Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany
24
Analysis of the BotNet Ecosystem Possible impact on Mobile Network Operators (MNO) and a proposal for Communication Service Provider (CSP) to address the security threat CTTE 2011 · 16-18 May, 2011, Berlin, Germany Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany Bernhard Kurz Nokia Siemens Networks GmbH & Co. KG Munich Germany Speaker: 101064551 林林林
description
Analysis of the BotNet Ecosystem Possible impact on Mobile Network Operators (MNO) and a proposal for Communication Service Provider (CSP) to address the security threat CTTE 2011 · 16-18 May, 2011, Berlin, Germany. Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany. - PowerPoint PPT Presentation
Transcript of Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany
Analysis of the BotNet EcosystemPossible impact on Mobile Network Operators (MNO) and a proposal for Communication Service Provider (CSP) to address the security threat
CTTE 2011 · 16-18 May, 2011, Berlin, Germany
Jan KokNokia Siemens Networks GmbH & Co. KG Munich
Germany
Bernhard KurzNokia Siemens Networks GmbH &
Co. KG Munich Germany
Speaker: 101064551 林大慶
/242
Outline•Botnet 原理與潛在威脅。•Botnet 的利益關係與影響。•Solution 的架構。
/243
Botnet 原理以及潛在的威脅 Principles of a Botnet Botnet Statistics How to create and maintain a Botnet
/244
Botnet 原理以及潛在的威脅•Principles of a Botnet
/245
Botnet 原理以及潛在的威脅•Botnet Statistics
/246
Botnet 原理以及潛在的威脅•Botnet Statistics
/247
Botnet 原理以及潛在的威脅•How to create and maintain a Botnet
• Toolkit-Zeus• Dec. 2009, USD 700
/248
Botnet 的利益關係與影響•A. Botnet Ecosystem•B. Why is a MNO more affected than a
FNO?•C. Trends about Mobile Malware•D. Predicting the Market Window•E. Financial Impact•F. Loss of Integrity•G. Loss of Profit due to increased Claims
/249
Botnet 的利益關係與影響•A. Botnet EcosystemPicture 4: Botnet Ecosystem - Roles, Interaction and
Money FlowSource: Nokia Siemens Networks
/2410
Botnet 的利益關係與影響•B. Why is a MNO more affected than a
FNO?▫SIM 存有用戶特定的資料▫App 會存取用戶特定的資料,如社交網路▫利用行動裝置可以取得用戶的位置 information▫ 使用者不認為自己有責任保護自己的行動裝置▫行動裝置有多個接面與外界連接▫能用的頻譜有限, MNO 要更嚴格管理他的流量
/2411
Botnet 的利益關係與影響•C. Trends about Mobile Malware
/2412
Botnet 的利益關係與影響•D. Predicting the Market Window
/2413
Botnet 的利益關係與影響•E. Financial Impact
▫用戶提出索賠,營業利潤減少▫用戶流失,收益減少▫(A MNO in Germany with an installed base
of 39 million subscribers and an annual revenue of EUR 8 billion in 2009)
▫Network performance 三指標 Loss of Integrity Loss of Availability (x) Loss of Stability (x)
/2414
Botnet 的利益關係與影響•F. Loss of Integrity
▫用戶對 MNO 的保密失去信心 預測 2012 年會增加 0.5% 的客戶流失率 損失 EUR 74 million ( 不包括損失信譽或是其他用戶失去信心 )
/2415
Botnet 的利益關係與影響•G. Loss of Profit due to increased Claims
▫用戶資料遭到濫用 Passwords, credit card credentials EUR 33 million/4years
The potential losses are estimated to be the range of EUR 100 million over a period of four years(2012 till 2015)
/2416
Solution 的架構
/2417
Solution 的架構•Analysis
▫honeypot▫multiple information source▫knowledge
addresses, used communication protocols the structure of the serves that control the
Bot characteristics that can be used to detect
malware suggestions for the disinfection of victims
/2418
Solution 的架構•Detection
▫monitor the traffic packet inspection the evaluation of traffic attributes
/2419
Solution 的架構•Mitigation
▫鑑定受感染的裝置和客戶▫通知用戶▫提供掃毒的資訊▫自動開啟掃毒工具▫將收集來的資訊分享給第三方
/2420
Solution 的架構•Prevention
▫隔離使用者 封鎖 IP addresses, domains or protocols 抑制它與 C&C serve 溝通 防止其他裝置再被感染 監控
/2421
Solution 的架構•Anti-Botnet Operation Center
▫負責協調各個模組間的功能,亦能成為第三方的接口,如:與外部專家或其他營運商交換資料
/2422
Solution 的架構
/2423
Solution 的架構•整合在 4G 網路中•其他方法
▫Serving GPRS Support Node (SGSN)▫Gateway GPRS Support Node (GGSN)▫SMS Service Centre (SMS-SC)
/2424
Conclusion
