Internet Society, profile picture
Uploaded byInternet Society
PPTX, PDF873 views

“Security” In a Digital Interconnected World

This document discusses internet security and resilience. It argues that security is about managing acceptable risks rather than stopping all threats. An open, collaborative approach based on technical standards and cooperation across borders is needed. Voluntary initiatives like MANRS that define best practices for routing security and encourage networks to implement them can help address complex issues in a way that preserves internet values. Pervasive monitoring shifts rather than eliminates surveillance and technical solutions must balance security with privacy and innovation.

Internet
Related topics:
Internet Security

Embed presentation

Downloaded 19 times
www.internetsociety.org “SECURITY” IN A DIGITAL INTERCONNECTED WORLD Central Asian Internet Symposium, Bishkek 10 December 2014
The Internet Society 9 August 201422 Image from Wikimedia Commons: The Opte Project
The Internet Society The Internet invariants 9 October 20143  Global connectivity and integrity – Global reach and consistent view from any point  Permission-free innovation – Yet undiscovered functionality  Accessibility – Anyone can contribute and become part of it  Spirit of cooperation – Foundation for evolution and resiliency
The Internet Society The complexity of the security landscape 9 October 20144  Open platform – open for attack and intrusion  Permission-free innovation – development and deployment of malware  Global reach – attacks and cybercrime are cross-border  Voluntary collaboration – hard to mandate
The Internet Society 5 Users Expectations: trust User trust in networks, devices, and transactions essential in driving social and commercial interaction Security, Stability, Confidentiality, Integrity, Resiliency and Scalability are tools to achieve trust
The Internet Society Why do we care about “security”?  We want to be “secure” and feel “secure” … BUT … Policy measures that are premised on stopping bad things, rather than protecting what is valued, provide no guide as to how far those measures should go. AND … If we are not careful, the spectre of cyber threats can be used as a vehicle for control of networks and how they are used, plus pervasive monitoring 9 October 20146
The Internet Society Throw out preconceptions 9 October 20147
The Internet Society Understanding security  Security is not an end in itself  There is no such thing as absolute security: there will always be threats  We need to think about “secure” in terms of residual risks that are considered acceptable in a specific context.  Resilience is key  There are “inward” and “outward” risks  Risks may require more than one actor to manage  Collective and shared risk management 9 October 20148
The Internet Society Resilience 9 October 20149
The Internet Society Inward and outward risks 9 October 201410
The Internet Society 9 October 2014
The Internet Society Ingredients for cybersecurity solutions 9 October 201412  International cooperation – Most of the issues are cross-border  Preservation of Internet values – A fine balance  Technical foundation – Solutions based on open standards  Collaborative responsibility – Industry self-regulation
The Internet Society Things you can do as an operator  Detect, close or protect open resolvers and other potential amplifiers  Deploy best practices aimed at improving routing hygiene  Deploy anti-spoofing measures, preventing traffic with spoofed source IP addresses  Deploy DNSSEC (validation) to secure name resolution for your customers  Detect and mitigate infected and compromised devices on your network  Cooperate with other networks in detection,tracing back and mitigation of attacks 9 October 201413
The Internet Society What you can do as a government  Foster a collective and shared risk management approach to security that:  draws from voluntary collaboration  preserves the fundamental characteristics of the Internet (“the Internet invariants”)  furthers objectives that will benefit citizens (e.g. economic and social prosperity, participation in a global community)  preserves fundamental rights  Focus on “cyber-resilience”  Build trust not distrust  Use the experience of your diverse stakeholders to develop policy (“the multistakeholder approach”)  Creatively use the range of tools in the policy toolbox 9 October 201414
The Internet Society 15 Example: Pervasive Monitoring
The Internet Society Pervasive Monitoring 9 October 201416
Statistics, Web Traffic • HTTPS increased 4% to 17% from 2008 to 2014, for all web traffic (Source: IIJ)
Pain Points and Hot Debates • There is no single reason behind the increasing use of encryption, but the change has a real impact on the world • Operator business models, technical solutions for various things, censorship will be harder (both good and bad kind), … • All this will cause friction • Motives of players are not fully aligned
Reality Check • “Everything is in the clear” approach is clearly unworkable • Encryption will reduce the number of parties that see traffic • But not eliminate them — content provider, browser vendor, CAs, proxy provider, corporate IT department, … • World still moves ahead on a voluntary basis on what technology is chosen and on what technology a particular party can adopt • Surveillance shifts, not eliminated • Useful technical things done in different ways, not eliminated • Some potential bad outcomes to avoid —- MITMs, regulation limiting security, fragmentation, device control, …
The Internet Society 20 Example: Routing Stability, and Resilience
The Internet Society Spotlight on a voluntary bottom-up initiative  The MANRS (Mutually Agreed Norms for Routing Security) - https://www.routingmanifesto.org/manrs  Defines a minimum package (“a set of commitments”)  Raises awareness and encourages action through the growing numbers of supporters  Demonstrates that industry is able to address complex issues, even where they may not directly benefit  Clear and tangible message: “WE DO AT LEAST THIS AND EXPECT YOU TO DO THE SAME” 9 October 201421
The Internet Society The MANRS … in more detail  Principles of addressing issues of routing resilience – Interdependence and reciprocity (including collaboration) – Commitment to Best Practices – Encouragement of customers and peers  “The package” indicating the most important actions – BGP Filtering – Anti-spoofing – Coordination and collaboration  High-level document specifying “what” – “How” is in external documents (e.g. BCPs) 9 October 201422
The Internet Society Principles 1) The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet 2) The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions 3) The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and other ISPs in line with the Actions 4) The organization encourages its customers and peers to adopt these Principles and Actions 9 October 201423
The Internet Society Good MANRS  Prevent propagation of incorrect routing information  Prevent traffic with spoofed source IP address  Facilitate global operational communication and coordination between the network operators  Facilitate validation of routing information on a global scale. 9 October 201424
The Internet Society Participating in MANRS 1. The company supports the Principles and implements at least one of the Expected Actions for the majority of its infrastructure. Implemented Actions are marked with a check-box. 2. The company becomes a Participant of MANRS, helping to maintain and improve the document, for example, by suggesting new Actions and maintaining an up-to-date list of references to BCOPs and other documents with more detailed implementation guidance. 3. This category is for network operators, or other entities acting in this role (e.g. a network equipment vendor, running its own network infrastructure) 12/18/201425
The Internet Society Status update 9 October 201426 Launched 6 November 2014 with 9 participants One month later: 14 participants. Seeking committed network operators. Contact us: routingmanifesto@isoc.org or https://www.routingmanifesto.org/c ontact/
www.internetsociety.org Contact: Olaf M. Kolkman <kolkman@isoc.org> 10 December 2014
The Internet Society Acknowledgement • Network topology map from ‘The Opte Project’ • Jari Arkko for the slides on the use on encryption • Logos and Trademarks from the respective companies 28

More Related Content

PDF
Instituting_Wi-Fi_Policies
byWill Kelly
 
PDF
Global Anti-Abuse Working Groups: Trends and Current Work
byAPNIC
 
PPTX
Beadles, Bilby, Digby, Leahy, Lloyd, and Pawlowski "Identity Management and A...
byNational Information Standards Organization (NISO)
 
PPTX
Development of Jisc security programme - Networkshop44
byJisc
 
ODP
Introduction to Internet Governance and Cyber-security
byGlenn McKnight
 
PDF
Two years of good MANRS
byAPNIC
 
PPT
CyberSecurity-Forum-2010-Mario Hoffmann
bysegughana
 
PDF
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
byInfosecurity2010
 
Instituting_Wi-Fi_Policies
byWill Kelly
 
Global Anti-Abuse Working Groups: Trends and Current Work
byAPNIC
 
Beadles, Bilby, Digby, Leahy, Lloyd, and Pawlowski "Identity Management and A...
byNational Information Standards Organization (NISO)
 
Development of Jisc security programme - Networkshop44
byJisc
 
Introduction to Internet Governance and Cyber-security
byGlenn McKnight
 
Two years of good MANRS
byAPNIC
 
CyberSecurity-Forum-2010-Mario Hoffmann
bysegughana
 
Nick Barcet, Open Source tijdens Infosecurity.nl Storage Expo en Tooling Even...
byInfosecurity2010
 

What's hot

PPTX
Bo e v1.0
byProf John Walker FRSA Purveyor Dark Intelligence
 
PPTX
NISO Roundtable Discussion, Cybersecurity, February 12 2020
byNational Information Standards Organization (NISO)
 
PDF
Michael Yakushev - ICANN accountability and IANA transition - ArmIGF2015
byArm Igf
 
PPTX
Dealing with pervasive monitoring - Networkshop44
byJisc
 
PDF
Iot tunisia forum 2017 security, confidentiality and privacy in iot
byIoT Tunisia
 
PPTX
CTO-CybersecurityForum-2010-Richard Simpson
bysegughana
 
PDF
Good Practices and Recommendations on the Security and Resilience of Big Data...
byEftychia Chalvatzi
 
PDF
Oxford cluster overview 160414
byStewart Benger
 
PDF
CTO Fellowship Report Presentation - Lusungu Mkandawire
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PDF
BCS ITNow 201403 - Data Loss Prevention
byGareth Niblett
 
PDF
Secure Use of Cloud Computing in the Finance Sector
byEftychia Chalvatzi
 
PPTX
Tech 2 Tech: increasing security posture and threat intelligence sharing
byJisc
 
PPT
CTO-CyberSecurityForum-2010-Charles Ward
bysegughana
 
PPTX
CTO Fellowship Report Presentation - Lusungu Mkandawire
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PPTX
Dwyer "Privacy by Design: Can It Work?"
byCathy Dwyer
 
PPTX
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
byDeploy360 Programme (Internet Society)
 
PDF
National Strategies against Cyber Attacks - Philip Victor
byKnowledge Group
 
PPT
CTO-CyberSecurityForum-2010-Anders Johanson
bysegughana
 
PPTX
Akolade data presentation by Paul O'Connor
byPaul O'Connor
 
PPTX
ION Cape Town - Collective Responsibility for Routing Security and MANRS
byDeploy360 Programme (Internet Society)
 
Bo e v1.0
byProf John Walker FRSA Purveyor Dark Intelligence
 
NISO Roundtable Discussion, Cybersecurity, February 12 2020
byNational Information Standards Organization (NISO)
 
Michael Yakushev - ICANN accountability and IANA transition - ArmIGF2015
byArm Igf
 
Dealing with pervasive monitoring - Networkshop44
byJisc
 
Iot tunisia forum 2017 security, confidentiality and privacy in iot
byIoT Tunisia
 
CTO-CybersecurityForum-2010-Richard Simpson
bysegughana
 
Good Practices and Recommendations on the Security and Resilience of Big Data...
byEftychia Chalvatzi
 
Oxford cluster overview 160414
byStewart Benger
 
CTO Fellowship Report Presentation - Lusungu Mkandawire
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
BCS ITNow 201403 - Data Loss Prevention
byGareth Niblett
 
Secure Use of Cloud Computing in the Finance Sector
byEftychia Chalvatzi
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
byJisc
 
CTO-CyberSecurityForum-2010-Charles Ward
bysegughana
 
CTO Fellowship Report Presentation - Lusungu Mkandawire
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Dwyer "Privacy by Design: Can It Work?"
byCathy Dwyer
 
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
byDeploy360 Programme (Internet Society)
 
National Strategies against Cyber Attacks - Philip Victor
byKnowledge Group
 
CTO-CyberSecurityForum-2010-Anders Johanson
bysegughana
 
Akolade data presentation by Paul O'Connor
byPaul O'Connor
 
ION Cape Town - Collective Responsibility for Routing Security and MANRS
byDeploy360 Programme (Internet Society)
 

Viewers also liked

PDF
Balancing Security and Customer Experience
byTransUnion
 
PDF
Leveraging security to develop new digital banking models
byLuis Saiz Gimeno
 
PDF
Mobile Banking Security Risks and Consequences iovation2015
byTransUnion
 
PPTX
E banking & security
bySumeer Sharma
 
PPTX
Agility, Business Continuity & Security in a Digital World: Can we have it all?
byOcean9, Inc.
 
PPTX
E banking &amp; security concern
bySyed Akhtar-Uz-Zaman
 
PPTX
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
byKnowledge Group
 
ODP
Security In Internet Banking
byChiheb Chebbi
 
PPT
ATM Frauds and Solutions
byClarice_Wilson
 
PPTX
E banking security
byIman Rahmanian
 
PPT
Atm security
byLikan Patra
 
PPTX
Banking Industry and Information Technology
byChandan Pahelwani
 
PPTX
Ppt on atm machine
byPrabhat Singh
 
PPT
Tech developments in banking sector
bysuhasmcomplex
 
PDF
ATM Awareness Guide
byDaniel Cheah
 
PDF
How ATM card skimming and PIN capturing scams work.
byworldstuff
 
PPTX
Presentation on security feature of atm (2)
bySiya Agarwal
 
Balancing Security and Customer Experience
byTransUnion
 
Leveraging security to develop new digital banking models
byLuis Saiz Gimeno
 
Mobile Banking Security Risks and Consequences iovation2015
byTransUnion
 
E banking & security
bySumeer Sharma
 
Agility, Business Continuity & Security in a Digital World: Can we have it all?
byOcean9, Inc.
 
E banking &amp; security concern
bySyed Akhtar-Uz-Zaman
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
byKnowledge Group
 
Security In Internet Banking
byChiheb Chebbi
 
ATM Frauds and Solutions
byClarice_Wilson
 
E banking security
byIman Rahmanian
 
Atm security
byLikan Patra
 
Banking Industry and Information Technology
byChandan Pahelwani
 
Ppt on atm machine
byPrabhat Singh
 
Tech developments in banking sector
bysuhasmcomplex
 
ATM Awareness Guide
byDaniel Cheah
 
How ATM card skimming and PIN capturing scams work.
byworldstuff
 
Presentation on security feature of atm (2)
bySiya Agarwal
 

Similar to “Security” In a Digital Interconnected World

PPTX
Mind Your MANRS: Improving the Security and Resilience of the Global Routing ...
byInternet Society
 
PDF
ARM 7 - ISOC: MANRS, Security and resilience of global routing system
byAPNIC
 
PDF
Collective responsibility for security and resilience of the global routing s...
byAPNIC
 
PDF
How can we work together to improve security and resilience of the global rou...
byAPNIC
 
PDF
Olaf Kolkman - FIRST Keynote on Collaborative Security
byInternet Technology Matters (Internet Society)
 
PDF
AusNOG - Two Years of Good MANRS
byDeploy360 Programme (Internet Society)
 
PPT
Isoc bishkek 2015 11-25
byISOC-KG
 
PDF
Engage with The Internet Society
byAPNIC
 
PPTX
ION Costa Rica - Two Years of Good MANRS: Improving Global Routing Security &...
byDeploy360 Programme (Internet Society)
 
PDF
ISOC Update
byAPNIC
 
PDF
What if public administration demanded educated MANRS from ISPs?
byAntonio Prado
 
PPTX
ION Durban - MANRS Introduction
byDeploy360 Programme (Internet Society)
 
PDF
Improving routing security through concerted action
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPT
ISOC Efforts in Collaborative Responsibility Toward Internet Security and Res...
byInternet Technology Matters (Internet Society)
 
PDF
Internet Security, A Solid Foundation for Sustainable Internet Development
byAPNIC
 
PPTX
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
byPROIDEA
 
PPTX
ION Malta - MANRS Introduction
byDeploy360 Programme (Internet Society)
 
PDF
Routing is at Risk - Let’s secure it together
byAPNIC
 
PDF
MANRS for Network Operators - bdNOG12
byBangladesh Network Operators Group
 
PDF
Internet Security - A Solid Foundation for Sustainable Internet Development.
byAPNIC
 
Mind Your MANRS: Improving the Security and Resilience of the Global Routing ...
byInternet Society
 
ARM 7 - ISOC: MANRS, Security and resilience of global routing system
byAPNIC
 
Collective responsibility for security and resilience of the global routing s...
byAPNIC
 
How can we work together to improve security and resilience of the global rou...
byAPNIC
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
byInternet Technology Matters (Internet Society)
 
AusNOG - Two Years of Good MANRS
byDeploy360 Programme (Internet Society)
 
Isoc bishkek 2015 11-25
byISOC-KG
 
Engage with The Internet Society
byAPNIC
 
ION Costa Rica - Two Years of Good MANRS: Improving Global Routing Security &...
byDeploy360 Programme (Internet Society)
 
ISOC Update
byAPNIC
 
What if public administration demanded educated MANRS from ISPs?
byAntonio Prado
 
ION Durban - MANRS Introduction
byDeploy360 Programme (Internet Society)
 
Improving routing security through concerted action
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
ISOC Efforts in Collaborative Responsibility Toward Internet Security and Res...
byInternet Technology Matters (Internet Society)
 
Internet Security, A Solid Foundation for Sustainable Internet Development
byAPNIC
 
PLNOG 21: Andrei Robachevsky - Routing Is At Risk. Let's Secure It Together
byPROIDEA
 
ION Malta - MANRS Introduction
byDeploy360 Programme (Internet Society)
 
Routing is at Risk - Let’s secure it together
byAPNIC
 
MANRS for Network Operators - bdNOG12
byBangladesh Network Operators Group
 
Internet Security - A Solid Foundation for Sustainable Internet Development.
byAPNIC
 

More from Internet Society

PPTX
IXP growth challenges in West Africa: The Ghana Experience
byInternet Society
 
PPTX
IXP growth challenges in Central Africa
byInternet Society
 
PPTX
Benin IX: 3 Years After!
byInternet Society
 
PPT
IXP growth challenges in Côte D’Ivoire
byInternet Society
 
PPTX
IXP Masterclass
byInternet Society
 
PPTX
PeeringDB Updates
byInternet Society
 
PPTX
Peering Personals #2
byInternet Society
 
PPTX
Keynote Presentation : “80/20 by 2020”
byInternet Society
 
PPT
International Bandwidth and Pricing Trends in Sub-Sahara Africa
byInternet Society
 
PPTX
In Search of Low Cost Bandwidth
byInternet Society
 
PPTX
IPv6 @ Cloudflare
byInternet Society
 
PPTX
Interconnection Evolution
byInternet Society
 
PPTX
Peering Personals #1
byInternet Society
 
PPTX
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
byInternet Society
 
PPTX
Looking for Latency Clusters in Africa's internet
byInternet Society
 
PPT
Fantsuam: Ideas for the sustainability of Community Networks
byInternet Society
 
PDF
Mawingu: Ideas for the sustainability of Community Networks
byInternet Society
 
PPTX
Zenzeleni Networks Update Report
byInternet Society
 
PPTX
Canadian Victory Garden: Overview of an Off Grid Solution
byInternet Society
 
PPTX
TVWS use case in Kenya
byInternet Society
 
IXP growth challenges in West Africa: The Ghana Experience
byInternet Society
 
IXP growth challenges in Central Africa
byInternet Society
 
Benin IX: 3 Years After!
byInternet Society
 
IXP growth challenges in Côte D’Ivoire
byInternet Society
 
IXP Masterclass
byInternet Society
 
PeeringDB Updates
byInternet Society
 
Peering Personals #2
byInternet Society
 
Keynote Presentation : “80/20 by 2020”
byInternet Society
 
International Bandwidth and Pricing Trends in Sub-Sahara Africa
byInternet Society
 
In Search of Low Cost Bandwidth
byInternet Society
 
IPv6 @ Cloudflare
byInternet Society
 
Interconnection Evolution
byInternet Society
 
Peering Personals #1
byInternet Society
 
“BIG” IXP Jedi and TraceMON: RIPE Atlas tools in Africa
byInternet Society
 
Looking for Latency Clusters in Africa's internet
byInternet Society
 
Fantsuam: Ideas for the sustainability of Community Networks
byInternet Society
 
Mawingu: Ideas for the sustainability of Community Networks
byInternet Society
 
Zenzeleni Networks Update Report
byInternet Society
 
Canadian Victory Garden: Overview of an Off Grid Solution
byInternet Society
 
TVWS use case in Kenya
byInternet Society
 

Recently uploaded

PPTX
tacacstrianingforwirelessnetworkengineers
byRaviTejaTammineni
 
PPTX
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
PDF
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
PPTX
Number_Guessing_Game_Dsbsbssbzboc[1].pptx
byfbinsta3426
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PDF
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
PDF
Novi.LMS.Veseli.Cetvrtak.001 (1).pdfjjjj
byzoran radovic
 
PPTX
Why-Enterprises-Should-Build-Their-Own-Core-Network-and-Own-Their-ASN-and-Pub...
bybunhongkruy
 
PPTX
Anti-DDoS Service Introduction(Customer Version) - 2025(1).pptx
bybunhongkruy
 
PPTX
Lesson 3 - Methodology of Green Computing - part2 - dela cruz.pptx
byOmar Fernandez
 
PPTX
Dalhousie University Diploma
by文凭办理维多利亚大学购买毕业证学位认证知乎【Q微:1954292140】
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PDF
LMS.Golconda.Vanredni.Broj.001.pdfjjjjjjj
byzoran radovic
 
DOCX
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
PPTX
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
PPTX
Overview-of-Anti-DDoS-Solutions-On-Premise-vs-On-Cloud.pptx
bybunhongkruy
 
PDF
Greetings All Students Update 3 by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
tacacstrianingforwirelessnetworkengineers
byRaviTejaTammineni
 
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
Number_Guessing_Game_Dsbsbssbzboc[1].pptx
byfbinsta3426
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
Novi.LMS.Veseli.Cetvrtak.001 (1).pdfjjjj
byzoran radovic
 
Why-Enterprises-Should-Build-Their-Own-Core-Network-and-Own-Their-ASN-and-Pub...
bybunhongkruy
 
Anti-DDoS Service Introduction(Customer Version) - 2025(1).pptx
bybunhongkruy
 
Lesson 3 - Methodology of Green Computing - part2 - dela cruz.pptx
byOmar Fernandez
 
Dalhousie University Diploma
by文凭办理维多利亚大学购买毕业证学位认证知乎【Q微:1954292140】
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
LMS.Golconda.Vanredni.Broj.001.pdfjjjjjjj
byzoran radovic
 
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
Overview-of-Anti-DDoS-Solutions-On-Premise-vs-On-Cloud.pptx
bybunhongkruy
 
Greetings All Students Update 3 by LDMMIA
by©LDMMIA, ©Reiki Yoga
 

“Security” In a Digital Interconnected World

  • 1.
    www.internetsociety.org “SECURITY” IN ADIGITAL INTERCONNECTED WORLD Central Asian Internet Symposium, Bishkek 10 December 2014
  • 2.
    The Internet Society9 August 201422 Image from Wikimedia Commons: The Opte Project
  • 3.
    The Internet Society TheInternet invariants 9 October 20143  Global connectivity and integrity – Global reach and consistent view from any point  Permission-free innovation – Yet undiscovered functionality  Accessibility – Anyone can contribute and become part of it  Spirit of cooperation – Foundation for evolution and resiliency
  • 4.
    The Internet Society Thecomplexity of the security landscape 9 October 20144  Open platform – open for attack and intrusion  Permission-free innovation – development and deployment of malware  Global reach – attacks and cybercrime are cross-border  Voluntary collaboration – hard to mandate
  • 5.
    The Internet Society 5 UsersExpectations: trust User trust in networks, devices, and transactions essential in driving social and commercial interaction Security, Stability, Confidentiality, Integrity, Resiliency and Scalability are tools to achieve trust
  • 6.
    The Internet Society Whydo we care about “security”?  We want to be “secure” and feel “secure” … BUT … Policy measures that are premised on stopping bad things, rather than protecting what is valued, provide no guide as to how far those measures should go. AND … If we are not careful, the spectre of cyber threats can be used as a vehicle for control of networks and how they are used, plus pervasive monitoring 9 October 20146
  • 7.
    The Internet Society Throwout preconceptions 9 October 20147
  • 8.
    The Internet Society Understandingsecurity  Security is not an end in itself  There is no such thing as absolute security: there will always be threats  We need to think about “secure” in terms of residual risks that are considered acceptable in a specific context.  Resilience is key  There are “inward” and “outward” risks  Risks may require more than one actor to manage  Collective and shared risk management 9 October 20148
  • 9.
  • 10.
    The Internet Society Inwardand outward risks 9 October 201410
  • 11.
    The Internet Society9 October 2014
  • 12.
    The Internet Society Ingredientsfor cybersecurity solutions 9 October 201412  International cooperation – Most of the issues are cross-border  Preservation of Internet values – A fine balance  Technical foundation – Solutions based on open standards  Collaborative responsibility – Industry self-regulation
  • 13.
    The Internet Society Thingsyou can do as an operator  Detect, close or protect open resolvers and other potential amplifiers  Deploy best practices aimed at improving routing hygiene  Deploy anti-spoofing measures, preventing traffic with spoofed source IP addresses  Deploy DNSSEC (validation) to secure name resolution for your customers  Detect and mitigate infected and compromised devices on your network  Cooperate with other networks in detection,tracing back and mitigation of attacks 9 October 201413
  • 14.
    The Internet Society Whatyou can do as a government  Foster a collective and shared risk management approach to security that:  draws from voluntary collaboration  preserves the fundamental characteristics of the Internet (“the Internet invariants”)  furthers objectives that will benefit citizens (e.g. economic and social prosperity, participation in a global community)  preserves fundamental rights  Focus on “cyber-resilience”  Build trust not distrust  Use the experience of your diverse stakeholders to develop policy (“the multistakeholder approach”)  Creatively use the range of tools in the policy toolbox 9 October 201414
  • 15.
  • 16.
    The Internet Society PervasiveMonitoring 9 October 201416
  • 17.
    Statistics, Web Traffic •HTTPS increased 4% to 17% from 2008 to 2014, for all web traffic (Source: IIJ)
  • 18.
    Pain Points andHot Debates • There is no single reason behind the increasing use of encryption, but the change has a real impact on the world • Operator business models, technical solutions for various things, censorship will be harder (both good and bad kind), … • All this will cause friction • Motives of players are not fully aligned
  • 19.
    Reality Check • “Everythingis in the clear” approach is clearly unworkable • Encryption will reduce the number of parties that see traffic • But not eliminate them — content provider, browser vendor, CAs, proxy provider, corporate IT department, … • World still moves ahead on a voluntary basis on what technology is chosen and on what technology a particular party can adopt • Surveillance shifts, not eliminated • Useful technical things done in different ways, not eliminated • Some potential bad outcomes to avoid —- MITMs, regulation limiting security, fragmentation, device control, …
  • 20.
    The Internet Society 20 Example:Routing Stability, and Resilience
  • 21.
    The Internet Society Spotlighton a voluntary bottom-up initiative  The MANRS (Mutually Agreed Norms for Routing Security) - https://www.routingmanifesto.org/manrs  Defines a minimum package (“a set of commitments”)  Raises awareness and encourages action through the growing numbers of supporters  Demonstrates that industry is able to address complex issues, even where they may not directly benefit  Clear and tangible message: “WE DO AT LEAST THIS AND EXPECT YOU TO DO THE SAME” 9 October 201421
  • 22.
    The Internet Society TheMANRS … in more detail  Principles of addressing issues of routing resilience – Interdependence and reciprocity (including collaboration) – Commitment to Best Practices – Encouragement of customers and peers  “The package” indicating the most important actions – BGP Filtering – Anti-spoofing – Coordination and collaboration  High-level document specifying “what” – “How” is in external documents (e.g. BCPs) 9 October 201422
  • 23.
    The Internet Society Principles 1)The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet 2) The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions 3) The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and other ISPs in line with the Actions 4) The organization encourages its customers and peers to adopt these Principles and Actions 9 October 201423
  • 24.
    The Internet Society GoodMANRS  Prevent propagation of incorrect routing information  Prevent traffic with spoofed source IP address  Facilitate global operational communication and coordination between the network operators  Facilitate validation of routing information on a global scale. 9 October 201424
  • 25.
    The Internet Society Participatingin MANRS 1. The company supports the Principles and implements at least one of the Expected Actions for the majority of its infrastructure. Implemented Actions are marked with a check-box. 2. The company becomes a Participant of MANRS, helping to maintain and improve the document, for example, by suggesting new Actions and maintaining an up-to-date list of references to BCOPs and other documents with more detailed implementation guidance. 3. This category is for network operators, or other entities acting in this role (e.g. a network equipment vendor, running its own network infrastructure) 12/18/201425
  • 26.
    The Internet Society Statusupdate 9 October 201426 Launched 6 November 2014 with 9 participants One month later: 14 participants. Seeking committed network operators. Contact us: routingmanifesto@isoc.org or https://www.routingmanifesto.org/c ontact/
  • 27.
    www.internetsociety.org Contact: Olaf M.Kolkman <kolkman@isoc.org> 10 December 2014
  • 28.
    The Internet Society Acknowledgement •Network topology map from ‘The Opte Project’ • Jari Arkko for the slides on the use on encryption • Logos and Trademarks from the respective companies 28

Editor's Notes

  • #3 The open and global nature of the Internet, built on fundamental principles of open standards, voluntary collaboration, reusable building blocks, integrity, permission-free innovation and global reach, has enabled remarkable social and economic innovation in ways that we could never have imagined.   At the same time, using the Internet is not without risk. Malicious actors also see opportunities to gain benefit through fraud, to thwart the activities of others, inflict harm or other damage, and to generally cause mayhem.   It is important to appreciate that while malicious actors will exploit any opportunity, the Internet’s key characteristics are neither the origin nor the cause of the malicious activity.
  • #4 The Internet is global because any endpoint connected to it can address any other endpoint. The integrity of the Internet means that information received at one endpoint is as what was intended by the sender, wherever the receiver connects to the Internet
  • #8 Traditional approaches to security were principally concerned with external and internal threats, and the impact they may have on one’s own assets [in other words, threat-based and self-interested]. There is, however, a growing recognition that a security paradigm for the Internet ecosystem should be premised on protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.
  • #9 It’s the Economy… Challenge the idea that “security” has to be a trade-off between that which you want to do and having an acceptable level of security. Reasonably understood risks
  • #10 Like a human body that may suffer from viruses, but gets stronger and more resilient as a result, new technologies, solutions and collaborative efforts make the Internet more resilient to malicious activity.
  • #11 The Internet, with its high degree of interconnection and dependencies, brings another dimension to the management of risks. Security and resilience of the Internet depends not only on how well risks to you and your assets are managed, but also, importantly, on the management of risks that you (by your action or inaction) present to the Internet ecosystem – the “outward” risks. Additionally, some risks need to be managed by more than one actor. This is the notion of collective and shared risk management – a notion that is well aligned with the “public interest” nature of the Internet.   This latter aspect of risk management is not necessarily self-evident, especially since there is often no obviously identifiable immediate harm to the actors or their assets and, therefore, no direct business case that can be immediately associated with such effort. And, it also is human nature to seek outcomes that further our individual “self-interest”. However, such a narrow approach is counter-productive and, in the long-term, harmful to everyone’s interests – not only will it impact the security of the ecosystem, but it will also diminish the overall pool of social and economic potential that the Internet offers.
  • #15 In developing global solutions, we need to keep in mind all the governance arrangements that are available, not just treaties, and that there are cultural and other differences between countries.
  • #17 In developing global solutions, we need to keep in mind all the governance arrangements that are available, not just treaties, and that there are cultural and other differences between countries.
  • #25 Prevent propagation of incorrect routing information Network operator defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks with prefix and AS-path granularity. Network operator is able to communicate to their adjacent networks which announcements are correct. Network operator applies due diligence when checking the correctness of their customer’s announcements, specifically that the customer legitimately holds the ASN and the address space it announces. Prevent traffic with spoofed source IP address Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network. Facilitate global operational communication and coordination between the network operators Network operators should maintain globally accessible up-to-date contact information. Facilitate validation of routing information on a global scale. Network operator has publicly documented routing policy, ASNs and prefixes that are intended to be advertised to external parties.