in business or e-commerce is increasing from day to day. Old laws will not be sufficient to do justice in parallel with social and economic developments, naturally progressing with IT environment on the new economic front.

The laws we have today are based on environments and economist that existed decades ago. Much of these, legislations will no longer be relevant in the new economy. In the new, borderless world, contracts are concluded within seconds with machines making deals with other machines while playing the intermediary role for humans. The need for machine centric law is the internet has also created new areas that married governs. We need cyber laws that define how machines can co-operate better for our betterment.

Question 3:

What is the Cyberlaw legislative trend in Malaysia?

The emergence of cyber laws in Malaysia is at a fast phase. Malaysia, whose e-commerce market is still at its initial state, it is actually looking at us, UK and some other Europeans country laws as a basis of information in “enacting” the cyberlaws and as a possible role-model for the national approach and few legislations have been enacted in Malaysia concerning cyberlaws since 1997. They are:

i) The Digital Signature Act 1997

ii) The Telemedicine Act 1997

iii) The Copyright (amended) Act 1997

iv) The Computer Act 1997

v) The Communication and Multimedia Act 1998

In addition, the government has passed the data production of 1999. This act is intended to provide for protection or individual personal data rather than regeneration of industry.

Question 4:

What are computer crimes?

Computer crimes have been defined as an illegal act that involves the computers, its systems or its applications. It is an intentional act associated in any way with a computer where a victim suffered or could had suffered a lost and the “perpetrator” make or could have made again. Computer crime in other words is any illegal act for which knowledge of computer technology is essential for its perpetration, investigation or prosecution.

Computer crime may include,

i) Intrusion

ii) Password Sniffing

iii) Cyber stalking

iv) Computer sabotage

v) Mail bombs or identity theft

Password sniffers are program that monitor and record the name and password of network users as they login, “jeopardizing” security. On the other hand, cyber stalking is a computer crime of sending harassing or threatening email to others. These includes e-mail threats, e-mail bombs, sending unwanted message forged e-mail source address and in appropriate posting on message box. Cyber stalking usually targets woman and children.

Many agree that cyber criminals have to be prosecuted. However, securing a conviction is not that easy. Main obstacles are the trans-jurisdictional, nature of computer crime. Extra jurisdictional nature of computer crimes always gives rise to difficult jurisdictional issues. Example of case: R against Governs or Brixton Exparte Levin.

Question 5:

What is Internet Service Provider (ISP)?

ISP’s are organizations that have permanent connection with the internet and sell temporary connection to others for a fee. Such local ISP’s connect to regional host computers operated by national service providers. The ISP’s may be vulnerable for providing avenue for breaching copyright hosting pornographic material and defamation act 1988.

In Malaysia the ISP’s may be remediable under Section 211 and 233 of the Communication and Multimedia Act 1998 Prohibits Communication. However, do not give explanations as to whether an ISP liability depends on its function as a publisher.

Question 6:

Is pornographic materials posted by foreign ISP is a crime in Malaysia?

Under the Malaysian Penal Court, distributing pornographic materials is a crime. Section 292 and 293 of the Penal Court prohibits selling litany, distributing or circulating pornographic materials. The Communication and Multimedia Act 1998 prohibits communication of pornographic materials over the internet under Section 211 and 213. Under these two sections not only the content provider but also the service provider can be held liable for allowing transmitting and accessing off scene materials.

Question 7:

How the Malaysian courts, got jurisdiction to hear cyber law case?

The Malaysia court, has assigned by the Federal Constitution under Article 128 can hear civil cases if the course of action arose in Malaysia. The Malaysian Courts may have jurisdiction over non-resident defended if punitive co of action falls within the scope of OPER II (I) or RULE 2, of the rule of high court 1980. In addition the Malaysian courts under Section 121 of the criminal procedure court will have criminal jurisdiction of every offense that was committed within the local limits – REJONG NAM SENG (because of retired).

Question 8:

What is the future trend for cyber law?

There far too many technical features in cyber space that will certainly call for legal response. Therefore, there is a need to have sufficient comprehensive law to settle the misconduct civil breaches and criminal act. In enacting cyber law, one of the pain problems is the failure of the legislators to understand the nature of the internet how it is used in the online environment. Due to this failure law may be challenged in Malaysia as in the US and UK. Therefore, cyber laws have to be drafted with knowledge of the nature of internet even if it means a considerable burden. Since cyber activities involve trans-border and borderless activities, international efforts in this regards should be welcome.

E-Business Law

E-Business Law - Tutorial 1

Question 1

Describe the various sources of law in Malaysia:
i) Written Law
ii) Unwritten Law

Answer:

i) Written Law

A written law is a source of Malaysian Law which includes the following:
a) The Federal and State Constitution
b) Legislation
c) Subsidiary Legislation

The Federal Constitution is a supreme law of the length. Besides laying down the most important powers of the states of the government, the Federal Constitution enshrines the most basics or fundamental rights of the individual.

The state constitutions are the various constitution regulations regulating the government of Malaysia respective 13 states. The constitution provides from matters enumerated (taken from) in the 8 Schedule of the Federal Constitution. Such provision include the matters relating to the rules, the executive counsel, the legislature, the legislative assembly, financial provision, state employees and amendments to the constitution.

Legislation is the law elected by the legislators that is Parliaments at federal level and the various state legislative assemblies at state level.

Subsidiary legislation is defined in the interpretation act as “Any Proclamation, Rule, Regulation, Order, and Notification by Law or any Instruments made under any ordinands, electment or other lawful authority and having legislative effects”. Subsidiary legislation supplements (helps) legislation by Parliaments and the other state legislatures as legislation alone is insufficient and lacks, details in the governing of everyday matters and in practice.

Subsidiary legislation is insufficient and lacking in details, therefore Minister and local authorities must legislate (make the law). Subsidiary legislation may in contravention (against) of either apparent act or the Federal Constitution is void except in a proclamation of emergency under Article 50 of the Federal Constitution– Eng Keock Cheng vs. Public Persecutors (case happened).

ii) Unwritten Law

Another important source of law is unwritten law which comprises the following:

a) Principle of English Law applicable to local circumstances
b) Judicial decision and judgment of the superior court. Example such as the Federal Court and as well as those of the subordinate courts (Session Court, Magistrate Court).

Muslim Law is also an important source of Malaysian Law. Although it is only applicable to Muslim and its administered by separate system of court (Syariah Court). This source of law is important since Muslim from majority religious group in whole of Malaysia.

Another source of law in Malaysia is English Common Law and the rules of equity (justice/fairness). Where this is a conflict between common law and equity, equity prevails. In Peninsula Malaysia, common law of England and the rules of equity applied as administered in England on the 7th April 1956. Where there is a conflict between English law and written law of Malaysia, a Malaysian written law prevails.

Textbooks are regarded as authoritative statements of the law which are reliable as another source of law.

Question 2:

English common law and the rules of equity from part of the law in Malaysia. Discuss the extend of the application of the English common law of Malaysia.

Answer:

Section 3 (1) (a) of the Civil Law Act of 1956 state that the court of Peninsula Malaysia shall apply the common law of England as well as equity as administered in England on 7th April 1956. In the state of Sabah and Sarawak, the common law of England and the rules of equity shall apply together with the statutes (act of parliaments) of general application as administered in England on the first day of December 1951 and 12th day of December 1949 respectively.

However, the application of English Law throughout Malaysia is subjected to 2 limitations:

a)It is apply only in the absence of local statutes on the particular subject. Local law takes precedent over English Law as a latter is mended to fill the gaps (lacuna) in the local system.

b)Only the part of English Law that is suited to local circumstances will be applied. The provision of Section 3 (1) of the Civil Law Act 1956. It state that the common law, rules of equity and statutes of general application shall be apply so far only as the circumstances of the state of Malaysia and their respective inhabitants permit and subject to such qualifications as local circumstances render necessary.

The reason for this provision/proviso is that, in the nation of diverse races practicing a variety of custom and religions, importing the law from England in its entirely would be imposition of a totally alien system on a society quite different from English society.



E-Business Law - Tutorial 2

Question 1:

Describe the constitution, powers and jurisdiction of the High Court in Malaysia

Answer:

The High Court is headed by two chief judges, one in Malaya and one in Borneo (Sabah and Sarawak).

The jurisdiction of the High Court is original, appellate and supervisory. In the exercise of its original jurisdiction, it has unlimited criminal and civil power.

In the exercise of its appellate jurisdiction, the High Court has civil and criminal appeals from the Magistrate Court and the Session Court.

The High Court also possesses the power to refer any point of law arising in the appeal for the decision of the court of appeal if its feel that it is in the interest of public and it is of paramount important.

Under Section 35 (1) of The Court of Judicature Act 1964, the High Court has been conferred general supervisory powers and reversionary jurisdiction over all subordinate courts. When it appeals desirable, the High Court may call for the records of any proceeding in the subordinate courts whether civil or criminal at any stage of such proceeding and all proceeding will be state pending further order of the High Court.

The jurisdiction of the High Court must not be overlook as they hear majority of the appeal cases.

Question 2:

In 1995, Mr. Tan was granted a Rm150,000 housing loan facility by Bank Besar Bhd to finance the purchase of a house in Ipoh. The facility is secured by a charge over the land on which the house is build. Mr. Tan is now in area of four monthly instalments. Bank Besar Bhd wants to apply for order for sale of the land. Name and describe the court which is empowered to hear such an application.

Answer:

Subordinate courts in general have no power to hear matters related to land – Section 69 Subordinate Court Act 1948. The court having the jurisdiction to hear applications for orders for sale of land is the High Court (*Registered or Unregistered also falls under High Court). Here the High Court will be exercising its original jurisdiction and has the power to grant the order for sale.

Question 3:

Write notes on the Industrial Court.

Answer:

The Industrial Court exercise judicial or quasi judicial function. It is established to relief the ordinary court of their work to provide specialize adjudication. The Industrial Court is constituted under The Industrial Relations Act 1967 and deals with trade disputes.

It consists of the president appointed by YDPA and the panel of person appointed by the minister. Reference of law maybe made to the High Court. Published through the dispute may be represented by the lawyer but only with the concerned of the Industrial Court president.

*Credits goes to whongmun