Upload
aurobindo-nayak
View
2.279
Download
2
Embed Size (px)
DESCRIPTION
How does India stand in the perspective of global terrorism and does it have enough countermeasures to tackle the ever growing threat of cyber crime
Citation preview
Cyber Security : Indian perspective
3RD November 2010
Aurobindo NayakReg-No:0701288307
NMIETBranch-CSE
Web Sites (WWW)
1993 Web Invented and implemented130 Nos. web sites
1994 2738 Nos.
1995 23500 Nos.
2007 550 Million Nos.
2008 850 Million Nos.
Web Evolution
33
Internet Infrastructure in INDIA
Innovation fostering the Growth of Innovation fostering the Growth of NGNsNGNsSmart devices
◦ Television◦ Computers◦ PDA◦ Mobile Phone
(Single device to provide an end-to-end, seamlessly secure access)
Application Simplicity◦ Preference of single, simple and secure interface to
access applications or content ◦ Ubiquitous interface - web browser
Flexible Infrastructure
Because of these areas of evolution, today’s NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.
The Emergence of NGNsThe Emergence of NGNsThe communication network operating two
years ago are father’s telecommunication Network.
NGNs are teenager’s Network.No longer consumer and business accept the
limitation of single-use device or network.Both individuals and Business want the ability
to communicate, work and be entertained over any device, any time, anywhere.
The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.
6
The Complexity of Today’s Network
Changes Brought in IT• Large network as backbone for
connectivity across the country• Multiple Service providers for
providing links – BSNL, MTNL, Reliance, TATA, Rail Tel
• Multiple Technologies to support network infrastructure CDMA, VSAT, DSL
• Multiple Applications
Router
Internet
Intranet
`
UnmanagedDevice
New PC
Internet
PerimeterNetwork
BranchOffices
Remote Workers
Home Users
Unmanaged Devices
Router
RouterRouter
Router
` ` `
` ` `
BranchOffices
Desktops
Laptops
Servers
Extranet Servers
Router
Network Infrastructure
Unmanaged Devices
Perimeter Network Servers
Trends shaping the future• Ubiquitous computing, networking
and mobility• Embedded Computing• Security• IPv6• VoIP
Challenges for Network Challenges for Network OperatorOperatorBusiness challenges include new
Pricing Structure, new relationship and new competitors.
Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support.
Developing a comprehensive Security Policy and architecture in support of NGN services.
To Reap BenefitsTo Reap BenefitsTo reap benefits of NGN, the
operator must address◦Technology◦Risk◦Security◦Efficiency
NGN ArchitectureNGN ArchitectureIdentify Layer
Compromises of end users owned by a telecom or a third-party service provider accessing services using devices like PC, PDA or mobile phone, to connect to the Internet
Service Layer
Hosts service applications and provides a framework for the creation of customer-focused services provided by either operator or a third-party service provider
Network Layer
Performs service execution, service management, network management and media control functions
Connects with the backbone network
InternetThird-PartyApplication
Untrusted
Web Tier
Service Provider Application
Service Delivery Platform (Service
Provider )
Service Delivery Platform
Common Framework
Backbone Network
Partly Trusted
Growing ConcernGrowing ConcernComputing Technology has turned against us
Exponential growth in security incidents◦ Pentagon, US in 2007◦ Estonia in April 2007◦ Computer System of German Chancellory and
three Ministries◦ Highly classified computer network in New Zealand
& Australia
Complex and target oriented software
Common computing technologies and systems
Constant probing and mapping of network systems
10
Cyber Threat EvolutionCyber Threat Evolution
Virus
Breaking Web Sites
Malicious Code
(Melissa)
Advanced Worm / Trojan (I LOVE
YOU)
Identity Theft (Phishing)
Organised CrimeData Theft, DoS /
DDoS
1995 2000 2003-04 2005-06 2007-081977
Cyber attacks being Cyber attacks being observedobservedWeb defacementSpamSpoofingProxy ScanDenial of ServiceDistributed Denial of ServiceMalicious Codes
◦ Virus◦ Bots
Data Theft and Data Manipulation◦ Identity Theft◦ Financial Frauds
Social engineering Scams
13
Security Incidents reported during 2009
Trends of IncidentsTrends of Incidents Sophisticated attacks
◦ Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity
Rise of Cyber Spying and Targeted attacks◦ Mapping of network, probing for
weakness/vulnerabilities
Malware propagation through Website intrusion ◦ Large scale SQL Injection attacks like Asprox Botnet
Malware propagation through Spam on the rise◦ Storm worm, which is one of the most notorious
malware programs seen during 2007-08, circulates through spam
Trends of Incidents Trends of Incidents Phishing
◦ Increase in cases of fast-flux phishing and rock-phish◦ Domain name phishing and Registrar impersonation
Crimeware◦ Targeting personal information for financial frauds
Information Stealing through social networking sites
Rise in Attack toolkits◦ Toolkits like Mpack and Neospolit can launch exploits
for browser and client-side vulnerabilities against users who visit a malicious or compromised sites
Global Attack TrendGlobal Attack Trend
Source: Websense
17
Top originating countries – Malicious code
Three faces of cyber crimeThree faces of cyber crime
Organised Crime
Terrorist Groups
Nation States
18
Security of Information AssetsSecurity of Information AssetsSecurity of information & information assets is
becoming a major area of concernWith every new application, newer vulnerabilities
crop up, posing immense challenges to those who are mandated to protect the IT assets
Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations
We need to generate ‘Trust & Confidence’
Challenges before the IndustryChallenges before the Industry
Model Followed InternationallyModel Followed Internationally
Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism.
For example, in USA Legal drivers have been◦ SOX◦ HIPPA◦ GLBA◦ FISMA etc.
In Europe, the legal driver has been the “Data Protection Act” supported by ISO27001 ISMS.
22
Confidentiality
INFORMATION SECURITY
Integrity Availability
Authenticity
Security PolicyPeople
Process
Technology
Regulatory Compliance
Access ControlSecurity Audit
User Awareness Program
Incident Response
Firewall, IPS/IDSEncryption, PKI
Antivirus
Information Security Management
Cyber Security Strategy – India • Security Policy, Compliance and Assurance – Legal Framework
– IT Act, 2000– IT (Amendment) Bill, 2006 – Data Protection & Computer crimes– Best Practice ISO 27001– Security Assurance Framework- IT/ITES/BPO Companies
• Security Incident – Early Warning & Response– CERT-In National Cyber Alert System– Information Exchange with international CERTs
• Capacity building – Skill & Competence development – Training of law enforcement agencies and judicial officials in the collection and analysis of digital
evidence– Training in the area of implementing information security in collaboration with Specialised
Organisations in US
• Setting up Digital Forensics Centres– Domain Specific training – Cyber Forensics
• Research and Development– Network Monitoring– Biometric Authentication– Network Security
• International Collaboration
Status of security and quality Status of security and quality compliance in Indiacompliance in India
Quality and Security◦ Large number of companies in India have
aligned their internal process and practices to international standards such as ISO 9000 CMM Six Sigma Total Quality Management
◦ Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.
ISO 27001/BS7799 Information ISO 27001/BS7799 Information Security ManagementSecurity ManagementGovernment has mandated
implementation of ISO27001 ISMS by all critical sectors
ISMS 27001 has mainly three components◦ Technology ◦ Process◦ Incident reporting and monitoring
296 certificates issued in India out of 7735 certificates issued worldwide
Majority of certificates issued in India belong to IT/ITES/BPO sector
Information Technology – Security Information Technology – Security Techniques Techniques Information Security Management Information Security Management SystemSystem
World China Italy Japan Spain India USA
ISO 9000 951486 210773 115309 7317665112 46091 36192
(175 counties)
27001 7732 146 148 276 93 296 94
CERT-In Work ProcessCERT-In Work Process
Department of Information Technology
Department of Information Technology
Detection Analysis Dissemination & Support
Analysis
Recovery
Det
ect
Dissem
inatio
n
ISP Hot Liners
Press & TV / Radio
Home Users
Private Sectors
Major ISPs
Foreign Ptns
Distributed Honeypot Deployment
PC & End User Security: Auto Security Patch PC & End User Security: Auto Security Patch UpdateUpdate
Windows Security Patch Auto Update
`
`
`
No. of Download ActiveX: 18 Million
Internet
Microsoft Download Ctr.
ActiveX DL Server
Sec. Patch ActiveX Site
Incident Response Help Desk
PC & End User SecurityPC & End User Security
Internet
PSTN
• Make a call using 1800 – 11 - 4949• Send fax using 1800 – 11 - 6969• Communicate through email at [email protected]• Number of security incidents handled during 2008 (till Oct): 1425• Vulnerability Assessment Service
Int’l Co-op: Cyber Security DrillInt’l Co-op: Cyber Security DrillJoint International Incident Handling Coordination
Drill
• Participated APCERT International Incident Handling Drill 2006
• Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs
• Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack
• Participated APCERT International Incident Handling Drill 2007
• Participants: 13 APCERT Members + Korean ISPs
• Scenario: DDoS and Malicious Code Injection• To be Model: World Wide Cyber Security
Incidents Drill among security agencies