Cyber Six: Managing Security in Internet

Cyber-6 Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw. Prof. Dr. Ir. Richardus Eko Indrajit MSc, MBA, MA/Msi, MPhil, ACPM, CWM, ICWM, CEH Website: http://eko-indrajit.info Email: [email_address] Chairman of ID-SIRTII and APTIKOM

Cyberspace. A reality community between PHYSICAL WORLD and ABSTRACTION WORLD 1.4 billion of real human population (internet users) Trillion US$ of potential commerce value Billion business transactions per hour in 24/7 mode Internet is a VALUABLE thing indeed. Risk is embedded within.

Information Roles Why information? It consists of important data and facts (news, reports, statistics, transaction, logs, etc.) It can create perception to the public (market, politics, image, marketing, etc.) It represents valuable assets (money, documents, password, secret code, etc.) It is a raw material of knowledge (strategy, plan, intelligence, etc.) 05/25/11 The Brief Profile of ID-SIRTII

What is Internet ? A giant network of networks where people exchange information through various different digital-based ways: 05/25/11 The Brief Profile of ID-SIRTII “… what is the value of internet ???” Email Mailing List Website Chatting Newsgroup Blogging E-commerce E-marketing E-government

Cyberthreat. The trend has increased in an exponential rate mode Motives are vary from recreational to criminal purposes Can caused significant economic losses and political suffers Difficult to mitigate web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking spamming malicious software spoofing blended attack Threats are there to stay. Can’t do so much about it.

International Issues What Does FBI Say About Companies: 91% have detected employee abuse 70% indicate the Internet as a frequent attack point 64% have suffered financial losses 40% have detected attacks from outside 36% have reported security incidents Source: FBI Computer Crime and Security Survey 2001 05/25/11 The Brief Profile of ID-SIRTII

Underground Economy 05/25/11 The Brief Profile of ID-SIRTII

Growing Vulnerabilities 05/25/11 The Brief Profile of ID-SIRTII * Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003 ** As of 2004, CERT/CC no longer tracks Security Incident statistics. “ Through 2008, 90 percent of successful hacker attacks will exploit well-known software vulnerabilities.” - Gartner*

Potential Threats Unstructured Threats Insiders Recreational Hackers Institutional Hackers Structured Threats Organized Crime Industrial Espionage Hacktivists National Security Threats Terrorists Intelligence Agencies Information Warriors 05/25/11 The Brief Profile of ID-SIRTII

Cyberattack. Too many attacks have been performed within the cyberspace. Most are triggered by the cases in the real world. The eternal wars and battles have been in towns lately. Estonia notorious case has opened the eyes of all people in the world. Attack can occur anytime and anyplace without notice.

Attacks Sophistication 05/25/11 The Brief Profile of ID-SIRTII High Low 1980 1985 1990 1995 2005 Intruder Knowledge Attack Sophistication Cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools “ stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staged Auto Coordinated

Vulnerabilities Exploit Cycle 05/25/11 The Brief Profile of ID-SIRTII Advanced Intruders Discover New Vulnerability Crude Exploit Tools Distributed Novice Intruders Use Crude Exploit Tools Automated Scanning/Exploit Tools Developed Widespread Use of Automated Scanning/Exploit Tools Intruders Begin Using New Types of Exploits Highest Exposure Time # Of Incidents

Cybersecurity. Lead by ITU for international domain, while some standards are introduced by different institution (ISO, ITGI, ISACA, etc.) “ Your security is my security” – individual behavior counts while various collaborations are needed Education, value, and ethics are the best defense approaches.

Risk Management Aspect 05/25/11 The Brief Profile of ID-SIRTII Risk Vulnerabilities Threats Controls Security Requirements Asset Values Assets Protect against Exploit Reduce Increase Indicate Increase Expose Have Decrease Met by Impact on Organisation

Strategies for Protection 05/25/11 The Brief Profile of ID-SIRTII Protecting Information Protecting Infrastructure Protecting Interactions

Mandatory Requirements “ Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. These systems are so vital, that their incapacity or destruction would have a debilitating impact on the defense or economic security of the nation.” Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and Wastewater Treatment Systems, Emergency Services, Energy, Information Technology, Postal & Shipping, Public Health & Healthcare, Telecommunications, Transportation Systems 05/25/11 The Brief Profile of ID-SIRTII

Information Security Disciplines Physical security Procedural security Personnel security Compromising emanations security Operating system security Communications security  a failure in any of these areas can undermine the security of a system 05/25/11 The Brief Profile of ID-SIRTII

Best Practice Standard 05/25/11 The Brief Profile of ID-SIRTII BS7799/ISO17799 Access Controls Asset Classification Controls Information Security Policy Security Organisation Personnel Security Physical Security Communication & Operations Mgmt System Development & Maint. Bus. Continuity Planning Compliance Information Integrity Confidentiality Availability 1 2 3 4 5 6 7 8 9 10

Cybercrime. Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION Virtually involving inter national boundaries and multi resources Intentionally targeting to fulfill special objective(s) Convergence in nature with intelligence efforts. Crime has intentional objectives. Stay away from the bull’s eye.

The Crime Scenes 05/25/11 The Brief Profile of ID-SIRTII IT as a Tool IT as a Storage Device IT as a Target

Type of Attacks 05/25/11 The Brief Profile of ID-SIRTII

Malicious Activities 05/25/11 The Brief Profile of ID-SIRTII

Motives of Activities Thrill Seekers Organized Crime Terrorist Groups Nation-States 05/25/11 The Brief Profile of ID-SIRTII

Cyber Law Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.

Cyberlaw. Difficult to keep updated as technology trend moves Different stories between the rules and enforcement efforts Require various infrastructure, superstructure, and resources Can be easily “out-tracked” by law practitioners Cyberlaw is here to protect you. At least playing role in mitigation.

First Cyber Law in Indonesia. Range of penalty: Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) 6 to 12 years in prison (jail) starting from 25 March 2008 Picture: Indonesia Parliament in Session

Main Challenge. ILLEGAL “… the distribution of illegal materials within the internet …” ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”

ID-SIRTII Indonesia Security Incident Response Team on Internet Infrastructure

ID-SIRTII Mission and Objectives. “ To expedite the economic growth of the country through providing the society with secure internet environment within the nation ” 1. Monitoring internet traffic for incident handling purposes. 2. Managing log files to support law enforcement. 3. Educating public for security awareness. 4. Assisting institutions in managing security. 5. Providing training to constituency and stakeholders. 6. Running laboratory for simulation practices. 7. Establishing external and international collaborations.

Constituents and Stakeholders. Government of Indonesia ID-SIRTII ISPs NAPs IXs Law Enforcement National Security Communities International CSIRTs/CERTs Corporate Users Individual Users Lawyers and Legal Practitioners Polices Prosecutors Judges FIRST and APCERT Country’s CSIRTs/CERTs ICT Related Associationsa and Vendors Other CSIRTs and CERTs sponsor

Coordination Structure. ID-SIRTII (CC) as National CSIRT Sector CERT Internal CERT Vendor CERT Commercial CERT Bank CERT Airport CERT University CERT GOV CERT Military CERT SOE CERT SME CERT Telkom CERT BI CERT Police CERT KPK CERT Lippo CERT KPU CERT Pertamina CERT Hospital CERT UGM CERT Cisco CERT Microsoft CERT Oracle CERT SUN CERT IBM CERT SAP CERT Yahoo CERT Google CERT A CERT B CERT C CERT D CERT E CERT F CERT G CERT H CERT Other CERTs Other CERTs Other CERTs Other CERTs

Major Tasks. INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS Reactive Services Proactive Services Security Quality Management Services 1. Monitoring traffic Alerts and Warnings Announcements Technology Watch Intrusion Detection Services x 2. Managing log files Artifact Handling x x 3. Educating public x x Awareness Building 4. Assisting institutions Security-Related Information Dissemnination Vulnerability Handling Intrusion Detection Services Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications, and Infrastructure Security Consulting 5. Provide training x X Education Training 6. Running laboratory x x Risk Analysis BCP and DRP 7. Establish collaborations Incident Handling x Product Evaluation

Incidents Definition and Samples. web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking spamming malicious software spoofing blended attack “ one or more intrusion events that you suspect are involved in a possible violation of your security policies ” “ an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel” “ any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat ” “ an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the environment. ”

Priorities on Handling Incidents. TYPE OF INCIDENT AND ITS PRIORITY Public Safety and National Defense (Very Priority) Economic Welfare (High Priority) Political Matters (Medium Priority) Social and Culture Threats (Low Priority) 1. Interception Many to One One to Many Many to Many Automated Tool (KM-Based Website) 2. Interruption Many to One One to Many Many to Many Automated Tool (KM-Based Website) 3. Modification Many to One One to Many Many to Many Automated Tool (KM-Based Website) 4. Fabrication Many to One One to Many Many to Many Automated Tool (KM-Based Website)

Core Chain of Processes. Response and Handle Incidents Report on Incident Handling Management Process and Research Vital Statistics Supporting Activities Core Process Establish External and International Collaborations Run Laboratory for Simulation Practices Provide Training to Constituency and Stakeholders Assist Institutions in Managing Security Educate Public for Security Awareness

Legal Framework. Undang-Undang No.36/1999 regarding National Telecommunication Industry Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure New Cyberlaw on Information and Electronic Transaction

Holistic Framework. SECURE INTERNET INFRASTRUCTURE ENVIRONMENT People Process Technology Log File Management System Traffic Monitoring System Incident Indication Analysis Incident Response. Management Advisory Board Executive Board M ONITOR - A NALYSIS - Y ELL - D ETECT - A LERT - Y IELD STAKEHOLDERS COLLABORATION AND SUPPORT NATIONAL REGULATION AND GOVERNANCE STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT

Challenges to ID-SIRTII Activities. Prevention “ Securing” internet-based transactions Reducing the possibilities of successful attacks Working together with ISP to inhibit the distribution of illegal materials Reaction Preserving digital evidence for law enforcement purposes Providing technical advisory for further mitigation process Quality Management Increasing public awareness level Ensuring security level in critical infrastructure institutions

Work Philosophy. Why does a car have BRAKES ??? The car have BRAKES so that it can go FAST … !!! Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?

Welcome to the New World. Congratulation! Richardus Eko Indrajit indrajit@post.harvard.edu Chairman of ID-SIRTII and APTIKOM

Cyber Six: Managing Security in Internet

More Related Content

What's hot (17)

Similar to Cyber Six: Managing Security in Internet (20)

More from Richardus Indrajit (9)

Recently uploaded (20)

Cyber Six: Managing Security in Internet