Copyright © 2005 独立行政法人 情報処理推進機構
AVAR 2005 – Cyber Security Crimes, Symptoms and the Countermeasures
Trends in Information Security and Trends in Information Security and Countermeasures in JapanCountermeasures in Japan
AVAR 2005November 18, 2005
Yasuko KannoYasuko Kanno
Researcher, IT Security CenterResearcher, IT Security Center
Information-Technology Promotion Agency , Japan (IPA)Information-Technology Promotion Agency , Japan (IPA)
2AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Today’s Agenda
1. Introducing IPA and IT Security CenterIT Security Center
2. Trend in information security in Japan a) Transition of cyber crimes b) Current status of computer virus c) Threat caused by vulnerabilities
3. Countermeasures Countermeasures for secure cyber society a) Transition of Countermeasures with some legal aspect b) Vulnerability information handling - Information security early warning partnership c) Information Security Governance d) Awareness, Training and Education
3AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Introducing IPA
IPA: Information-technology Promotion Agency, JapanIPA: Information-technology Promotion Agency, Japan IPA was established originally as a Specially-Approved Corporation, based on the Law on Promotion of Information Processing (enacted May 22, 1970, Law No. 90). By amendments enacted on December 11, 2002(Law No. 144), IPA was reorganized to an Incorporated Administrative Agency dated January 5, 2004. Promoting the overall information policy that is responsible for the national information strategy from the field of software .
■Software Development Software Development to Promote the Utilization of IT Infrastructure Building for Open-Source Software Next-Generation Software Development Project IT SME Venture Support Project Credit Guarantee Facilities etc.
■Information Security Measures IT Security CenterMeasures Against Vulnerability, Viruses and Unauthorized Computer AccessIT Security Evaluation and Certification, Cryptography technology, Research and Study
■ Developing IT Human Resources IT Skill StandardsInformation Technology Engineers ExaminationExploratory Software ProjectSupporting the Development of Local IT Human Resources
■ Software Engineering Center Strengthening International Competitiveness of Software Industry Partnerships with International Institutions
4AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Activity of IT Security CenterActivity of IT Security Center
IPA/ISEC IPA/ISEC ((Information-technology SEcurity Center)Mission: IT Security Enhancement in Japan
Establishment: January, 1997 Employees: Approx. 80 6 Groups
IPA/ISEC IPA/ISEC ((Information-technology SEcurity Center)Mission: IT Security Enhancement in Japan
Establishment: January, 1997 Employees: Approx. 80 6 Groups
5AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
2. Trend in information security in Japan a) Transition of cyber crimes b) Current status of computer virus c) Threat caused by vulnerabilities
6AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
0
2000
4000
6000
8000
10000
H13.3 H16.4
7,800Yen7,800Yen
2,500Yen2,500Yen
17 times users
17 times users
15 million users
15 million users
(円)
(円)
Costs dropped to 1/3
Costs dropped to 1/3
850,000 users
850,000 users
High-Speed Internet environment:
costs and users
2001.3 2004.4
Dissemination of IT and E-commerce development
Source: METI
Dissemination of IT
Source: METIhttp://www.meti.go.jp/policy/it_policy/statistics/outlook/ie_outlook.htm
2001 2002 2003 2004
(Trillion yen)
(Trillion yen)
Transitions in B to B - EC Market Size
E-Commerce in Japan in 2004 B to B approx.102.7 trillion yen ( 33 % increase from the previous year, E-commerce Rate: 14.7 %) B to C approx. 5.6 trillion yen ( 28 % increase, from the previous year, E-commerce Rate: 2.1 %) C to C ( internet auction ) approx. 7,800 billion yen
7AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
2000 2002 2003 20042001
Breach of Unauthorized computer access lawCrime targeted Computer and electromagnetic-recordNetwork Abuse Crime
Source: NPA (National Police Agency)http://www.npa.go.jp/cyber/statics/h16/h16_22.html
Transition of numbers : Cyber crime related arrest
8AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Cyber crime related arrest in 2004: 2,081 arrests
Breach of Unauthorized computer access law : 142 cases. Ca.7% One example; Using other person’s ID, password, exhibit fictitious goods for sale, swindle totally \9million from 76 bidder. (Feb, 2004)
Crime targeted Computer and electromagnetic-record : 55 cases. Ca.3% One example; Commited Unauthorized access into internet auction site, illegally transfer \5.1 million from other person’s account to his bank account under a false name. (Feb, 2004. Breach of unauthorized computer access law also.)
Network Abuse Crime: 1,884 arrested case. Ca.91% of all the arrested cases Many cases are fraud on the internet auction. One example; Exhibit PC for sale on the internet auction site, swindle totally \37million from 162 bidder. (Jan, 2004)
Source: NPA (National Police Agency) http://www.npa.go.jp/cyber/statics/h16/h16_22.html
Note: Under the network abuse crime, following crime are also included > Breach of the copyright law : 174 arrested case, 2times more than that of 2003 > Child prostitute, pornography : 455 arrested case, 1,4times more than that of 2003
9AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
OthersUnauthorized access, virusDefamation, slanderSpamSpread of harmful informationInternet auctionFraud
2000 2001 2002 2003 2004
Transition of numbers:Cyber crime related consulting service provided by NPA
Source: NPA (National Police Agency)
10AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Transition of Cyber Crimes
“Tech Freaks” to “Propaganda” to “Fraud on Net”
Attacker’sAttacker’s ObjectivesObjectivesDamagesDamages
Viruses
Worms
BOTs
Phishing
Trojan Horses
ID Frauds
Loss of Data
Systems Compromise
Systems Down
Network Crash
Fun
BecomingSomeone Else
StealingGoods & Money
Web CompromisePolitical
Messaging
Business Halt
ID Theft
Monetary Damages
Fame In the Dark Side
Rea
l Dam
ages
Rea
l Dam
ages
Personalized Attack
11AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Personalized attack to a internet banking user
The goods bought on your site was broken. Please replace it.Confirm the broken goods with the photo attached in this mail !
Internet shopping site owner
the criminal
Attached file:a spyware, not a photo
Swindle from a internet banking account using Spyware (July 2005)
A claim mail was sent to an owner of internet shopping site. The mail claimed that the goods was broken and request to replace it. When the owner opened the attached photo file to confirm the broken goods, there was no photos seen. At the very moment he opened the file a keylogger was installed in his PC. The keylogger collected data, sent the criminal ID and password of the owner’s internet banking account. Using this the criminal swindled ca. \5million yen form the owner’s account. (There are several similar cases)
Claim Mail
A man was arrestedon Nov 2005
A man was arrestedon Nov 2005
12AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Transition in Numbers of Virus Reports by year
The number of virus reports in the year of 2005 is further exceeded than that of 2004.
(Source: http://www.ipa.go.jp/security/english/virus/press/200508/virus200508-e.html)
13AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Computer virus reports (Aug 2005)
Number of Detected Virus Cases 3.37 Million (Aug, 2005)3.79 Million (Jul, 2005 )
Number of reported virus cases4,470 (Aug, 2005)4,536 (Jul, 2005 )
Virus detection: All the detected virusesReported number: Same type of virus reported in a same day from same user counted as one case, even if there are many viruses detected
14AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Trend of Top 7 Viruses During Apr.04 –Sep. 05http://www.ipa.go.jp/security/english/virus/press/200509/virus2005-3Q.html
W32/Mytob which possesses bots functionality has been increasing. Now numbers reported for it is rightly after following the W32/Netsky’s.
15AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
The Trends of Computer Viruses
1. Viruses proliferate rapidly through massive mailings W32/Netsky spread rapidly using a mass-mailing method and abusing vulnerabilities. This virus grew to the highest (worst) numbers reported for it in the successive 20
months following March 2004. (Recently gradually decreasing)
2. Increasing threat of bots W32/Mytob which posses bots functionality has been increasing. Now numbers reported for it is rightly after following the W32/Netsky’s.
3. Virus increases which steals user's private information or cause information leakage. Try to steal user’s private information by installing a backdoor, key logger, using phishing method, via P to P network (W32/Antinny abuse Winny network)
4. The tactics of viruses to fool users have become more crafty.
5. Many viruses abuse both mail functions and vulnerability.
16AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
The worst 10 Viruses Reported in Year 2004 and 2003
Name of Virus 2004 2003 AbuseMail
Function
AbuseVulnerabilities
W32/Netsky 15,895 - Yes Yes
W32/Bagle 4,838 - Yes Yes
W32/Mydoom 4,388 - Yes Yes
W32/Klez 3,498 4,538 Yes Yes
W32/Lovgate 2,569 165 Yes Yes
W32/Swen 1,776 1,673 Yes Yes
W32/Bugbear 1,727 1,602 Yes Yes
W32/Mimail 1,629 883 Yes Yes
W32/Zafi 1,557 - Yes Yes
VBS/Redlof 1,162 803 Yes Yes
Other Viruses 13,112 7,761
Total 52,151 17,425
Source: IPA – Computer Virus Annual Reports for 2004
17AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Majority in client applications
4%
3%
3%
3%
12%
6% (5%)
8% (11%)
10% (9%) 13% (9%)
14% (14%)
24% (31%) Web Brouser
Mail Client SoftwreWeb Application Builder
GropuwareAnti Virus Software
System Admin SoftwareOperating System
SSL-VPN SoftwareReference System
Name Directory ServerOthers
Since initial acceptance of reporting :Jul, 2004 to Sep, 2005(Since initial acceptance of reporting :Jul, 2004 to Sep, 2005(under 77 reports) )
From vulnerability reports received by IPA:Software vulnerability by type
No.1 : Web browserNo.2 : Mail client softwareNo.3 : Web application builder
18AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Since initial acceptance of reporting :Jul, 2004 to Sep, 2005(Since initial acceptance of reporting :Jul, 2004 to Sep, 2005(under 77 reports) )
Vulnerability reports :Threat caused by software vulnerabilities
No.1 Threat :Execution of Voluntary Scripts : 24%No.2 Threat : Spoofing: 13%No.3 Threat : Leakage of Authentication Information: 12%
24%
13%
8%
8%
9%
10% 12%
5%
1%
3%
3%1%
1%1%1%
Execution of Voluntary Scripts - - 24%
Spoofing - - 13%
Leakage of Authentication Information - - 12%
Disabled Services - - 10%
Leakage of Information - - 9%
Application Ends in Anomaly State - - 8%
Access to Voluntary Files - - 8%
Execution of Voluntary Codes - - 5%
Depletion of Source - - 3%
Unavailable to Confirm Certificate - - 3%
Leakage of Information Setup - - 1%
Session High- J acking - - 1%
Alteration of Prices, etc. - - 1%
Unauthorized Communication Relay - - 1%
Execution of Voluntary Commands - - 1%
19AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
No.1 : Cross Site Scripting is the most serious issueNo.2 : SQL InjectionNo.3 : Unchecked path parameter
Since initial acceptance of reporting :Jul, 2004 to Sep, 2005(Since initial acceptance of reporting :Jul, 2004 to Sep, 2005(under 357 reports) )
4%
1%
3%
3%
4%
6% (2%)
8% (10%)
42% (46%)
16% (8%)
1%2%
2%
2%
1%1% 1% 1%
1%1% Cross Site Scripting
SQL InjectionUnchecked Path ParameterImproper DNS Server ManagementHTTP Response SplitUnintended File DisclosureAlterable Price or other Values Defect in Session Management Directory TraversalEvadable Access ControlOpen ProxyImproperly changeable security settingsRelay of third party emailsInsecure use of HTTPSCross Site Request ForgeryImproper default apsswordSSI InjectionUnappropriate Error HandlingOthers
Vulnerability reports :Web application vulnerability by type
20AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Vulnerability reports :Threat caused by web application vulnerabilities
Since initial acceptance of reporting :Jul 2004 to Sep 2005(Since initial acceptance of reporting :Jul 2004 to Sep 2005(under 357 reports) )
No.1 Threat : Leakage of cookie information: 26%No.2 Threat : Falsification or destruction of data: 20%No.3 Threat : Presentation of forged information on legitimate site: 15%
3.0%
2.0% 1.0%
2.0%
2.0%
4.0%
6.0%
1.0%
8.0%
10.0%
15.0%
20.0%
26.0%
Leakage of cookie information: 26%
Falsification or destruction of data: 20%
Presentation of forged information onlegitimate site: 15%Leakage of file in web server: 10%
Leakage of personal information: 8%
Insertion of false DNS information: 6%
Replacement of web cashe with falseinformation: 4%Lowering of uers' security levels: 3%
Stepping‐ stone: 2%
Unauthorized utilization of mail system:2%Spoofing : 2%
Leakage of server implementationinformation: 1%Others: 1%
21AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Trends from unauthorized accesses report/ intrusion, phishing, fraud, malicious programs….
Unauthorized access abusing web application vulnerability
1. Web server hijacking Use as phishing site (Phishing sites which spoofs Japanese banks appears) 2. Unauthorized access to web server and installed virus, as the result, use
r download virus just browse the site. Temporary close the site (May, 2005) 3. Password cracking to the SSH port, intrusion to the web server
Many spywares, malicious programs and monetary damage
1. Spyware was installed, IDs and passwords for internet-banking stolen, the money was transferred to the other account.2. Spyware was installed when an image was downloaded from an adult site. Then the email address was stolen, and the demand emails for the payment are continually sent.
22AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Some legal aspect over personal information leakage
Law for the Protection of Personal Information, prescribing the duties for the proper handling of personal information was enacted partially in 2003, and fully enacted on April 2005. Various incident reported on the TV and newspaper:
February 2004: Leakage of ca. 4.6 million pieces of client information from a large internet provider; it sent out \500 vouchers to all of those clients to express an apology. The cost of these vouchers sum up to about \4 billion.
March 2004: Leakage of ca. 300 thousand pieces of client information from a large mail-order house. The company apologized for causing such a big leakage case and temporarily stopped their business activities through TV, etc. The sales loss from this voluntarily restraint was estimated to be about \3 billion.
Causes of identity information leakage: some are identity Causes of identity information leakage: some are identity theft, some are mistakes or negligence of rules in house.theft, some are mistakes or negligence of rules in house.
The result can end up possible bankruptcy of the The result can end up possible bankruptcy of the company.company.The status of information security measures affects the reliability of companies
23AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
3. Countermeasures Countermeasures for secure cyber society a) Transition of Countermeasures with some legal aspect b) Vulnerability information handling - Information security early warning partnership c) Information Security Governance d) Awareness, Training and Education
24AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Transitions in purposes of information security countermeasures 2-3 years ago : Protect your own information ( Protection from Virus and Unauthorized accesses)
Present : Compliance with the law Corporate Social Responsibility ( CSR ) , BCP (The necessity for information security measures is being mentioned from the aspect of the proper risk management of companies. Various aspects: technical, organizational management, compliance, BCP...)
Transitions of countermeasures
Law for the Protection of Personal Information: enacted April 2005
Transitions in Attackers’ Objectives 1990s : Script kiddie, Fame In the Dark Side, Fun 2000 ~: Attacks Abusing Vulnerability, Damage in Large-scale 2004 ~: Shifted to Economical and Political Purpose. Fraud, Especially, monetary damages are outstanding recently.
25AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Laws for Controlling Cyber Crimes: Prohibiting Unauthorized Computer Access Law, etc. Law Sustaining Smooth e-Business Transaction: Law for e-Signature Authentication, Law for e-Documentation Privacy Protection : Law for Protecting Personal Information Law for Copyright Protection Restrictive Measures against Unwanted Mails
IT
ユー
ザの
規模 業務効率化
競争優位
2000 年
国家安全保障科学技術計算
安全・高信頼の稼動
商取引経済インフラ
社会・経済・国民生活の
ライフライン
専用システム 大型・汎用機 C/S PC・インターネット ユビキタス
政府
金融、運輸、エネルギー等
大企業
軍事機密の保護
重要インフラの可用性確保
企業システムの可用性確保
企業のネットワークセキュリティ
電子政府セキュリティ
安全な経済活動安心な社会生活
1950 年
Scales of IT U
sers
業務効率化競争優位
2000 年
国家安全保障科学技術計算
安全・高信頼の稼動
商取引経済インフラ
社会・経済・国民生活の
ライフライン
専用システム 大型・汎用機 C/S PC・インターネット ユビキタス
金融、運輸、エネルギー等
大企業
軍事機密の保護
重要インフラの可用性確保
企業システムの可用性確保
企業のネットワークセキュリティ
電子政府セキュリティ
安全な経済活動安心な社会生活
1950 年
Efficiency in BusinessAdvantageous in Competition
Yr. 2000
National SecurityScientific Technology Computation
Secured/Highly Confidentialin Operation
Business DealingsEconomic Infrastructure
Lifelines for Socially/Economical National Lives
Exclusive System Large/Versatile Machine C/S PCs/the Internet Ubiquitous
Government
Finances, Logistics, Energies, etc.
Large Enterprises
SMEs
IndividualRoles of Information Security
Directionality in Information Security
Protection of Confidential Military Information
Yr. 1950
Program Organization
Protection of Eletromagnetic Records (Amendment of Criminal Law: 1987)
Copyright Law (Automatic Public Transmission: 1997)
Law for e-Signature Certificatione-Certification/notary SystemLaw for Inhibiting Unauthorized Computer AccessLaw for IT Documentation Collection (2000)
Restrictive Measures against Unwanted Mails (Law for designated trading)e-contract law for consumersLiability law for providersLaw protecting personal informationLaw for e-documentationAmendments for the Act Against Unauthorized Competition (confidentiality in business)Official Personal Certification System
Shift in IT Society and Transition of Legal ResponsesShift in IT Society and Transition of Legal Responses
Source material by METI
Ensuring the Availability of Critical Infrastructure
Ensuring the Availability of Enterprise Systems
EnterpriseNetwork Security
E-GovernmentSecurity
Safe Economic ActivitiesSafe social Life
26AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Changes in Information Security and IPA’s Response
1990
2000
2003
2004
2005
・ Spread of PCs・ Criminal display of ability for pleasure・ Restricted damage
・ Spread of the Internet・ Large scale damage・ Progress of attack information sharing
・ Exposure of software vulnerability・ Sophisticated virusesand worms
・ Economic motive (pretense, fraud)・ Progress of systematic and distributed attacks・ Advanced and multiple attacks
Report program of virus and unauthorized accessBy circulating damage reports,
expansion of damage is prevented.
Internet Observation System
Real time detection of disorder on the Internet
Enhancement of early warning partnership
Anti-Bot measures,Phishing measures conference
Vulnerability Information Handling
With secure circulation of vulnerability information
among experts, countermeasures are
supplied rapidly to users.
Causes are confirmed after damage. Restriction of damage.
Real time recognition and analysis of causes. Restriction of damage.Recognition of uses in advance. Suppression and restriction of damage.
Teamwork with ISPs.Suppression and restriction of damagewith overall measures.
1st stage
2nd stage
3rd stage
4th stage
Rapid and large scale infection and serious
damage with spread of the Internet
Floppy infection type virus
Bot
Phishing
Vulnerability toviruses and worms
Information scams for economic gain
Homepage manipulationDoS attack
E-mail attached virus
Spread of password decoding tool
Spyware
ThreatThreat PhenomenonPhenomenon AnalysisAnalysis IPA’s ResponseIPA’s Response
Intrusion into specific sites
Attack through systematic,
distributed and multiple methods
Easy acquisition of attacking tools on
the Internet
Crime for pleasureRestricted infection
Extensive infection through the Internet
Source: METISource: METI
27AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Shift in Number for Virus Reports by Year
52,151
4,880
17,425
20,352
24,261
11,109
3,6452,0352,391
7556681,1278972535714
0
10,000
20,000
30,000
40,000
50,000
60,000
1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005
Netsky virus variants emerged over and over. Virus variants which exploit security holes emerged as well.
Viruses (MSBlaster, Welchia) exploiting security holes emerged and spread rapidly.
Viruses (Klez) exploiting security holes spread rapidly. Viruses using Japanese into subject (Fbound) emerged.
Virus and Unauthorized Access Report Program
IPA was designated as the formal organization to receive reports on computer viruses and unauthorized access from throughout Japan by "The Computer Virus Prevention Guidelines" and "The Unauthorized Computer Access Prevention Guidelines".
Assessing the damage caused by computer viruses and unauthorized access
Monthly press release of information about reports and countermeasures
http://www.ipa.go.jp/security/index-e.html
◇ Virus & Unauthorized Access Countermeasures Group
Consulting [email protected]
28AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
0
5000
10000
15000
20000
25000
30000
35000
40000
45000
50000
Other1025(TCP)4899(TCP)137(UDP)Ping(ICMP)1433(TCP)1027(UDP)1026(UDP)139(TCP)445(TCP)135(TCP)
Transition of Transition of unwanted (one-sided) accessaccess numbers per port numbers per port (April to September, 2005)pril to September, 2005)
the Internet Monitoring System (TALOT2: Trend/Analysis/Logging/Observation/Tool)
29AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
65%
19%
4%
3%
3%
0%0%
2%2% 1%1%
J apanChinaKoreaUnited StatesHong KongTaiwanGermanySpainIndiaFranceOther
Percentage of Percentage of unwanted (one-sided) access per nationaccess per nation (April to September, 2005)pril to September, 2005)
the Internet Monitoring System
30AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
1. Promote vulnerability fixing effort by software developers and web owners2. Control untreated vulnerability information or inappropriate disclosure3. Prevent outage of critical systems and privacy information theft
1. Promote vulnerability fixing effort by software developers and web owners2. Control untreated vulnerability information or inappropriate disclosure3. Prevent outage of critical systems and privacy information theft
Effects:Effects:
Discoverer
Discoverer
S
oftware
Softw
are D
eveloperD
eveloper
Report suspected
vulnerability
Coordi-nation
Evaluate reported
vulnerability
S
ystems Integrator
System
s Integrator
AnnounceVulnerability
andhow to fix
Reception Reception AgencyAgency
SPREADothers
IPAIPA
Release date fixing,
International cooperation
JPCERTJPCERT/CC/CC
CoordinationCoordinationAgencyAgency
UsersUsers
Government,Corporations,Consumers,
Web SiteWeb SiteOperatorOperator
Evaluate, Fix
Announce in case of
privacy theft
IPAIPAJPCERT/CCJPCERT/CC
Vul Info PortalVul Info Portal(JVN)(JVN)Forward
reported vulnerability
Report suspected
vulnerability Forward reported vulnerability
Software VulnerabilitiesSoftware Vulnerabilities
Web Site VulnerabilitiesWeb Site Vulnerabilities
Vulnerability Information Handling Program- Information Security Early Warning Partnership
Initiated by METI, Policy announcement in July, 2004
31AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Partnership and Standards for Vulnerability Information Handling
Standards of Software Vulnerability
Information Handling ( METI notification )
< Notified on 7th, Jul. >
・ Basic structure of vulnerability associated information・ Asking for requested roles of persons concerned
Guidelines for Information Security Early Warning Partnership
【 IPA,JPCERT/CC,JNSA,JEITA,JISA,JPSA 】
< Announced on 8th, Jul. >
Lines of the roles of persons concerned and industries concerned that participate in the system.
2. Promotion of Industry Participation 2. Promotion of Industry Participation
Guideline for Industry
Presentation of the way of dealing with vulnerability associated information at the practical level.
Guideline for Products Developer【 JEITA, JISA 】
In-company system, the person in charge, treatment of vulnerability associated information, , countermeasure methods announce and contacting system etc.
SpreadingImpacts
Guideline for Other Industries
Gov Pri
1. Supporting the Government and the Private Cooperation 1. Supporting the Government and the Private Cooperation
IPA JPCERT/CC (Japan Computer Emergency Response Team Coordination Center)JEITA (Japan Electronics and Information Technology Association)JISA (Japan Information Technology Services Industry Association)JPSA (Japan Personal Computer Software Association)JNSA (Japan Network Security Association)
32AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Vulnerabilities Reported on Software Products
16
20
41(12)
17
29
12(1)
3
11
24 17(11)
4
6
0 10 20 30 40 50 60 70 80 90 100
Sep2005
J un2005
Mar2005
Publicezed In Process
Total 44
20
Not Vulnerable ReceptionDenied
Concluded 53(13):
Total 62
40
Total 94 Vuls
Publicized Responding status against vulnerabilities being publicized in JVN
Not Vulnerable Determined as non-vulnerability by a product developer
Report not accepted As not within the framework of vulnerability information Handling Scheme
Since initial acceptance of reporting :Jul, 2004 to Sep, 2005 (Since initial acceptance of reporting :Jul, 2004 to Sep, 2005 (under 77 reports) )
33AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Vulnerabilities Reported on Web pages
Corrected Vulnerability was repaired by the web owner: “Confirmed” : correction confirmed by the reporter
Not Vulnerable Determined as non-vulnerability by the web page owner
Workaround Vulnerability not repaired but covered at operation level
Communication Impossible Coordinator cannot reach the owner or operator of the vulnerable web site
Report not accepted As not within the framework of vulnerability information Handling Scheme
124
91
16
15
4
4
9
8
85
56
27
29
12
8
177(53)29
(13)612(3)
10231(4)
22(10)
0 50 100 150 200 250 300 350 400
Sep2005
J un2005
Mar2005
Corrected In Process
Total 211
118
Total379
153
Concluded 224(SQ'05:71):
Total277
Confirmed 63 8()
Not Vulnerable Workaround Page Deleted CommunicationImpossible
Reception Denied
Corrected13
Deleted 7
Uncorrected/ Unknown 11
Since initial acceptance of reporting :Jul 2004 to Sep 2005 (Since initial acceptance of reporting :Jul 2004 to Sep 2005 (under 357 reports) )
34AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
“JVN” Web Site for Vulnerability Information & Countermeasures Status
http://jvn.jp/
35AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Information Security BenchmarkInformation Security Benchmark Self-Assessing Benchmarking Tool developed by IPA
25 questions in 5 categories such as;- Does your company provide and comply with Information Security Policy or Management Regulations?- Are critical documents and storing media appropriately controlled?- Is protection against malicious codes (virus and worms) implemented?
Part 1: Information Security: Countermeasures Scoring
Part 2: Classification of Business Nature and Social Impact 15 questions in following area; - Business Size, corporate profiles - Industry Classification - Business Impact to customer life, health, wealth and honor - Dependency on IT System - Percentage of critical information in operations
Your companies position can be checked on IPA web sitehttp://www.ipa.go.jp/security/benchmark/index.html
36AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Self-Assessing Benchmarking Plotting by 2 Factor Scoring
Score
Volatility of Business Nature against Information Security + Significance of Social Involvement
X: Information Security is not immediately requisite
: Moderate level of Information Security is expected
: High level of Information Security is required
25 items for Information SecurityCountermeasures
15 items for-Corporate Profiles -Vulnerabilities on Business Configuration-Social Influence
XYou are You are herehere
Provides total scoring and recommended approaches
Provides total scoring and recommended approaches
40 Items for EvaluationYou will answer questions;
37AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Awareness, Training and Education
Various information of countermeasures • Leaflet (countermeasures against Bots, Spyware)
• Anti-Virus School (CD-ROM)
• Anti-Virus Movie
• New Virus Information, Virus DB
• Investigation and report
Trends in information security, StatisticsBest Current Practice for IT users in Japan
• The seven basic anti-virus measures for PC Users
• The five instructions against spyware
• The Five Instructions When Opening Attachment Files
• The Dangers of Downloading
2 2 millionmillionss web page web page accesses accesses to IPA/ISEC peto IPA/ISEC per monthr month
38AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
Awareness, Training and EducationResearch and International CollaborationInformation Security Seminar• Every year• More than 15 locations across Japan• 2 day seminar, free of charge• 3 courses : Technical, Management and Basic• More than 3, 000 attendees
The Information Security Reader: 500 yen (approx. US$ 4.00) a must book for every computer user. Text book for basic course http://www.ipa.go.jp/security/publications/dokuhon/index.html
Various reports of research and investigation/survey http://www.ipa.go.jp/security/products/products.html
• Electronic Signature Laws, PKI Projects and Time Stamping Technology in the European Union and Germany (written in English)• Skill map for information security engineer (written in Japanese)• Survey on biometrics product’s accuracy evaluation (written in Japanese)
International collaboration with various countries
39AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
IIPA/ISEC Web page
Web site http://www.ipa.go.jp/security/index-e.html
Information about emergency countermeasures on Web site, when new virus or vulnerability are found.
40AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA)
IPA http://www.ipa.go.jp/
Email : [email protected]
2-28-8 HonKomagome, Bunkyo-ku,
Tokyo 113-6591 Japan
Yasuko KANNO
Researcher, Global Alliance GroupIT Security Center, IPA Japan
Contact Information