Is Session 10

8/9/2019 Is Session 10

1/38


2/38


3/38

2010 Survey: Study Highlights

In past 12 months, 75% of companies experienced cyber attackes Loss of USD 2mn annuallyEvery enterprise(100%) experienced Cyber losses in 2009Top 3 reported losses: loss of IPR, customer card info and customer PIRTop 3 costs : productivity, revenue and loss of customer trustNetwork security(44%), End point security(44%), Messaging Security(39%)Top 3 standards ISO, HIPAA, SOX,CIS,PCI and ITIL


4/38


5/38

Internet Infrastructure in INDIA

5


6/38

Innovation fostering the Growth of

NGNsSmart devices TelevisionComputersPDAMobile Phone

(Single device to provide an end-to-end, seamlessly secureaccess)

Application SimplicityPreference of single, simple and secure interface toaccessapplications or contentUbiquitous interface - web browserFlexible Infrastructure

Because of these areas of evolution, todays NGNs aredefinedmore by the services they support than by traditionaldemarcation of Physical Infrastructure.


7/38

The Emergence of NGNs The communication network operating two years

ago are fathers telecommunication Network.NGNs are teenagers Network.No longer consumer and business accept the

limitation of single-use device or network.Both individuals and Business want the ability tocommunicate, work and be entertained over anydevice, any time, anywhere.

The demand of these services coupled with

innovation in technology is advancing traditionaltelecommunication far outside its original purpose.


8/38

The Complexity of Todays Network

Changes Brought in IT Large network as backbone for

connectivity across the country Multiple Service providers for

providing links BSNL, MTNL,Reliance, TATA, Rail Tel

Multiple Technologies to supportnetwork infrastructure CDMA, VSAT,DSL

Multiple Applications

LaptopsExtranet Servers

Servers

New PC

Intranet

Perimeter Network

UnmanagedDevices

Router

Router

Router

Internet NetworkInfrastructure

Desktops

Trends shaping thefuture Ubiquitous computing, networking

and mobility Embedded Computing Security IPv6 VoIP

BranchOffices

Perimeter NetworkServers

Router

BranchOffices

Router

Internet

UnmanagedDevices

Router

UnmanagedDevice

Home Users

Remote Workers

8


9/38

Challenges for NetworkOperatorBusiness challenges include new Pricing Structure,

new relationship and new competitors.

Technical challenges include migrating andintegrating with new advances in technologiesfrom fibre optics, installation of Wi-Fi support.

Developing a comprehensive Security Policy andarchitecture in support of NGN services.


10/38

To Reap Benefits To reap benefits of NGN, the operator must address

Technology

RiskSecurityEfficiency


11/38

NGN ArchitectureIdentify Layer

Compromises of end users owned by a telecom or athird-party service provider accessing services usingdevices like PC, PDA or mobile phone, to connect tothe Internet

Partly Trusted Untrusted

Third-Party Application

Internet

Service Layer Web Tier

Hosts service applications and provides a

framework for the creation of customer-focusedservices provided by either operator or a third-partyservice provider

Service ProviderApplication

Network Layer

Performs service execution, service management,network management and media control functions

Connects with the backbone network

Service Delivery PlatformServiceDelivery

Platform(Service

Provider ) Common Framework

Backbone Network


12/38

Growing ConcernComputing Technology has turned against us

Exponential growth in security incidentsPentagon, US in 2007Estonia in April 2007Computer System of German Chancellory and three

MinistriesHighly classified computer network in New Zealand &Australia

Complex and target oriented software

Common computing technologies and systems

Constant probing and mapping of network systems

12


13/38

Cyber ThreatEvolution

VirusMalicious

Code(Melissa)

Identity Theft(Phishing)

BreakingWeb Sites

Advanced Worm /Trojan (I LOVE

YOU)

Organised CrimeData Theft, DoS /

DDoS

1977 1995 2000 2003-04 2005-06 2007-08


14/38


15/38

Security Incidents reported during 2008

15


16/38

Trends of IncidentsSophisticated attacks

Attackers are refining their methods and consolidatingassets to create global networks that support coordinatedcriminal activity

Rise of Cyber Spying and Targeted attacksMapping of network, probing for weakness/vulnerabilities

Malware propagation through Website intrusionLarge scale SQL Injection attacks like Asprox Botnet

Malware propagation through Spam on the riseStorm worm, which is one of the most notorious malwareprograms seen during 2007-08, circulates through spam


17/38

Trends of Incidents

PhishingIncrease in cases of fast-flux phishing and rock-phishDomain name phishing and Registrar impersonation

Crimeware Targeting personal information for financial frauds

Information Stealing through social networkingsites

Rise in Attack toolkits Toolkits like Mpack and Neospolit can launch exploits forbrowser and client-side vulnerabilities against users whovisit a malicious or compromised sites


18/38

Global Attack Trend

Source: Websense


19/38

Top originating countries Malicious code

19


20/38

Three faces of cybercrime

Organised Crime

Terrorist Groups

Nation States

20


21/38

Security of Information Assets

Security of information & information assets isbecoming a major area of concern

With every new application, newer vulnerabilities cropup, posing immense challenges to those who aremandated to protect the IT assets

Coupled with this host of legal requirements andinternational business compliance requirements on dataprotection and privacy place a huge demand onIT/ITES/BPO service organizations

We need to generate Trust & Confidence


22/38


23/38

Model Followed InternationallyInternationally, the general approach has been tohave legal drivers supported by suitableverification mechanism.For example, in USA Legal drivers have been

SOXHIPPAGLBA

FISMA etc.

In Europe, the legal driver has been the DataProtection Act supported by ISO27001 ISMS.


24/38

Information Security Management

INFORMATION SECURITY

Confidentiality Integrity Availability Authenticity

People

Process

Technology

Security PolicyRegulatory ComplianceUser Awareness Program

Access ControlSecurity Audit

Incident ResponseEncryption, PKIFirewall, IPS/IDS

Antivirus

24


25/38

Cyber Security Strategy India Security Policy, Compliance and Assurance Legal Framework

IT Act, 2000IT (Amendment) Bill, 2006 Data Protection & Computer crimesBest Practice ISO 27001Security Assurance Framework- IT/ITES/BPO Companies

Security Incident Early Warning & Response CERT-In National Cyber Alert System Information Exchange with international CERTs

Capacity building

Skill & Competence developmentTraining of law enforcement agencies and judicial officials in the collection and analysis of digitalevidenceTraining in the area of implementing information security in collaboration with SpecialisedOrganisations in US

Domain Specific training Cyber Forensics

Setting up Digital Forensics Centres

Research and Development

Network MonitoringBiometric AuthenticationNetwork Security

International Collaboration


26/38

Status of security and quality complianceinIndiaQuality and Security

Large number of companies in India have aligned

their internal process and practices to internationalstandards such as

ISO 9000CMMSix Sigma

Total Quality Management

Some Indian companies have won special recognitionfor excellence in quality out of 18 Deming Prizewinners for Total Quality Management in the last fiveyears, six are Indian companies.


27/38

ISO 27001/BS7799 InformationSecurityManagementGovernment has mandated implementation of

ISO27001 ISMS by all critical sectorsISMS 27001 has mainly three components

TechnologyProcessIncident reporting and monitoring

296 certificates issued in India out of 7735certificates issued worldwideMajority of certificates issued in India belong toIT/ITES/BPO sector


28/38

Information Technology Security TechniquesInformation Security Management System

WorldISO 9000 951486(175 counties)

China210773

146 148

Italy115309

276

Japan73176

93

Spain65112

296

India46091

94

USA36192

27001 7732


29/38


30/38

CERT-CERT-In Work Process

Detection Analysis

Department of InformationTechnology

Major ISPs

Foreign Ptns

Dissemination & Support

ISP Hot Liners

Private Sectors

Home Users

Analysis

Dissemination

Detect Press & TV /Radio

Recovery


31/38

Distributed Honeypot Deployment


32/38

PC & End User Security: Auto Security PatchUpdate

Windows Security Patch Auto Update

Microsoft Download Ctr.

Internet

ActiveX DL Server

No. of Download ActiveX: 18 Million Sec. Patch ActiveX Site


33/38

PC & End UserSecurity

Incident Response Help Desk

Internet

PSTN

Make a call using 1800 11 - 4949Send fax using 1800 11 - 6969Communicate through email at [email protected] of security incidents handled during 2008 (till Oct): 1425Vulnerability Assessment Service


34/38

Intl Co-op: Cyber SecurityDrill Joint International Incident Handling Coordination Drill

Participated APCERT International IncidentHandling Drill 2006

Participants: 13 APCERT Members and NewZealand, Vietnam including 5 major KoreanISPs

Scenario: Countermeasure against MaliciousCode and relevant infringement as DDoS attack

Participated APCERT International IncidentHandling Drill 2007

Participants: 13 APCERT Members + KoreanISPs

Scenario: DDoS and Malicious Code Injection To be Model: World Wide Cyber Security

Incidents Drill among security agencies


35/38

Cyberforensics

Branch of forensic science pertaining to legal evidence found in computersand digital storage mediaPreservation Evidence changed, court case is goneIdentification

Of the 100,000 files, what is evidence of a crime?Extraction

Take the evidence off the hard drive for presentationDocumentation Document what you found to present in courtInterpretation Interpret the evidence in light of the charges


36/38

Something about Botnet

A botnet operator sends out viruses or worms, infecting ordinary users' computers,whose payload is a malicious applicationthe bot.

The bot on the infected PC logs into a particular C&C server (often an IRC server, but, insome cases a web server).

A spammer purchases access to the botnet from the operator.

The spammer sends instructions via the IRC server to the infected PCs, causing them tosend out spam messages to mail servers


37/38

Related Websites

http://www.cyberforensics.in

http://pcquest.ciol.com

http://cert.in

http://isaca.org


38/38

http://www.youtube.com/watch?v=NZYi1iJsXRc&featur e=related

http://www.cyberforensics.in/Default.aspx

Documents

Is Session 10