7 - Cyber Six

+

Cyber-6 Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.

Prof. Dr. Ir. Richardus Eko Indrajit MSc, MBA, MA/Msi, MPhil, ACPM, CWM, ICWM, CEH Website: http://eko-indrajit.info Email: [email protected] Chairman of ID-SIRTII and APTIKOM

+Knowledge Domain

Cyber Space

Cyber Threat

Cyber Attack

Cyber Security

Cyber Crime

Cyber Law

+

Cyber Space

+Cyberspace.

n  A reality community between PHYSICAL WORLD and ABSTRACTION WORLD

n  1.4 billion of real human population (internet users)

n  Trillion US$ of potential commerce value

n  Billion business transactions per hour in 24/7 mode

Internet is a VALUABLE thing indeed. Risk is embedded within.

4

+Information Roles

n Why information? n It consists of important data and facts (news,

reports, statistics, transaction, logs, etc.) n It can create perception to the public (market,

politics, image, marketing, etc.) n It represents valuable assets (money, documents,

password, secret code, etc.) n It is a raw material of knowledge (strategy, plan,

intelligence, etc.)

1/25/14 The Brief Profile of ID-SIRTII

5

+What is Internet ?

n A giant network of networks where people exchange information through various different digital-based ways:


6

Email Mailing List Website

Chatting Newsgroup Blogging

E-commerce E-marketing E-government

““… what is the value of internet ???””

+

Cyber Threat

+Cyberthreat.

n  The trend has increased in an exponential rate mode

n  Motives are vary from recreational to criminal purposes

n  Can caused significant economic losses and political suffers

n  Difficult to mitigate

Threats are there to stay. Can’t do so much about it.

web defacement information leakage phishing intrusion Dos/DDoS

SMTP relay virus infection hoax malware distribution botnet open proxy

root access theft sql injection trojan horse worms password cracking

spamming malicious software spoofing blended attack

8

+International Issues

n What Does FBI Say About Companies: n  91% have detected employee abuse

n  70% indicate the Internet as a frequent attack point

n  64% have suffered financial losses

n  40% have detected attacks from outside

n  36% have reported security incidents

Source: FBI Computer Crime and Security Survey 2001


9

+Underground Economy


10

+Growing Vulnerabilities


11

* Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003

** As of 2004, CERT/CC no longer tracks Security Incident statistics.

Incidents and Vulnerabilities Reported to CERT/CC

0500

10001500200025003000350040004500

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

Tota

l Vul

nera

bilit

ies

0

20,000

40,000

60,000

80,000

100,000

120,000

140,000

160,000

Tota

l Sec

urity

Inci

dent

s

Vulnerabilities Security Incidents

““Through 2008, 90 percent of successful hacker attacks will exploit well-known

software vulnerabilities.”” - Gartner*

+Potential Threats

Unstructured Threats w  Insiders w  Recreational Hackers w  Institutional Hackers

Structured Threats w  Organized Crime w  Industrial Espionage w  Hacktivists

National Security Threats w  Terrorists w  Intelligence Agencies w  Information Warriors


12

+

Cyber Attack

+Cyberattack.

n  Too many attacks have been performed within the cyberspace.

n  Most are triggered by the cases in the real world.

n  The eternal wars and battles have been in towns lately.

n  Estonia notorious case has opened the eyes of all people in the world.

Attack can occur anytime and anyplace without notice.

+Attacks Sophistication


20

High

Low

1980 1985 1990 1995 2005

Intruder Knowledge

Attack Sophistication

Cross site scripting

password guessing

self-replicating code

password cracking

exploiting known vulnerabilities

disabling audits

back doors

hijacking sessions

sweepers

sniffers

packet spoofing

GUI automated probes/scans

denial of service

www attacks

Tools ““stealth”” / advanced scanning techniques

burglaries

network mgmt. diagnostics

distributed attack tools

Staged

Auto Coordinated

+Vulnerabilities Exploit Cycle


21

Advanced Intruders Discover New Vulnerability

Crude Exploit Tools

Distributed

Novice Intruders Use Crude

Exploit Tools

Automated Scanning/Exploit Tools Developed

Widespread Use of Automated Scanning/Exploit Tools

Intruders Begin Using New Types of Exploits

Highest Exposure Time

# Of Incidents

+

Cyber Security

+Cybersecurity.

Education, value, and ethics are the best defense approaches.

n  Lead by ITU for international domain, while some standards are introduced by different institution (ISO, ITGI, ISACA, etc.)

n  “Your security is my security” – individual behavior counts while various collaborations are needed

23

+Risk Management Aspect


24

Risk

Vulnerabilities Threats

Controls

Security Requirements

Asset Values

Assets

Protect against

Exploit

Reduce

Expose

Have Met by

Impact on Organisation

+Strategies for Protection


25

Protecting Information

Protecting Infrastructure

Protecting Interactions

+Mandatory Requirements

  “Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. These systems are so vital, that their incapacity or destruction would have a debilitating impact on the defense or economic security of the nation.”

  Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and Wastewater Treatment Systems, Emergency Services, Energy, Information Technology, Postal & Shipping, Public Health & Healthcare, Telecommunications, Transportation Systems


26

+Information Security Disciplines

  Physical security

  Procedural security

  Personnel security

  Compromising emanations security

  Operating system security

  Communications security

a failure in any of these areas can undermine the security of a system


27

+Best Practice Standard


28

BS7799/ISO17799

Access Controls

Asset Classification

Controls

Information Security Policy

Security Organisation

Personnel Security

Physical Security Communication

& Operations Mgmt

System Development &

Maint.

Bus. Continuity Planning

Compliance

Information

Integrity Confidentiality

Availability

1

2

3

4

5

6

7

8

9

10

+

Cyber Crime

+Cybercrime.

n  Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION

n  Virtually involving inter national boundaries and multi resources

n  Intentionally targeting to fulfill special objective(s)

n  Convergence in nature with intelligence efforts.

Crime has intentional objectives. Stay away from the bull’s eye.

30

+The Crime Scenes


31

IT as a Tool

IT as a Storage Device IT as a Target

+Type of Attacks


32

+Malicious Activities


33

+Motives of Activities

1.  Thrill Seekers

2.  Organized Crime

3.  Terrorist Groups

4.  Nation-States


34

+

Cyber Law Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.

+Cyberlaw.

n  Difficult to keep updated as technology trend moves

n  Different stories between the rules and enforcement efforts

n  Require various infrastructure, superstructure, and resources

n  Can be easily “out-tracked” by law practitioners

Cyberlaw is here to protect you. At least playing role in mitigation.

36

+The Crime Scenes


37

IT as a Tool

IT as a Storage Device IT as a Target

+First Cyber Law in Indonesia.

38

Range of penalty:   Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)   6 to 12 years in prison (jail)

starting from 25 March 2008

Picture: Indonesia Parliament in Session

+Main Challenge.

39

ILLEGAL “… the distribution of illegal materials within the internet …”

ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”

+

ID-SIRTII Indonesia Security Incident Response Team on Internet Infrastructure

+ID-SIRTII Mission and Objectives.

““To expedite the economic growth of the country through providing the society with secure internet environment within the nation””

1. Monitoring internet traffic for incident handling purposes.

2. Managing log files to support law enforcement.

3. Educating public for security awareness.

4. Assisting institutions in managing security.

5. Providing training to constituency and stakeholders.

6. Running laboratory for simulation practices.

7. Establishing external and international collaborations.

41

+Constituents and Stakeholders.

42

ID-SIRTII

ISPs

NAPs

IXs

Law Enforcement

National Security

Communities

International CSIRTs/CERTs

Government of Indonesia

sponsor

+Coordination Structure.

43

ID-SIRTII (CC) as National CSIRT

Sector CERT Internal CERT Vendor CERT Commercial CERT

Bank CERT

Airport CERT

University CERT

GOV CERT

Military CERT

SOE CERT

SME CERT

Telkom CERT

BI CERT

Police CERT

KPK CERT

Lippo CERT

KPU CERT

Pertamina CERT

Hospital CERT UGM CERT

Cisco CERT

Microsoft CERT

Oracle CERT

SUN CERT

IBM CERT

SAP CERT

Yahoo CERT

Google CERT

A CERT

B CERT

C CERT

D CERT

E CERT

F CERT

G CERT

H CERT

Other CERTs Other CERTs Other CERTs Other CERTs

+Major Tasks.

44

INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS

Reactive Services Proactive Services Security Quality Management Services

1. Monitoring traffic Alerts and Warnings Announcements Technology Watch

Intrusion Detection Services

x

2. Managing log files Artifact Handling x x

3. Educating public x x Awareness Building

4. Assisting institutions Security-Related Information

Dissemnination Vulnerability Handling

Intrusion Detection Services

Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications,

and Infrastructure

Security Consulting

5. Provide training x X Education Training

6. Running laboratory x x Risk Analysis BCP and DRP

7. Establish collaborations Incident Handling x Product Evaluation

+Incidents Definition and Samples.

45

web defacement information leakage phishing intrusion Dos/DDoS

SMTP relay virus infection hoax malware distribution botnet open proxy

root access theft sql injection trojan horse worms password cracking

spamming malicious software spoofing blended attack

““one or more intrusion events that you suspect are involved in a possible violation of your security policies””

““an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel””

““any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat””

““an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the

environment.””

+Priorities on Handling Incidents.

46

TYPE OF INCIDENT AND ITS PRIORITY

Public Safety and National Defense

(Very Priority)

Economic Welfare

(High Priority)

Political Matters

(Medium Priority)

Social and Culture Threats

(Low Priority)

1. Interception

Many to One

One to Many

Many to Many

Automated Tool (KM-Based Website)

2. Interruption

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

3. Modification

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

4. Fabrication

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

+Core Chain of Processes.

47

Monitor Internet Traffic

Manage Log Files

Response and Handle Incidents

Establish External and International Collaborations

Run Laboratory for Simulation Practices

Provide Training to Constituency and Stakeholders

Assist Institutions in Managing Security

Educate Public for Security Awareness

Deliver Required Log Files

Analyse Incidents

Report on Incident Handling

Management Process and

Research Vital

Statistics

Supporting Activities

Core Process

+Legal Framework.

48

Undang-Undang No.36/1999 regarding National Telecommunication Industry

Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices

Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management

Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure

New Cyberlaw on Information and Electronic Transaction

+Holistic Framework.

49

SECURE INTERNET INFRASTRUCTURE

ENVIRONMENT

People

Process

Technology

Log File Management

System

Traffic Monitoring

System

Incident Indication Analysis

Incident Response.

Management

Advisory Board

Executive Board

MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD

STAKEHOLDERS COLLABORATION AND SUPPORT

NATIONAL REGULATION AND GOVERNANCE

STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT

+Challenges to ID-SIRTII Activities.

n  Prevention n  “Securing” internet-based transactions n  Reducing the possibilities of successful attacks n  Working together with ISP to inhibit the distribution of illegal

materials

n  Reaction n  Preserving digital evidence for law enforcement purposes n  Providing technical advisory for further mitigation process

n  Quality Management n  Increasing public awareness level n  Ensuring security level in critical infrastructure institutions

50

+Work Philosophy.

Why does a car have BRAKES ??? The car have BRAKES so that it can go FAST … !!!

Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?

+

Welcome to the New World.

Congratulation!

Richardus Eko Indrajit [email protected]

Chairman of ID-SIRTII and APTIKOM

7 - Cyber Six

Internet

Transcript of 7 - Cyber Six