Upload
vinay-pokharna
View
219
Download
0
Embed Size (px)
Citation preview
8/9/2019 Is Session 10
1/38
8/9/2019 Is Session 10
2/38
8/9/2019 Is Session 10
3/38
2010 Survey: Study Highlights
In past 12 months, 75% of companies experienced cyber attackes Loss of USD 2mn annuallyEvery enterprise(100%) experienced Cyber losses in 2009Top 3 reported losses: loss of IPR, customer card info and customer PIRTop 3 costs : productivity, revenue and loss of customer trustNetwork security(44%), End point security(44%), Messaging Security(39%)Top 3 standards ISO, HIPAA, SOX,CIS,PCI and ITIL
8/9/2019 Is Session 10
4/38
8/9/2019 Is Session 10
5/38
Internet Infrastructure in INDIA
5
8/9/2019 Is Session 10
6/38
Innovation fostering the Growth of
NGNsSmart devices TelevisionComputersPDAMobile Phone
(Single device to provide an end-to-end, seamlessly secureaccess)
Application SimplicityPreference of single, simple and secure interface toaccessapplications or contentUbiquitous interface - web browserFlexible Infrastructure
Because of these areas of evolution, todays NGNs aredefinedmore by the services they support than by traditionaldemarcation of Physical Infrastructure.
8/9/2019 Is Session 10
7/38
The Emergence of NGNs The communication network operating two years
ago are fathers telecommunication Network.NGNs are teenagers Network.No longer consumer and business accept the
limitation of single-use device or network.Both individuals and Business want the ability tocommunicate, work and be entertained over anydevice, any time, anywhere.
The demand of these services coupled with
innovation in technology is advancing traditionaltelecommunication far outside its original purpose.
8/9/2019 Is Session 10
8/38
The Complexity of Todays Network
Changes Brought in IT Large network as backbone for
connectivity across the country Multiple Service providers for
providing links BSNL, MTNL,Reliance, TATA, Rail Tel
Multiple Technologies to supportnetwork infrastructure CDMA, VSAT,DSL
Multiple Applications
LaptopsExtranet Servers
Servers
New PC
Intranet
Perimeter Network
UnmanagedDevices
Router
Router
Router
Internet NetworkInfrastructure
Desktops
Trends shaping thefuture Ubiquitous computing, networking
and mobility Embedded Computing Security IPv6 VoIP
BranchOffices
Perimeter NetworkServers
Router
BranchOffices
Router
Internet
UnmanagedDevices
Router
UnmanagedDevice
Home Users
Remote Workers
8
8/9/2019 Is Session 10
9/38
Challenges for NetworkOperatorBusiness challenges include new Pricing Structure,
new relationship and new competitors.
Technical challenges include migrating andintegrating with new advances in technologiesfrom fibre optics, installation of Wi-Fi support.
Developing a comprehensive Security Policy andarchitecture in support of NGN services.
8/9/2019 Is Session 10
10/38
To Reap Benefits To reap benefits of NGN, the operator must address
Technology
RiskSecurityEfficiency
8/9/2019 Is Session 10
11/38
NGN ArchitectureIdentify Layer
Compromises of end users owned by a telecom or athird-party service provider accessing services usingdevices like PC, PDA or mobile phone, to connect tothe Internet
Partly Trusted Untrusted
Third-Party Application
Internet
Service Layer Web Tier
Hosts service applications and provides a
framework for the creation of customer-focusedservices provided by either operator or a third-partyservice provider
Service ProviderApplication
Network Layer
Performs service execution, service management,network management and media control functions
Connects with the backbone network
Service Delivery PlatformServiceDelivery
Platform(Service
Provider ) Common Framework
Backbone Network
8/9/2019 Is Session 10
12/38
Growing ConcernComputing Technology has turned against us
Exponential growth in security incidentsPentagon, US in 2007Estonia in April 2007Computer System of German Chancellory and three
MinistriesHighly classified computer network in New Zealand &Australia
Complex and target oriented software
Common computing technologies and systems
Constant probing and mapping of network systems
12
8/9/2019 Is Session 10
13/38
Cyber ThreatEvolution
VirusMalicious
Code(Melissa)
Identity Theft(Phishing)
BreakingWeb Sites
Advanced Worm /Trojan (I LOVE
YOU)
Organised CrimeData Theft, DoS /
DDoS
1977 1995 2000 2003-04 2005-06 2007-08
8/9/2019 Is Session 10
14/38
8/9/2019 Is Session 10
15/38
Security Incidents reported during 2008
15
8/9/2019 Is Session 10
16/38
Trends of IncidentsSophisticated attacks
Attackers are refining their methods and consolidatingassets to create global networks that support coordinatedcriminal activity
Rise of Cyber Spying and Targeted attacksMapping of network, probing for weakness/vulnerabilities
Malware propagation through Website intrusionLarge scale SQL Injection attacks like Asprox Botnet
Malware propagation through Spam on the riseStorm worm, which is one of the most notorious malwareprograms seen during 2007-08, circulates through spam
8/9/2019 Is Session 10
17/38
Trends of Incidents
PhishingIncrease in cases of fast-flux phishing and rock-phishDomain name phishing and Registrar impersonation
Crimeware Targeting personal information for financial frauds
Information Stealing through social networkingsites
Rise in Attack toolkits Toolkits like Mpack and Neospolit can launch exploits forbrowser and client-side vulnerabilities against users whovisit a malicious or compromised sites
8/9/2019 Is Session 10
18/38
Global Attack Trend
Source: Websense
8/9/2019 Is Session 10
19/38
Top originating countries Malicious code
19
8/9/2019 Is Session 10
20/38
Three faces of cybercrime
Organised Crime
Terrorist Groups
Nation States
20
8/9/2019 Is Session 10
21/38
Security of Information Assets
Security of information & information assets isbecoming a major area of concern
With every new application, newer vulnerabilities cropup, posing immense challenges to those who aremandated to protect the IT assets
Coupled with this host of legal requirements andinternational business compliance requirements on dataprotection and privacy place a huge demand onIT/ITES/BPO service organizations
We need to generate Trust & Confidence
8/9/2019 Is Session 10
22/38
8/9/2019 Is Session 10
23/38
Model Followed InternationallyInternationally, the general approach has been tohave legal drivers supported by suitableverification mechanism.For example, in USA Legal drivers have been
SOXHIPPAGLBA
FISMA etc.
In Europe, the legal driver has been the DataProtection Act supported by ISO27001 ISMS.
8/9/2019 Is Session 10
24/38
Information Security Management
INFORMATION SECURITY
Confidentiality Integrity Availability Authenticity
People
Process
Technology
Security PolicyRegulatory ComplianceUser Awareness Program
Access ControlSecurity Audit
Incident ResponseEncryption, PKIFirewall, IPS/IDS
Antivirus
24
8/9/2019 Is Session 10
25/38
Cyber Security Strategy India Security Policy, Compliance and Assurance Legal Framework
IT Act, 2000IT (Amendment) Bill, 2006 Data Protection & Computer crimesBest Practice ISO 27001Security Assurance Framework- IT/ITES/BPO Companies
Security Incident Early Warning & Response CERT-In National Cyber Alert System Information Exchange with international CERTs
Capacity building
Skill & Competence developmentTraining of law enforcement agencies and judicial officials in the collection and analysis of digitalevidenceTraining in the area of implementing information security in collaboration with SpecialisedOrganisations in US
Domain Specific training Cyber Forensics
Setting up Digital Forensics Centres
Research and Development
Network MonitoringBiometric AuthenticationNetwork Security
International Collaboration
8/9/2019 Is Session 10
26/38
Status of security and quality complianceinIndiaQuality and Security
Large number of companies in India have aligned
their internal process and practices to internationalstandards such as
ISO 9000CMMSix Sigma
Total Quality Management
Some Indian companies have won special recognitionfor excellence in quality out of 18 Deming Prizewinners for Total Quality Management in the last fiveyears, six are Indian companies.
8/9/2019 Is Session 10
27/38
ISO 27001/BS7799 InformationSecurityManagementGovernment has mandated implementation of
ISO27001 ISMS by all critical sectorsISMS 27001 has mainly three components
TechnologyProcessIncident reporting and monitoring
296 certificates issued in India out of 7735certificates issued worldwideMajority of certificates issued in India belong toIT/ITES/BPO sector
8/9/2019 Is Session 10
28/38
Information Technology Security TechniquesInformation Security Management System
WorldISO 9000 951486(175 counties)
China210773
146 148
Italy115309
276
Japan73176
93
Spain65112
296
India46091
94
USA36192
27001 7732
8/9/2019 Is Session 10
29/38
8/9/2019 Is Session 10
30/38
CERT-CERT-In Work Process
Detection Analysis
Department of InformationTechnology
Major ISPs
Foreign Ptns
Dissemination & Support
ISP Hot Liners
Private Sectors
Home Users
Analysis
Dissemination
Detect Press & TV /Radio
Recovery
8/9/2019 Is Session 10
31/38
Distributed Honeypot Deployment
8/9/2019 Is Session 10
32/38
PC & End User Security: Auto Security PatchUpdate
Windows Security Patch Auto Update
Microsoft Download Ctr.
Internet
ActiveX DL Server
No. of Download ActiveX: 18 Million Sec. Patch ActiveX Site
8/9/2019 Is Session 10
33/38
PC & End UserSecurity
Incident Response Help Desk
Internet
PSTN
Make a call using 1800 11 - 4949Send fax using 1800 11 - 6969Communicate through email at [email protected] of security incidents handled during 2008 (till Oct): 1425Vulnerability Assessment Service
8/9/2019 Is Session 10
34/38
Intl Co-op: Cyber SecurityDrill Joint International Incident Handling Coordination Drill
Participated APCERT International IncidentHandling Drill 2006
Participants: 13 APCERT Members and NewZealand, Vietnam including 5 major KoreanISPs
Scenario: Countermeasure against MaliciousCode and relevant infringement as DDoS attack
Participated APCERT International IncidentHandling Drill 2007
Participants: 13 APCERT Members + KoreanISPs
Scenario: DDoS and Malicious Code Injection To be Model: World Wide Cyber Security
Incidents Drill among security agencies
8/9/2019 Is Session 10
35/38
Cyberforensics
Branch of forensic science pertaining to legal evidence found in computersand digital storage mediaPreservation Evidence changed, court case is goneIdentification
Of the 100,000 files, what is evidence of a crime?Extraction
Take the evidence off the hard drive for presentationDocumentation Document what you found to present in courtInterpretation Interpret the evidence in light of the charges
8/9/2019 Is Session 10
36/38
Something about Botnet
A botnet operator sends out viruses or worms, infecting ordinary users' computers,whose payload is a malicious applicationthe bot.
The bot on the infected PC logs into a particular C&C server (often an IRC server, but, insome cases a web server).
A spammer purchases access to the botnet from the operator.
The spammer sends instructions via the IRC server to the infected PCs, causing them tosend out spam messages to mail servers
8/9/2019 Is Session 10
37/38
Related Websites
http://www.cyberforensics.in
http://pcquest.ciol.com
http://cert.in
http://isaca.org
8/9/2019 Is Session 10
38/38
http://www.youtube.com/watch?v=NZYi1iJsXRc&featur e=related
http://www.cyberforensics.in/Default.aspx