Transcript PPT - Cyber Seminar

Cyber Security : Indian
perspective
8 Feb 2009
Dr. Gulshan Rai
Director, CERT-IN
Govt. of India
[email protected]
Web Evolution
Web Sites (WWW)
1993
Web Invented and implemented
130 Nos. web sites
1994
2738 Nos.
1995
23500 Nos.
2007
550 Million Nos.
2008
850 Million Nos.
Internet Infrastructure in INDIA
3
Innovation fostering the Growth of NGNs
• Smart devices
–
–
–
–
Television
Computers
PDA
Mobile Phone
(Single device to provide an end-to-end, seamlessly secure access)
• Application Simplicity
– Preference of single, simple and secure interface to access
applications or content
– Ubiquitous interface - web browser
• Flexible Infrastructure
Because of these areas of evolution, today’s NGNs are defined
more by the services they support than by traditional demarcation
of Physical Infrastructure.
The Emergence of NGNs
• The communication network operating two years ago
are father’s telecommunication Network.
• NGNs are teenager’s Network.
• No longer consumer and business accept the
limitation of single-use device or network.
• Both individuals and Business want the ability to
communicate, work and be entertained over any
device, any time, anywhere.
• The demand of these services coupled with innovation
in technology is advancing traditional
telecommunication far outside its original purpose.
The Complexity of Today’s Network
Changes Brought in IT
• Large network as backbone for
connectivity across the country
• Multiple Service providers for
providing links – BSNL, MTNL,
Reliance, TATA, Rail Tel
• Multiple Technologies to support
network infrastructure CDMA, VSAT,
DSL
• Multiple Applications
Trends shaping the
future
• Ubiquitous computing, networking
and mobility
• Embedded Computing
• Security
• IPv6
• VoIP
Perimeter
Network
Intranet
Laptops
Extranet Servers
Servers
Unmanaged
Devices
New PC
Router
Router
Router
Internet
Network
`
`
`
Infrastructure
Desktops
Branch
Offices
Branch
Offices
Perimeter Network
Servers
`
Router
`
Router
Internet
Unmanaged
Devices
Router
Unmanaged
Device
`
Home Users
Remote Workers
6
`
Challenges for Network Operator
• Business challenges include new Pricing
Structure, new relationship and new competitors.
• Technical challenges include migrating and
integrating with new advances in technologies
from fibre optics, installation of Wi-Fi support.
• Developing a comprehensive Security Policy and
architecture in support of NGN services.
To Reap Benefits
• To reap benefits of NGN, the operator must
address
–
–
–
–
Technology
Risk
Security
Efficiency
NGN Architecture
Identify Layer
Compromises of end users owned by a telecom or a
third-party service provider accessing services using
devices like PC, PDA or mobile phone, to connect to
the Internet
Partly
Trusted
Third-Party
Application
Untrusted
Internet
Service Layer
Web Tier
Hosts service applications and provides a
framework for the creation of customer-focused
services provided by either operator or a third-party
service provider
Network Layer
Performs service execution, service management,
network management and media control functions
Service Provider
Application
Service Delivery Platform
Service
Delivery
Platform
(Service
Provider )
Common Framework
Connects with the backbone network
Backbone Network
Growing Concern
• Computing Technology has turned against us
• Exponential growth in security incidents
– Pentagon, US in 2007
– Estonia in April 2007
– Computer System of German Chancellory and three Ministries
– Highly classified computer network in New Zealand &
Australia
• Complex and target oriented software
• Common computing technologies and systems
• Constant probing and mapping of network systems
10
Cyber Threat Evolution
Malicious
Code
(Melissa)
Virus
Advanced Worm /
Trojan (I LOVE
YOU)
Breaking
Web Sites
1977
1995
Identity Theft
(Phishing)
2000
2003-04
Organised Crime
Data Theft, DoS /
DDoS
2005-06
2007-08
Cyber attacks being observed
•
•
•
•
•
•
•
Web defacement
Spam
Spoofing
Proxy Scan
Denial of Service
Distributed Denial of Service
Malicious Codes
– Virus
– Bots
• Data Theft and Data Manipulation
– Identity Theft
– Financial Frauds
• Social engineering Scams
Security Incidents reported during 2008
13
Trends of Incidents
• Sophisticated attacks
– Attackers are refining their methods and consolidating assets to
create global networks that support coordinated criminal
activity
• Rise of Cyber Spying and Targeted attacks
– Mapping of network, probing for weakness/vulnerabilities
• Malware propagation through Website intrusion
– Large scale SQL Injection attacks like Asprox Botnet
• Malware propagation through Spam on the rise
– Storm worm, which is one of the most notorious malware
programs seen during 2007-08, circulates through spam
Trends of Incidents
• Phishing
– Increase in cases of fast-flux phishing and rock-phish
– Domain name phishing and Registrar impersonation
• Crimeware
– Targeting personal information for financial frauds
• Information Stealing through social networking sites
• Rise in Attack toolkits
– Toolkits like Mpack and Neospolit can launch exploits for
browser and client-side vulnerabilities against users who
visit a malicious or compromised sites
Global Attack Trend
Source: Websense
Top originating countries – Malicious code
17
Three faces of cyber crime
• Organised Crime
• Terrorist Groups
• Nation States
18
Security of Information Assets
• Security of information & information assets is becoming a
major area of concern
• With every new application, newer vulnerabilities crop up,
posing immense challenges to those who are mandated to
protect the IT assets
• Coupled with this host of legal requirements and
international business compliance requirements on data
protection and privacy place a huge demand on
IT/ITES/BPO service organizations
• We need to generate ‘Trust & Confidence’
Challenges before the Industry
Model Followed Internationally
• Internationally, the general approach has been to
have legal drivers supported by suitable
verification mechanism.
• For example, in USA Legal drivers have been
–
–
–
–
SOX
HIPPA
GLBA
FISMA etc.
• In Europe, the legal driver has been the “Data
Protection Act” supported by ISO27001 ISMS.
Information Security Management
INFORMATION SECURITY
Confidentiality
Integrity
People
Process
Technology
Availability
Authenticity
Security Policy
Regulatory Compliance
User Awareness Program
Access Control
Security Audit
Incident Response
Encryption, PKI
Firewall, IPS/IDS
Antivirus
22
Cyber Security Strategy – India
•
Security Policy, Compliance and Assurance – Legal Framework
–
–
–
–
•
Security Incident – Early Warning & Response
– CERT-In National Cyber Alert System
–
•
–
Domain Specific training – Cyber Forensics
Research and Development
–
–
–
•
Skill & Competence development
Training of law enforcement agencies and judicial officials in the collection and analysis of digital
evidence
Training in the area of implementing information security in collaboration with Specialised
Organisations in US
Setting up Digital Forensics Centres
–
•
Information Exchange with international CERTs
Capacity building
–
–
•
IT Act, 2000
IT (Amendment) Bill, 2006 – Data Protection & Computer crimes
Best Practice ISO 27001
Security Assurance Framework- IT/ITES/BPO Companies
Network Monitoring
Biometric Authentication
Network Security
International Collaboration
Status of security and quality compliance
in India
• Quality and Security
– Large number of companies in India have aligned their
internal process and practices to international standards
such as
• ISO 9000
• CMM
• Six Sigma
• Total Quality Management
– Some Indian companies have won special recognition for
excellence in quality out of 18 Deming Prize winners for
Total Quality Management in the last five years, six are
Indian companies.
ISO 27001/BS7799 Information Security
Management
• Government has mandated implementation of
ISO27001 ISMS by all critical sectors
• ISMS 27001 has mainly three components
– Technology
– Process
– Incident reporting and monitoring
• 296 certificates issued in India out of 7735
certificates issued worldwide
• Majority of certificates issued in India belong to
IT/ITES/BPO sector
Information Technology – Security Techniques
Information Security Management System
World
China
Italy
Japan
Spain
India
USA
ISO 9000 951486
(175 counties)
210773
115309
73176
65112
46091
36192
27001
146
148
276
93
296
94
7732
CERT-In Work Process
Analysis
Detection
Dissemination & Support
Department of
Information
Technology
ISP Hot Liners
Major ISPs
Private Sectors
Foreign Ptns
Home Users
Analysis
Detect
Dissemination
Recovery
Press & TV /
Radio
Distributed Honeypot Deployment
PC & End User Security: Auto Security Patch Update
Windows Security Patch Auto Update
Microsoft Download Ctr.
`
Internet
`
`
No. of Download ActiveX: 18 Million
ActiveX DL Server
Sec. Patch ActiveX Site
PC & End User Security
Incident Response Help Desk
Internet
PSTN
•
•
•
•
•
Make a call using 1800 – 11 - 4949
Send fax using 1800 – 11 - 6969
Communicate through email at [email protected]
Number of security incidents handled during 2008 (till Oct): 1425
Vulnerability Assessment Service
Int’l Co-op: Cyber Security Drill
Joint International Incident Handling Coordination Drill
• Participated APCERT International Incident
Handling Drill 2006
• Participants: 13 APCERT Members and New
Zealand, Vietnam including 5 major Korean
ISPs
• Scenario: Countermeasure against Malicious
Code and relevant infringement as DDoS attack
• Participated APCERT International Incident
Handling Drill 2007
• Participants: 13 APCERT Members + Korean
ISPs
• Scenario: DDoS and Malicious Code Injection
• To be Model: World Wide Cyber Security
Incidents Drill among security agencies
Thank you
Incident Response Help Desk
Phone: 1800 11 4949
FAX:
1800 11 6969
e-mail: incident at cert-in.org.in
http://www.cert-in.org.in