Cyber-6 Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw. Prof. Dr. Ir.   Richardus Eko Indrajit  ...
Knowledge Domain
Cyber Space
Cyberspace. <ul><li>A reality community between PHYSICAL WORLD and ABSTRACTION WORLD </li></ul><ul><li>1.4 billion of real...
Information Roles <ul><li>Why information? </li></ul><ul><ul><li>It consists of important data and facts (news, reports, s...
What is Internet ? <ul><li>A giant network of networks where people exchange information through various different digital...
Cyber Threat
Cyberthreat. <ul><li>The trend has increased in an exponential rate mode </li></ul><ul><li>Motives are vary from recreatio...
International Issues <ul><li>What Does FBI Say About Companies: </li></ul><ul><ul><li>91% have detected employee abuse </l...
Underground Economy 05/25/11 The Brief Profile of ID-SIRTII
Growing Vulnerabilities 05/25/11 The Brief Profile of ID-SIRTII  * Gartner “CIO Alert: Follow Gartner’s Guidelines for Upd...
Potential Threats <ul><li>Unstructured Threats </li></ul><ul><ul><li>Insiders </li></ul></ul><ul><ul><li>Recreational Hack...
Cyber Attack
Cyberattack. <ul><li>Too many attacks have been performed within the cyberspace. </li></ul><ul><li>Most are triggered by t...
 
 
 
 
 
Attacks Sophistication 05/25/11 The Brief Profile of ID-SIRTII  High Low 1980 1985 1990 1995 2005 Intruder Knowledge Attac...
Vulnerabilities Exploit Cycle 05/25/11 The Brief Profile of ID-SIRTII  Advanced Intruders Discover New Vulnerability Crude...
Cyber Security
Cybersecurity. <ul><li>Lead by ITU for international domain, while some standards are introduced by different institution ...
Risk Management Aspect 05/25/11 The Brief Profile of ID-SIRTII  Risk Vulnerabilities Threats Controls Security  Requiremen...
Strategies for Protection 05/25/11 The Brief Profile of ID-SIRTII  Protecting Information Protecting Infrastructure Protec...
Mandatory Requirements <ul><li>“ Critical infrastructures are those physical and cyber-based systems essential to the mini...
Information Security Disciplines <ul><li>Physical security </li></ul><ul><li>Procedural security </li></ul><ul><li>Personn...
Best Practice Standard 05/25/11 The Brief Profile of ID-SIRTII  BS7799/ISO17799 Access Controls Asset  Classification Cont...
Cyber Crime
Cybercrime. <ul><li>Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION </li></ul><ul><li>Virtua...
The Crime Scenes 05/25/11 The Brief Profile of ID-SIRTII  IT as a Tool IT as a Storage Device IT as a Target
Type of Attacks 05/25/11 The Brief Profile of ID-SIRTII
Malicious Activities 05/25/11 The Brief Profile of ID-SIRTII
Motives of Activities <ul><li>Thrill Seekers  </li></ul><ul><li>Organized Crime  </li></ul><ul><li>Terrorist Groups </li><...
Cyber Law Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.
Cyberlaw. <ul><li>Difficult to keep updated as technology trend moves </li></ul><ul><li>Different stories between the rule...
The Crime Scenes 05/25/11 The Brief Profile of ID-SIRTII  IT as a Tool IT as a Storage Device IT as a Target
First Cyber Law in Indonesia. <ul><li>Range of penalty: </li></ul><ul><li>Rp 600 million - Rp 12 billion (equal to US$ 60,...
Main Challenge. ILLEGAL “…  the distribution of illegal materials within  the internet …” ILLEGAL “…  the existence of sou...
ID-SIRTII Indonesia Security Incident Response Team on Internet Infrastructure
ID-SIRTII Mission and Objectives. “ To expedite the economic growth of the country through  providing the society with sec...
Constituents and Stakeholders. Government of Indonesia ID-SIRTII ISPs NAPs IXs Law Enforcement National Security Communiti...
Coordination Structure. ID-SIRTII (CC) as National CSIRT Sector CERT Internal CERT Vendor CERT Commercial CERT Bank CERT A...
Major Tasks. INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS Reactive Services Proactive Services Security Quality Manag...
Incidents Definition and Samples. web defacement  information leakage  phishing  intrusion  Dos/DDoS SMTP relay  virus inf...
Priorities on Handling Incidents. TYPE OF INCIDENT AND ITS PRIORITY Public Safety and National Defense (Very Priority) Eco...
Core Chain of Processes. Response and Handle Incidents Report on Incident Handling Management Process and Research Vital S...
Legal Framework. Undang-Undang No.36/1999 regarding National Telecommunication Industry Peraturan Pemerintah No.52/2000 re...
Holistic Framework. SECURE INTERNET INFRASTRUCTURE ENVIRONMENT People Process Technology Log File Management System Traffi...
Challenges to ID-SIRTII Activities. <ul><li>Prevention </li></ul><ul><ul><li>“ Securing” internet-based transactions </li>...
Work Philosophy. Why does a car have BRAKES ??? The car have  BRAKES  so that it can go  FAST  … !!! Why should we have re...
Welcome to the New World. Congratulation! Richardus Eko Indrajit  indrajit@post.harvard.edu  Chairman of ID-SIRTII and APT...
Upcoming SlideShare
Loading in …5
×

Cyber Six: Managing Security in Internet

2,333 views

Published on

Holistic view to educate people on how to secure internet from information abused - this is a presentation that is specially designed for ESDM Ministry conference in Bali

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,333
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
135
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Cyber Six: Managing Security in Internet

  1. 1. Cyber-6 Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw. Prof. Dr. Ir. Richardus Eko Indrajit MSc, MBA, MA/Msi, MPhil, ACPM, CWM, ICWM, CEH Website: http://eko-indrajit.info Email: [email_address] Chairman of ID-SIRTII and APTIKOM
  2. 2. Knowledge Domain
  3. 3. Cyber Space
  4. 4. Cyberspace. <ul><li>A reality community between PHYSICAL WORLD and ABSTRACTION WORLD </li></ul><ul><li>1.4 billion of real human population (internet users) </li></ul><ul><li>Trillion US$ of potential commerce value </li></ul><ul><li>Billion business transactions per hour in 24/7 mode </li></ul>Internet is a VALUABLE thing indeed. Risk is embedded within.
  5. 5. Information Roles <ul><li>Why information? </li></ul><ul><ul><li>It consists of important data and facts (news, reports, statistics, transaction, logs, etc.) </li></ul></ul><ul><ul><li>It can create perception to the public (market, politics, image, marketing, etc.) </li></ul></ul><ul><ul><li>It represents valuable assets (money, documents, password, secret code, etc.) </li></ul></ul><ul><ul><li>It is a raw material of knowledge (strategy, plan, intelligence, etc.) </li></ul></ul>05/25/11 The Brief Profile of ID-SIRTII
  6. 6. What is Internet ? <ul><li>A giant network of networks where people exchange information through various different digital-based ways: </li></ul>05/25/11 The Brief Profile of ID-SIRTII “… what is the value of internet ???” Email Mailing List Website Chatting Newsgroup Blogging E-commerce E-marketing E-government
  7. 7. Cyber Threat
  8. 8. Cyberthreat. <ul><li>The trend has increased in an exponential rate mode </li></ul><ul><li>Motives are vary from recreational to criminal purposes </li></ul><ul><li>Can caused significant economic losses and political suffers </li></ul><ul><li>Difficult to mitigate </li></ul>web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking spamming malicious software spoofing blended attack Threats are there to stay. Can’t do so much about it.
  9. 9. International Issues <ul><li>What Does FBI Say About Companies: </li></ul><ul><ul><li>91% have detected employee abuse </li></ul></ul><ul><ul><li>70% indicate the Internet as a frequent attack point </li></ul></ul><ul><ul><li>64% have suffered financial losses </li></ul></ul><ul><ul><li>40% have detected attacks from outside </li></ul></ul><ul><ul><li>36% have reported security incidents </li></ul></ul><ul><li>Source: FBI Computer Crime and Security Survey 2001 </li></ul>05/25/11 The Brief Profile of ID-SIRTII
  10. 10. Underground Economy 05/25/11 The Brief Profile of ID-SIRTII
  11. 11. Growing Vulnerabilities 05/25/11 The Brief Profile of ID-SIRTII * Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003 ** As of 2004, CERT/CC no longer tracks Security Incident statistics. “ Through 2008, 90 percent of successful hacker attacks will exploit well-known software vulnerabilities.” - Gartner*
  12. 12. Potential Threats <ul><li>Unstructured Threats </li></ul><ul><ul><li>Insiders </li></ul></ul><ul><ul><li>Recreational Hackers </li></ul></ul><ul><ul><li>Institutional Hackers </li></ul></ul><ul><li>Structured Threats </li></ul><ul><ul><li>Organized Crime </li></ul></ul><ul><ul><li>Industrial Espionage </li></ul></ul><ul><ul><li>Hacktivists </li></ul></ul><ul><li>National Security Threats </li></ul><ul><ul><li>Terrorists </li></ul></ul><ul><ul><li>Intelligence Agencies </li></ul></ul><ul><ul><li>Information Warriors </li></ul></ul>05/25/11 The Brief Profile of ID-SIRTII
  13. 13. Cyber Attack
  14. 14. Cyberattack. <ul><li>Too many attacks have been performed within the cyberspace. </li></ul><ul><li>Most are triggered by the cases in the real world. </li></ul><ul><li>The eternal wars and battles have been in towns lately. </li></ul><ul><li>Estonia notorious case has opened the eyes of all people in the world. </li></ul>Attack can occur anytime and anyplace without notice.
  15. 20. Attacks Sophistication 05/25/11 The Brief Profile of ID-SIRTII High Low 1980 1985 1990 1995 2005 Intruder Knowledge Attack Sophistication Cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools “ stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staged Auto Coordinated
  16. 21. Vulnerabilities Exploit Cycle 05/25/11 The Brief Profile of ID-SIRTII Advanced Intruders Discover New Vulnerability Crude Exploit Tools Distributed Novice Intruders Use Crude Exploit Tools Automated Scanning/Exploit Tools Developed Widespread Use of Automated Scanning/Exploit Tools Intruders Begin Using New Types of Exploits Highest Exposure Time # Of Incidents
  17. 22. Cyber Security
  18. 23. Cybersecurity. <ul><li>Lead by ITU for international domain, while some standards are introduced by different institution (ISO, ITGI, ISACA, etc.) </li></ul><ul><li>“ Your security is my security” – individual behavior counts while various collaborations are needed </li></ul>Education, value, and ethics are the best defense approaches.
  19. 24. Risk Management Aspect 05/25/11 The Brief Profile of ID-SIRTII Risk Vulnerabilities Threats Controls Security Requirements Asset Values Assets Protect against Exploit Reduce Increase Indicate Increase Expose Have Decrease Met by Impact on Organisation
  20. 25. Strategies for Protection 05/25/11 The Brief Profile of ID-SIRTII Protecting Information Protecting Infrastructure Protecting Interactions
  21. 26. Mandatory Requirements <ul><li>“ Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. These systems are so vital, that their incapacity or destruction would have a debilitating impact on the defense or economic security of the nation.” </li></ul><ul><li>Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and Wastewater Treatment Systems, Emergency Services, Energy, Information Technology, Postal & Shipping, Public Health & Healthcare, Telecommunications, Transportation Systems </li></ul>05/25/11 The Brief Profile of ID-SIRTII
  22. 27. Information Security Disciplines <ul><li>Physical security </li></ul><ul><li>Procedural security </li></ul><ul><li>Personnel security </li></ul><ul><li>Compromising emanations security </li></ul><ul><li>Operating system security </li></ul><ul><li>Communications security </li></ul><ul><li> a failure in any of these areas can undermine the security of a system </li></ul>05/25/11 The Brief Profile of ID-SIRTII
  23. 28. Best Practice Standard 05/25/11 The Brief Profile of ID-SIRTII BS7799/ISO17799 Access Controls Asset Classification Controls Information Security Policy Security Organisation Personnel Security Physical Security Communication & Operations Mgmt System Development & Maint. Bus. Continuity Planning Compliance Information Integrity Confidentiality Availability 1 2 3 4 5 6 7 8 9 10
  24. 29. Cyber Crime
  25. 30. Cybercrime. <ul><li>Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION </li></ul><ul><li>Virtually involving inter national boundaries and multi resources </li></ul><ul><li>Intentionally targeting to fulfill special objective(s) </li></ul><ul><li>Convergence in nature with intelligence efforts. </li></ul>Crime has intentional objectives. Stay away from the bull’s eye.
  26. 31. The Crime Scenes 05/25/11 The Brief Profile of ID-SIRTII IT as a Tool IT as a Storage Device IT as a Target
  27. 32. Type of Attacks 05/25/11 The Brief Profile of ID-SIRTII
  28. 33. Malicious Activities 05/25/11 The Brief Profile of ID-SIRTII
  29. 34. Motives of Activities <ul><li>Thrill Seekers </li></ul><ul><li>Organized Crime </li></ul><ul><li>Terrorist Groups </li></ul><ul><li>Nation-States </li></ul>05/25/11 The Brief Profile of ID-SIRTII
  30. 35. Cyber Law Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.
  31. 36. Cyberlaw. <ul><li>Difficult to keep updated as technology trend moves </li></ul><ul><li>Different stories between the rules and enforcement efforts </li></ul><ul><li>Require various infrastructure, superstructure, and resources </li></ul><ul><li>Can be easily “out-tracked” by law practitioners </li></ul>Cyberlaw is here to protect you. At least playing role in mitigation.
  32. 37. The Crime Scenes 05/25/11 The Brief Profile of ID-SIRTII IT as a Tool IT as a Storage Device IT as a Target
  33. 38. First Cyber Law in Indonesia. <ul><li>Range of penalty: </li></ul><ul><li>Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) </li></ul><ul><li>6 to 12 years in prison (jail) </li></ul>starting from 25 March 2008 Picture: Indonesia Parliament in Session
  34. 39. Main Challenge. ILLEGAL “… the distribution of illegal materials within the internet …” ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”
  35. 40. ID-SIRTII Indonesia Security Incident Response Team on Internet Infrastructure
  36. 41. ID-SIRTII Mission and Objectives. “ To expedite the economic growth of the country through providing the society with secure internet environment within the nation ” 1. Monitoring internet traffic for incident handling purposes. 2. Managing log files to support law enforcement. 3. Educating public for security awareness. 4. Assisting institutions in managing security. 5. Providing training to constituency and stakeholders. 6. Running laboratory for simulation practices. 7. Establishing external and international collaborations.
  37. 42. Constituents and Stakeholders. Government of Indonesia ID-SIRTII ISPs NAPs IXs Law Enforcement National Security Communities International CSIRTs/CERTs Corporate Users Individual Users Lawyers and Legal Practitioners Polices Prosecutors Judges FIRST and APCERT Country’s CSIRTs/CERTs ICT Related Associationsa and Vendors Other CSIRTs and CERTs sponsor
  38. 43. Coordination Structure. ID-SIRTII (CC) as National CSIRT Sector CERT Internal CERT Vendor CERT Commercial CERT Bank CERT Airport CERT University CERT GOV CERT Military CERT SOE CERT SME CERT Telkom CERT BI CERT Police CERT KPK CERT Lippo CERT KPU CERT Pertamina CERT Hospital CERT UGM CERT Cisco CERT Microsoft CERT Oracle CERT SUN CERT IBM CERT SAP CERT Yahoo CERT Google CERT A CERT B CERT C CERT D CERT E CERT F CERT G CERT H CERT Other CERTs Other CERTs Other CERTs Other CERTs
  39. 44. Major Tasks. INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS Reactive Services Proactive Services Security Quality Management Services 1. Monitoring traffic Alerts and Warnings Announcements Technology Watch Intrusion Detection Services x 2. Managing log files Artifact Handling x x 3. Educating public x x Awareness Building 4. Assisting institutions Security-Related Information Dissemnination Vulnerability Handling Intrusion Detection Services Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications, and Infrastructure Security Consulting 5. Provide training x X Education Training 6. Running laboratory x x Risk Analysis BCP and DRP 7. Establish collaborations Incident Handling x Product Evaluation
  40. 45. Incidents Definition and Samples. web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking spamming malicious software spoofing blended attack “ one or more intrusion events that you suspect are involved in a possible violation of your security policies ” “ an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel” “ any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat ” “ an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the environment. ”
  41. 46. Priorities on Handling Incidents. TYPE OF INCIDENT AND ITS PRIORITY Public Safety and National Defense (Very Priority) Economic Welfare (High Priority) Political Matters (Medium Priority) Social and Culture Threats (Low Priority) 1. Interception Many to One One to Many Many to Many Automated Tool (KM-Based Website) 2. Interruption Many to One One to Many Many to Many Automated Tool (KM-Based Website) 3. Modification Many to One One to Many Many to Many Automated Tool (KM-Based Website) 4. Fabrication Many to One One to Many Many to Many Automated Tool (KM-Based Website)
  42. 47. Core Chain of Processes. Response and Handle Incidents Report on Incident Handling Management Process and Research Vital Statistics Supporting Activities Core Process Establish External and International Collaborations Run Laboratory for Simulation Practices Provide Training to Constituency and Stakeholders Assist Institutions in Managing Security Educate Public for Security Awareness
  43. 48. Legal Framework. Undang-Undang No.36/1999 regarding National Telecommunication Industry Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure New Cyberlaw on Information and Electronic Transaction
  44. 49. Holistic Framework. SECURE INTERNET INFRASTRUCTURE ENVIRONMENT People Process Technology Log File Management System Traffic Monitoring System Incident Indication Analysis Incident Response. Management Advisory Board Executive Board M ONITOR - A NALYSIS - Y ELL - D ETECT - A LERT - Y IELD STAKEHOLDERS COLLABORATION AND SUPPORT NATIONAL REGULATION AND GOVERNANCE STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
  45. 50. Challenges to ID-SIRTII Activities. <ul><li>Prevention </li></ul><ul><ul><li>“ Securing” internet-based transactions </li></ul></ul><ul><ul><li>Reducing the possibilities of successful attacks </li></ul></ul><ul><ul><li>Working together with ISP to inhibit the distribution of illegal materials </li></ul></ul><ul><li>Reaction </li></ul><ul><ul><li>Preserving digital evidence for law enforcement purposes </li></ul></ul><ul><ul><li>Providing technical advisory for further mitigation process </li></ul></ul><ul><li>Quality Management </li></ul><ul><ul><li>Increasing public awareness level </li></ul></ul><ul><ul><li>Ensuring security level in critical infrastructure institutions </li></ul></ul>
  46. 51. Work Philosophy. Why does a car have BRAKES ??? The car have BRAKES so that it can go FAST … !!! Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?
  47. 52. Welcome to the New World. Congratulation! Richardus Eko Indrajit indrajit@post.harvard.edu Chairman of ID-SIRTII and APTIKOM

×