Holistic view to educate people on how to secure internet from information abused - this is a presentation that is specially designed for ESDM Ministry conference in Bali

1. Cyber-6 Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw. Prof. Dr. Ir. Richardus Eko Indrajit MSc, MBA, MA/Msi, MPhil, ACPM, CWM, ICWM, CEH Website: http://eko-indrajit.info Email: [email_address] Chairman of ID-SIRTII and APTIKOM

2. Knowledge Domain

3. Cyber Space

7. Cyber Threat

10. Underground Economy 05/25/11 The Brief Profile of ID-SIRTII

11. Growing Vulnerabilities 05/25/11 The Brief Profile of ID-SIRTII * Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003 ** As of 2004, CERT/CC no longer tracks Security Incident statistics. “ Through 2008, 90 percent of successful hacker attacks will exploit well-known software vulnerabilities.” - Gartner*

13. Cyber Attack

20. Attacks Sophistication 05/25/11 The Brief Profile of ID-SIRTII High Low 1980 1985 1990 1995 2005 Intruder Knowledge Attack Sophistication Cross site scripting password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools “ stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Staged Auto Coordinated

21. Vulnerabilities Exploit Cycle 05/25/11 The Brief Profile of ID-SIRTII Advanced Intruders Discover New Vulnerability Crude Exploit Tools Distributed Novice Intruders Use Crude Exploit Tools Automated Scanning/Exploit Tools Developed Widespread Use of Automated Scanning/Exploit Tools Intruders Begin Using New Types of Exploits Highest Exposure Time # Of Incidents

22. Cyber Security

24. Risk Management Aspect 05/25/11 The Brief Profile of ID-SIRTII Risk Vulnerabilities Threats Controls Security Requirements Asset Values Assets Protect against Exploit Reduce Increase Indicate Increase Expose Have Decrease Met by Impact on Organisation

25. Strategies for Protection 05/25/11 The Brief Profile of ID-SIRTII Protecting Information Protecting Infrastructure Protecting Interactions

28. Best Practice Standard 05/25/11 The Brief Profile of ID-SIRTII BS7799/ISO17799 Access Controls Asset Classification Controls Information Security Policy Security Organisation Personnel Security Physical Security Communication & Operations Mgmt System Development & Maint. Bus. Continuity Planning Compliance Information Integrity Confidentiality Availability 1 2 3 4 5 6 7 8 9 10

29. Cyber Crime

31. The Crime Scenes 05/25/11 The Brief Profile of ID-SIRTII IT as a Tool IT as a Storage Device IT as a Target

32. Type of Attacks 05/25/11 The Brief Profile of ID-SIRTII

33. Malicious Activities 05/25/11 The Brief Profile of ID-SIRTII

35. Cyber Law Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.

37. The Crime Scenes 05/25/11 The Brief Profile of ID-SIRTII IT as a Tool IT as a Storage Device IT as a Target

39. Main Challenge. ILLEGAL “… the distribution of illegal materials within the internet …” ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”

40. ID-SIRTII Indonesia Security Incident Response Team on Internet Infrastructure

41. ID-SIRTII Mission and Objectives. “ To expedite the economic growth of the country through providing the society with secure internet environment within the nation ” 1. Monitoring internet traffic for incident handling purposes. 2. Managing log files to support law enforcement. 3. Educating public for security awareness. 4. Assisting institutions in managing security. 5. Providing training to constituency and stakeholders. 6. Running laboratory for simulation practices. 7. Establishing external and international collaborations.

42. Constituents and Stakeholders. Government of Indonesia ID-SIRTII ISPs NAPs IXs Law Enforcement National Security Communities International CSIRTs/CERTs Corporate Users Individual Users Lawyers and Legal Practitioners Polices Prosecutors Judges FIRST and APCERT Country’s CSIRTs/CERTs ICT Related Associationsa and Vendors Other CSIRTs and CERTs sponsor

43. Coordination Structure. ID-SIRTII (CC) as National CSIRT Sector CERT Internal CERT Vendor CERT Commercial CERT Bank CERT Airport CERT University CERT GOV CERT Military CERT SOE CERT SME CERT Telkom CERT BI CERT Police CERT KPK CERT Lippo CERT KPU CERT Pertamina CERT Hospital CERT UGM CERT Cisco CERT Microsoft CERT Oracle CERT SUN CERT IBM CERT SAP CERT Yahoo CERT Google CERT A CERT B CERT C CERT D CERT E CERT F CERT G CERT H CERT Other CERTs Other CERTs Other CERTs Other CERTs

44. Major Tasks. INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS Reactive Services Proactive Services Security Quality Management Services 1. Monitoring traffic Alerts and Warnings Announcements Technology Watch Intrusion Detection Services x 2. Managing log files Artifact Handling x x 3. Educating public x x Awareness Building 4. Assisting institutions Security-Related Information Dissemnination Vulnerability Handling Intrusion Detection Services Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications, and Infrastructure Security Consulting 5. Provide training x X Education Training 6. Running laboratory x x Risk Analysis BCP and DRP 7. Establish collaborations Incident Handling x Product Evaluation

45. Incidents Definition and Samples. web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking spamming malicious software spoofing blended attack “ one or more intrusion events that you suspect are involved in a possible violation of your security policies ” “ an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel” “ any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat ” “ an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the environment. ”

46. Priorities on Handling Incidents. TYPE OF INCIDENT AND ITS PRIORITY Public Safety and National Defense (Very Priority) Economic Welfare (High Priority) Political Matters (Medium Priority) Social and Culture Threats (Low Priority) 1. Interception Many to One One to Many Many to Many Automated Tool (KM-Based Website) 2. Interruption Many to One One to Many Many to Many Automated Tool (KM-Based Website) 3. Modification Many to One One to Many Many to Many Automated Tool (KM-Based Website) 4. Fabrication Many to One One to Many Many to Many Automated Tool (KM-Based Website)

47. Core Chain of Processes. Response and Handle Incidents Report on Incident Handling Management Process and Research Vital Statistics Supporting Activities Core Process Establish External and International Collaborations Run Laboratory for Simulation Practices Provide Training to Constituency and Stakeholders Assist Institutions in Managing Security Educate Public for Security Awareness

48. Legal Framework. Undang-Undang No.36/1999 regarding National Telecommunication Industry Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure New Cyberlaw on Information and Electronic Transaction

49. Holistic Framework. SECURE INTERNET INFRASTRUCTURE ENVIRONMENT People Process Technology Log File Management System Traffic Monitoring System Incident Indication Analysis Incident Response. Management Advisory Board Executive Board M ONITOR - A NALYSIS - Y ELL - D ETECT - A LERT - Y IELD STAKEHOLDERS COLLABORATION AND SUPPORT NATIONAL REGULATION AND GOVERNANCE STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT

51. Work Philosophy. Why does a car have BRAKES ??? The car have BRAKES so that it can go FAST … !!! Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?

52. Welcome to the New World. Congratulation! Richardus Eko Indrajit indrajit@post.harvard.edu Chairman of ID-SIRTII and APTIKOM