cyber six: managing security in internet

+

Cyber-6Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.

Prof. Dr. Ir. Richardus Eko Indrajit MSc, MBA, MA/Msi, MPhil, ACPM, CWM, ICWM, CEHWebsite: http://eko-indrajit.info Email: [email protected] Chairman of ID-SIRTII and APTIKOM

+Knowledge Domain

+

Cyber Space

+Cyberspace.

A reality community between PHYSICAL WORLD and ABSTRACTION WORLD

1.4 billion of real human population (internet users)

Trillion US$ of potential commerce value

Billion business transactions per hour in 24/7 modeInternet is a VALUABLE thing

indeed.Risk is embedded within.

4

+Information Roles

Why information? It consists of important data and facts

(news, reports, statistics, transaction, logs, etc.)

It can create perception to the public (market, politics, image, marketing, etc.)

It represents valuable assets (money, documents, password, secret code, etc.)

It is a raw material of knowledge (strategy, plan, intelligence, etc.)

04/11/23The Brief Profile of ID-SIRTII

5

+What is Internet ?

A giant network of networks where people exchange information through various different digital-based ways:


6

Email Mailing List Website

Chatting Newsgroup Blogging

E-commerce E-marketingE-

government

“… what is the value of internet ???”

+

Cyber Threat

+Cyberthreat.

The trend has increased in an exponential rate mode

Motives are vary from recreational to criminal purposes

Can caused significant economic losses and political suffers

Difficult to mitigateThreats are there to stay.Can’t do so much about it.

web defacement information leakage phishing intrusion Dos/DDoS

SMTP relay virus infection hoax malware distribution botnet open proxy

root access theft sql injection trojan horse worms password cracking

spamming malicious software spoofing blended attack





8

+International Issues

What Does FBI Say About Companies: 91% have detected employee abuse 70% indicate the Internet as a frequent attack point 64% have suffered financial losses 40% have detected attacks from outside 36% have reported security incidents

Source: FBI Computer Crime and Security Survey 2001


9

+Underground Economy


10

+Growing Vulnerabilities


11

* Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003

** As of 2004, CERT/CC no longer tracks Security Incident statistics.

Incidents and Vulnerabilities Reported to CERT/CC

0

500

1000

1500

2000

2500

3000

3500

4000

4500

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

To

tal

Vu

lner

abil

itie

s

0

20,000

40,000

60,000

80,000

100,000

120,000

140,000

160,000

To

tal

Sec

uri

ty I

nci

den

ts

Vulnerabilities Security Incidents

“Through 2008, 90 percent of successful

hacker attackswill exploit well-known

software vulnerabilities.”

- Gartner*

+Potential Threats

Unstructured Threats Insiders Recreational Hackers Institutional Hackers

Structured Threats Organized Crime Industrial Espionage Hacktivists

National Security Threats Terrorists Intelligence Agencies Information Warriors


12

+

Cyber Attack

+Cyberattack.

Too many attacks have been performed within the cyberspace.

Most are triggered by the cases in the real world.

The eternal wars and battles have been in towns lately.

Estonia notorious case has opened the eyes of all people in the world.

Attack can occur anytime and anyplace without notice.

+Attacks Sophistication


20

High

Low

1980 1985 1990 1995 2005

IntruderKnowledge

AttackSophistication

Cross site scripting

password guessing

self-replicating code

password cracking

exploiting known vulnerabilities

disabling audits

back doors

hijacking sessions

sweepers

sniffers

packet spoofing

GUIautomated probes/scans

denial of service

www attacks

Tools“stealth” / advanced scanning

techniques

burglaries

network mgmt. diagnostics

distributedattack tools

Staged

AutoCoordinated

+Vulnerabilities Exploit Cycle


21

AdvancedIntrudersDiscover NewVulnerability

CrudeExploit

ToolsDistributed

Novice Intruders

Use CrudeExploit Tools

AutomatedScanning/ExploitTools Developed

Widespread Use of Automated Scanning/Exploit

Tools

Intruders Begin Using New Types of Exploits

Highest ExposureTime

# OfIncidents

+

Cyber Security

+Cybersecurity.

Education, value, and ethics are the best defense

approaches.

Lead by ITU for international domain, while some standards are introduced by different institution (ISO, ITGI, ISACA, etc.)

“Your security is my security” – individual behavior counts while various collaborations are needed

23

+Risk Management Aspect


24

Risk

VulnerabilitiesThreats

Controls

Security Requirements

Asset Values

Assets

Protectagainst

Exploit

Reduce

Increase

Indica

t

e

Incr

ea

se Expose

Have

DecreaseMetby

Impact on Organisation

+Strategies for Protection


25

Protecting InformationProtecting Information

Protecting InfrastructureProtecting Infrastructure

Protecting InteractionsProtecting Interactions

+Mandatory Requirements

• “Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. These systems are so vital, that their incapacity or destruction would have a debilitating impact on the defense or economic security of the nation.”

• Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and Wastewater Treatment Systems, Emergency Services, Energy, Information Technology, Postal & Shipping, Public Health & Healthcare, Telecommunications, Transportation Systems


26

+Information Security Disciplines

• Physical security

• Procedural security

• Personnel security

• Compromising emanations security

• Operating system security

• Communications security

a failure in any of these areas can undermine the security of a system


27

+Best Practice Standard


28

BS7799/ISO17799

AccessControls

Asset Classification

Controls

Information Security Policy

Security Organisation

PersonnelSecurity

PhysicalSecurity Communication

& Operations Mgmt

System Development &

Maint.

Bus. ContinuityPlanning

Compliance

InformationInformation

IntegrityIntegrity ConfidentialityConfidentiality

AvailabilityAvailability

11

22

33

44

55

66

77

88

99

1010

+

Cyber Crime

+Cybercrime.

Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION

Virtually involving inter national boundaries and multi resources

Intentionally targeting to fulfill special objective(s)

Convergence in nature with intelligence efforts.

Crime has intentional objectives.Stay away from the bull’s eye.

30

+The Crime Scenes


31

IT as a Tool

IT as a Storage Device IT as a Target

+Type of Attacks


32

+Malicious Activities


33

+Motives of Activities

1. Thrill Seekers

2. Organized Crime

3. Terrorist Groups

4. Nation-States


34

+

Cyber LawCyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.

+Cyberlaw.

Difficult to keep updated as technology trend moves

Different stories between the rules and enforcement efforts

Require various infrastructure, superstructure, and resources

Can be easily “out-tracked” by law practitioners

Cyberlaw is here to protect you.At least playing role in mitigation.

36

+The Crime Scenes


37

IT as a Tool

IT as a Storage Device IT as a Target

+First Cyber Law in Indonesia.

38

Range of penalty:

• Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)

• 6 to 12 years in prison (jail)

starting from

25 March 2008

Picture: Indonesia Parliament in Session

+Main Challenge.

39

ILLEGAL“… the distribution ofillegal materials within the internet …”

ILLEGAL“… the existence ofsource with illegalmaterials that can beaccessed throughthe internet …”

+

ID-SIRTIIIndonesia Security Incident Response Team on Internet Infrastructure

+ID-SIRTII Mission and Objectives.

“To expedite the economic growth of the country through providingthe society with secure internet environment within the nation”

“To expedite the economic growth of the country through providingthe society with secure internet environment within the nation”

1. Monitoring internet traffic for incident handling purposes.

2. Managing log files to support law enforcement.

3. Educating public for security awareness.

4. Assisting institutions in managing security.

5. Providing training to constituency and stakeholders.

6. Running laboratory for simulation practices.

7. Establishing external and international collaborations.

41

+Constituents and Stakeholders.

42

ID-SIRTII

ISPs

NAPs

IXs

LawEnforcement

NationalSecurity

Communities

InternationalCSIRTs/CERTs

Co

rpo

rate

Use

rs

Individual

Users

Law

yers and

Leg

al Practitio

ners

PolicesProsecutorsJudges

FIRST and

APCERT

Co

un

try’sC

SIR

Ts/C

ER

Ts

ICT RelatedAssociationsaand Vendors

Oth

er C

SIR

Ts

and

CE

RT

s

Governmentof Indonesia

sponsor

+Coordination Structure.

43

ID-SIRTII (CC)as National CSIRT

Sector CERT Internal CERT Vendor CERT Commercial CERT

Bank CERT

Airport CERT

University CERT

GOV CERT

Military CERT

SOE CERT

SME CERT

Telkom CERT

BI CERT

Police CERT

KPK CERT

Lippo CERT

KPU CERT

Pertamina CERT

Hospital CERT UGM CERT

Cisco CERT

Microsoft CERT

Oracle CERT

SUN CERT

IBM CERT

SAP CERT

Yahoo CERT

Google CERT

A CERT

B CERT

C CERT

D CERT

E CERT

F CERT

G CERT

H CERT

Other CERTs Other CERTs Other CERTs Other CERTs

+Major Tasks.

44

INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS

Reactive Services Proactive Services Security Quality Management Services

1. Monitoring traffic Alerts and Warnings Announcements

Technology Watch

Intrusion Detection Services

x

2. Managing log files Artifact Handling x x

3. Educating public x x Awareness Building

4. Assisting institutions Security-Related

Information

Dissemnination

Vulnerability Handling

Intrusion Detection Services

Security Audit and Assessment

Configuration and Maintenenace of Security Tools, Applications,

and Infrastructure

Security Consulting

5. Provide training x X Education Training

6. Running laboratory x x Risk Analysis

BCP and DRP

7. Establish collaborations Incident Handling x Product Evaluation

+Incidents Definition and Samples.

45









“one or more intrusion events that you suspect are involved in a possible violation of your security policies”

“an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel”

“any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat”

“an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the

environment.”

+Priorities on Handling Incidents.

46

TYPE OF INCIDENT AND ITS PRIORITY

Public Safety and National Defense

(Very Priority)

Economic Welfare

(High Priority)

Political Matters

(Medium Priority)

Social and Culture Threats

(Low Priority)

1. Interception Many to One One to Many Many to Many Automated Tool (KM-Based Website)

2. Interruption Many to One One to Many Many to Many Automated Tool (KM-Based Website)

3. Modification Many to One One to Many Many to Many Automated Tool (KM-Based Website)

4. Fabrication Many to One One to Many Many to Many Automated Tool (KM-Based Website)

+Core Chain of Processes.

47

Response andHandle Incidents

Establish External and International Collaborations

Run Laboratory for Simulation Practices

Provide Training to Constituency and Stakeholders

Assist Institutions in Managing Security

Educate Public for Security Awareness

Report onIncidentHandling

ManagementProcess and

ResearchVital

Statistics

Supporting Activities

Core Process

+Legal Framework.

48

Undang-Undang No.36/1999regarding National Telecommunication Industry

Peraturan Pemerintah No.52/2000regarding Telecommunication Practices

Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006regarding Security on IP-Based Telecommunication Network Management

Peraturan Menteri No.26/PER/M.KOMINFO/2007regarding Indonesian Security Incident Response Team on Internet Infrastructure

New Cyberlaw on Informationand Electronic Transaction

+Holistic Framework.

49

SECURE INTERNETINFRASTRUCTURE

ENVIRONMENT

SECURE INTERNETINFRASTRUCTURE

ENVIRONMENT

PeoplePeople ProcessProcess TechnologyTechnology

Log FileManagement

System

TrafficMonitoring

System

IncidentIndicationAnalysis

IncidentResponse.

Management

AdvisoryBoard

ExecutiveBoard

MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELDMONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD

STAKEHOLDERS COLLABORATION AND SUPPORTSTAKEHOLDERS COLLABORATION AND SUPPORT

NATIONAL REGULATION AND GOVERNANCENATIONAL REGULATION AND GOVERNANCE

STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENTSTRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT

+Challenges to ID-SIRTII Activities. Prevention

“Securing” internet-based transactions Reducing the possibilities of successful attacks Working together with ISP to inhibit the distribution of illegal

materials

Reaction Preserving digital evidence for law enforcement purposes Providing technical advisory for further mitigation process

Quality Management Increasing public awareness level Ensuring security level in critical infrastructure institutions

50

+Work Philosophy.

Why does a car have BRAKES ???

The car have BRAKES so that it can go FAST … !!!

Why should we have regulation?Why should we establish institution?Why should we collaborate with others?Why should we agree upon mechanism?Why should we develop procedures? Why should we have standard?Why should we protect our safety?Why should we manage risks?Why should we form response team?

+

Welcome to the New World.

Congratulation!Richardus Eko Indrajit [email protected]

Chairman of ID-SIRTII and APTIKOM