cyber security : indian perspective
DESCRIPTION
Cyber Security : Indian perspective. Internet Infrastructure in INDIA. 2. 2. Innovation fostering the Growth of NGNs. Smart devices Television Computers PDA Mobile Phone ( Single device to provide an end-to-end, seamlessly secure access) Application Simplicity - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/1.jpg)
Cyber Security : Indian perspective
![Page 2: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/2.jpg)
22
Internet Infrastructure in INDIA
![Page 3: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/3.jpg)
Innovation fostering the Growth of NGNs
• Smart devices– Television– Computers– PDA– Mobile Phone
(Single device to provide an end-to-end, seamlessly secure access)
• Application Simplicity– Preference of single, simple and secure interface to access
applications or content – Ubiquitous interface - web browser
• Flexible Infrastructure
Because of these areas of evolution, today’s NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.
![Page 4: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/4.jpg)
The Emergence of NGNs• The communication network operating two years ago
are father’s telecommunication Network.
• NGNs are teenager’s Network.
• No longer consumer and business accept the limitation of single-use device or network.
• Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere.
• The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.
![Page 5: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/5.jpg)
Challenges for Network Operator
• Business challenges include new Pricing Structure, new relationship and new competitors.
• Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support.
• Developing a comprehensive Security Policy and architecture in support of NGN services.
![Page 6: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/6.jpg)
NGN ArchitectureIdentify Layer
Compromises of end users owned by a telecom or a third-party service provider accessing services using devices like PC, PDA or mobile phone, to connect to the Internet
Service Layer
Hosts service applications and provides a framework for the creation of customer-focused services provided by either operator or a third-party service provider
Network Layer
Performs service execution, service management, network management and media control functions
Connects with the backbone network
InternetThird-PartyApplication
Untrusted
Web Tier
Service Provider Application
Service Delivery Platform (Service
Provider )
Service Delivery Platform
Common Framework
Backbone Network
Partly Trusted
![Page 7: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/7.jpg)
Cyber Threat Evolution
Virus
Breaking Web Sites
Malicious Code
(Melissa)
Advanced Worm / Trojan (I LOVE
YOU)
Identity Theft (Phishing)
Organised CrimeData Theft, DoS /
DDoS
1995 2000 2003-04 2005-06 2007-081977
![Page 8: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/8.jpg)
Cyber attacks being observed
• Web defacement• Spam• Spoofing• Proxy Scan• Denial of Service• Distributed Denial of Service• Malicious Codes
– Virus– Bots
• Data Theft and Data Manipulation– Identity Theft– Financial Frauds
• Social engineering Scams
![Page 9: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/9.jpg)
9
Security Incidents reported during 2008
![Page 10: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/10.jpg)
Global Attack Trend
Source: Websense
![Page 11: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/11.jpg)
11
Top originating countries – Malicious code
![Page 12: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/12.jpg)
12
Three faces of cyber crime
• Organised Crime
• Terrorist Groups
• Nation States
![Page 13: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/13.jpg)
Security of Information Assets
• Security of information & information assets is becoming a
major area of concern
• With every new application, newer vulnerabilities crop up,
posing immense challenges to those who are mandated to
protect the IT assets
• Coupled with this host of legal requirements and
international business compliance requirements on data
protection and privacy place a huge demand on
IT/ITES/BPO service organizations
• We need to generate ‘Trust & Confidence’
![Page 14: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/14.jpg)
Challenges before the Industry
![Page 15: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/15.jpg)
Model Followed Internationally
• Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism.
• For example, in USA Legal drivers have been– SOX– HIPPA– GLBA– FISMA etc.
• In Europe, the legal driver has been the “Data Protection Act” supported by ISO27001 ISMS.
![Page 16: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/16.jpg)
16
Confidentiality
INFORMATION SECURITY
Integrity Availability
Authenticity
Security PolicyPeople
Process
Technology
Regulatory Compliance
Access ControlSecurity Audit
User Awareness Program
Incident Response
Firewall, IPS/IDSEncryption, PKI
Antivirus
Information Security Management
![Page 17: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/17.jpg)
Status of security and quality compliance in India
• Quality and Security– Large number of companies in India have aligned their
internal process and practices to international standards such as
• ISO 9000• CMM• Six Sigma • Total Quality Management
– Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.
![Page 18: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/18.jpg)
ISO 27001/BS7799 Information Security Management
• Government has mandated implementation of ISO27001 ISMS by all critical sectors
• ISMS 27001 has mainly three components– Technology – Process– Incident reporting and monitoring
• 296 certificates issued in India out of 7735 certificates issued worldwide
• Majority of certificates issued in India belong to IT/ITES/BPO sector
![Page 19: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/19.jpg)
Information Technology – Security Techniques Information Security Management System
World China Italy Japan Spain India USAISO 9000 951486 210773 115309 73176 65112 46091 36192
(175 counties)
27001 7732 146 148 276 93 296 94
![Page 20: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/20.jpg)
![Page 21: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/21.jpg)
Distributed Honeypot Deployment
![Page 22: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/22.jpg)
PC & End User Security: Auto Security Patch Update
Windows Security Patch Auto Update
`
`
`
No. of Download ActiveX: 18 Million
Internet
Microsoft Download Ctr.
ActiveX DL Server
Sec. Patch ActiveX Site
![Page 23: Cyber Security : Indian perspective](https://reader036.vdocuments.us/reader036/viewer/2022062423/56814900550346895db62c52/html5/thumbnails/23.jpg)
Incident Response Help Desk
PC & End User Security
Internet
PSTN
• Make a call using 1800 – 11 - 4949• Send fax using 1800 – 11 - 6969• Communicate through email at [email protected]• Number of security incidents handled during 2008 (till Oct): 1425• Vulnerability Assessment Service