cyber six: managing security in internet
DESCRIPTION
Holistic view to educate people on how to secure internet from information abused - this is a presentation that is specially designed for ESDM Ministry conference in BaliTRANSCRIPT
+
Cyber-6Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.
Prof. Dr. Ir. Richardus Eko Indrajit MSc, MBA, MA/Msi, MPhil, ACPM, CWM, ICWM, CEHWebsite: http://eko-indrajit.info Email: [email protected] Chairman of ID-SIRTII and APTIKOM
+Knowledge Domain
+
Cyber Space
+Cyberspace.
A reality community between PHYSICAL WORLD and ABSTRACTION WORLD
1.4 billion of real human population (internet users)
Trillion US$ of potential commerce value
Billion business transactions per hour in 24/7 modeInternet is a VALUABLE thing
indeed.Risk is embedded within.
4
+Information Roles
Why information? It consists of important data and facts
(news, reports, statistics, transaction, logs, etc.)
It can create perception to the public (market, politics, image, marketing, etc.)
It represents valuable assets (money, documents, password, secret code, etc.)
It is a raw material of knowledge (strategy, plan, intelligence, etc.)
04/11/23The Brief Profile of ID-SIRTII
5
+What is Internet ?
A giant network of networks where people exchange information through various different digital-based ways:
04/11/23The Brief Profile of ID-SIRTII
6
Email Mailing List Website
Chatting Newsgroup Blogging
E-commerce E-marketingE-
government
“… what is the value of internet ???”
+
Cyber Threat
+Cyberthreat.
The trend has increased in an exponential rate mode
Motives are vary from recreational to criminal purposes
Can caused significant economic losses and political suffers
Difficult to mitigateThreats are there to stay.Can’t do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
8
+International Issues
What Does FBI Say About Companies: 91% have detected employee abuse 70% indicate the Internet as a frequent attack point 64% have suffered financial losses 40% have detected attacks from outside 36% have reported security incidents
Source: FBI Computer Crime and Security Survey 2001
04/11/23The Brief Profile of ID-SIRTII
9
+Underground Economy
04/11/23The Brief Profile of ID-SIRTII
10
+Growing Vulnerabilities
04/11/23The Brief Profile of ID-SIRTII
11
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident statistics.
Incidents and Vulnerabilities Reported to CERT/CC
0
500
1000
1500
2000
2500
3000
3500
4000
4500
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
To
tal
Vu
lner
abil
itie
s
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
To
tal
Sec
uri
ty I
nci
den
ts
Vulnerabilities Security Incidents
“Through 2008, 90 percent of successful
hacker attackswill exploit well-known
software vulnerabilities.”
- Gartner*
+Potential Threats
Unstructured Threats Insiders Recreational Hackers Institutional Hackers
Structured Threats Organized Crime Industrial Espionage Hacktivists
National Security Threats Terrorists Intelligence Agencies Information Warriors
04/11/23The Brief Profile of ID-SIRTII
12
+
Cyber Attack
+Cyberattack.
Too many attacks have been performed within the cyberspace.
Most are triggered by the cases in the real world.
The eternal wars and battles have been in towns lately.
Estonia notorious case has opened the eyes of all people in the world.
Attack can occur anytime and anyplace without notice.
+
+
+
+
+
+Attacks Sophistication
04/11/23The Brief Profile of ID-SIRTII
20
High
Low
1980 1985 1990 1995 2005
IntruderKnowledge
AttackSophistication
Cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
sweepers
sniffers
packet spoofing
GUIautomated probes/scans
denial of service
www attacks
Tools“stealth” / advanced scanning
techniques
burglaries
network mgmt. diagnostics
distributedattack tools
Staged
AutoCoordinated
+Vulnerabilities Exploit Cycle
04/11/23The Brief Profile of ID-SIRTII
21
AdvancedIntrudersDiscover NewVulnerability
CrudeExploit
ToolsDistributed
Novice Intruders
Use CrudeExploit Tools
AutomatedScanning/ExploitTools Developed
Widespread Use of Automated Scanning/Exploit
Tools
Intruders Begin Using New Types of Exploits
Highest ExposureTime
# OfIncidents
+
Cyber Security
+Cybersecurity.
Education, value, and ethics are the best defense
approaches.
Lead by ITU for international domain, while some standards are introduced by different institution (ISO, ITGI, ISACA, etc.)
“Your security is my security” – individual behavior counts while various collaborations are needed
23
+Risk Management Aspect
04/11/23The Brief Profile of ID-SIRTII
24
Risk
VulnerabilitiesThreats
Controls
Security Requirements
Asset Values
Assets
Protectagainst
Exploit
Reduce
Increase
Indica
t
e
Incr
ea
se Expose
Have
DecreaseMetby
Impact on Organisation
+Strategies for Protection
04/11/23The Brief Profile of ID-SIRTII
25
Protecting InformationProtecting Information
Protecting InfrastructureProtecting Infrastructure
Protecting InteractionsProtecting Interactions
+Mandatory Requirements
• “Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. These systems are so vital, that their incapacity or destruction would have a debilitating impact on the defense or economic security of the nation.”
• Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and Wastewater Treatment Systems, Emergency Services, Energy, Information Technology, Postal & Shipping, Public Health & Healthcare, Telecommunications, Transportation Systems
04/11/23The Brief Profile of ID-SIRTII
26
+Information Security Disciplines
• Physical security
• Procedural security
• Personnel security
• Compromising emanations security
• Operating system security
• Communications security
a failure in any of these areas can undermine the security of a system
04/11/23The Brief Profile of ID-SIRTII
27
+Best Practice Standard
04/11/23The Brief Profile of ID-SIRTII
28
BS7799/ISO17799
AccessControls
Asset Classification
Controls
Information Security Policy
Security Organisation
PersonnelSecurity
PhysicalSecurity Communication
& Operations Mgmt
System Development &
Maint.
Bus. ContinuityPlanning
Compliance
InformationInformation
IntegrityIntegrity ConfidentialityConfidentiality
AvailabilityAvailability
11
22
33
44
55
66
77
88
99
1010
+
Cyber Crime
+Cybercrime.
Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION
Virtually involving inter national boundaries and multi resources
Intentionally targeting to fulfill special objective(s)
Convergence in nature with intelligence efforts.
Crime has intentional objectives.Stay away from the bull’s eye.
30
+The Crime Scenes
04/11/23The Brief Profile of ID-SIRTII
31
IT as a Tool
IT as a Storage Device IT as a Target
+Type of Attacks
04/11/23The Brief Profile of ID-SIRTII
32
+Malicious Activities
04/11/23The Brief Profile of ID-SIRTII
33
+Motives of Activities
1. Thrill Seekers
2. Organized Crime
3. Terrorist Groups
4. Nation-States
04/11/23The Brief Profile of ID-SIRTII
34
+
Cyber LawCyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.
+Cyberlaw.
Difficult to keep updated as technology trend moves
Different stories between the rules and enforcement efforts
Require various infrastructure, superstructure, and resources
Can be easily “out-tracked” by law practitioners
Cyberlaw is here to protect you.At least playing role in mitigation.
36
+The Crime Scenes
04/11/23The Brief Profile of ID-SIRTII
37
IT as a Tool
IT as a Storage Device IT as a Target
+First Cyber Law in Indonesia.
38
Range of penalty:
• Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
• 6 to 12 years in prison (jail)
starting from
25 March 2008
Picture: Indonesia Parliament in Session
+Main Challenge.
39
ILLEGAL“… the distribution ofillegal materials within the internet …”
ILLEGAL“… the existence ofsource with illegalmaterials that can beaccessed throughthe internet …”
+
ID-SIRTIIIndonesia Security Incident Response Team on Internet Infrastructure
+ID-SIRTII Mission and Objectives.
“To expedite the economic growth of the country through providingthe society with secure internet environment within the nation”
“To expedite the economic growth of the country through providingthe society with secure internet environment within the nation”
1. Monitoring internet traffic for incident handling purposes.
2. Managing log files to support law enforcement.
3. Educating public for security awareness.
4. Assisting institutions in managing security.
5. Providing training to constituency and stakeholders.
6. Running laboratory for simulation practices.
7. Establishing external and international collaborations.
41
+Constituents and Stakeholders.
42
ID-SIRTII
ISPs
NAPs
IXs
LawEnforcement
NationalSecurity
Communities
InternationalCSIRTs/CERTs
Co
rpo
rate
Use
rs
Individual
Users
Law
yers and
Leg
al Practitio
ners
PolicesProsecutorsJudges
FIRST and
APCERT
Co
un
try’sC
SIR
Ts/C
ER
Ts
ICT RelatedAssociationsaand Vendors
Oth
er C
SIR
Ts
and
CE
RT
s
Governmentof Indonesia
sponsor
+Coordination Structure.
43
ID-SIRTII (CC)as National CSIRT
Sector CERT Internal CERT Vendor CERT Commercial CERT
Bank CERT
Airport CERT
University CERT
GOV CERT
Military CERT
SOE CERT
SME CERT
Telkom CERT
BI CERT
Police CERT
KPK CERT
Lippo CERT
KPU CERT
Pertamina CERT
Hospital CERT UGM CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
B CERT
C CERT
D CERT
E CERT
F CERT
G CERT
H CERT
Other CERTs Other CERTs Other CERTs Other CERTs
+Major Tasks.
44
INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS
Reactive Services Proactive Services Security Quality Management Services
1. Monitoring traffic Alerts and Warnings Announcements
Technology Watch
Intrusion Detection Services
x
2. Managing log files Artifact Handling x x
3. Educating public x x Awareness Building
4. Assisting institutions Security-Related
Information
Dissemnination
Vulnerability Handling
Intrusion Detection Services
Security Audit and Assessment
Configuration and Maintenenace of Security Tools, Applications,
and Infrastructure
Security Consulting
5. Provide training x X Education Training
6. Running laboratory x x Risk Analysis
BCP and DRP
7. Establish collaborations Incident Handling x Product Evaluation
+Incidents Definition and Samples.
45
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
“one or more intrusion events that you suspect are involved in a possible violation of your security policies”
“an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel”
“any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat”
“an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the
environment.”
+Priorities on Handling Incidents.
46
TYPE OF INCIDENT AND ITS PRIORITY
Public Safety and National Defense
(Very Priority)
Economic Welfare
(High Priority)
Political Matters
(Medium Priority)
Social and Culture Threats
(Low Priority)
1. Interception Many to One One to Many Many to Many Automated Tool (KM-Based Website)
2. Interruption Many to One One to Many Many to Many Automated Tool (KM-Based Website)
3. Modification Many to One One to Many Many to Many Automated Tool (KM-Based Website)
4. Fabrication Many to One One to Many Many to Many Automated Tool (KM-Based Website)
+Core Chain of Processes.
47
Response andHandle Incidents
Establish External and International Collaborations
Run Laboratory for Simulation Practices
Provide Training to Constituency and Stakeholders
Assist Institutions in Managing Security
Educate Public for Security Awareness
Report onIncidentHandling
ManagementProcess and
ResearchVital
Statistics
Supporting Activities
Core Process
+Legal Framework.
48
Undang-Undang No.36/1999regarding National Telecommunication Industry
Peraturan Pemerintah No.52/2000regarding Telecommunication Practices
Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006regarding Security on IP-Based Telecommunication Network Management
Peraturan Menteri No.26/PER/M.KOMINFO/2007regarding Indonesian Security Incident Response Team on Internet Infrastructure
New Cyberlaw on Informationand Electronic Transaction
+Holistic Framework.
49
SECURE INTERNETINFRASTRUCTURE
ENVIRONMENT
SECURE INTERNETINFRASTRUCTURE
ENVIRONMENT
PeoplePeople ProcessProcess TechnologyTechnology
Log FileManagement
System
TrafficMonitoring
System
IncidentIndicationAnalysis
IncidentResponse.
Management
AdvisoryBoard
ExecutiveBoard
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELDMONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
STAKEHOLDERS COLLABORATION AND SUPPORTSTAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCENATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENTSTRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
+Challenges to ID-SIRTII Activities. Prevention
“Securing” internet-based transactions Reducing the possibilities of successful attacks Working together with ISP to inhibit the distribution of illegal
materials
Reaction Preserving digital evidence for law enforcement purposes Providing technical advisory for further mitigation process
Quality Management Increasing public awareness level Ensuring security level in critical infrastructure institutions
50
+Work Philosophy.
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Why should we have regulation?Why should we establish institution?Why should we collaborate with others?Why should we agree upon mechanism?Why should we develop procedures? Why should we have standard?Why should we protect our safety?Why should we manage risks?Why should we form response team?
+
Welcome to the New World.
Congratulation!Richardus Eko Indrajit [email protected]
Chairman of ID-SIRTII and APTIKOM