APNIC, profile picture
Uploaded byAPNIC
PPTX, PDF903 views

Cybersecurity by the numbers

The document discusses cybersecurity challenges and the importance of establishing a Computer Emergency Response Team (CERT) for enhancing security incident response across the Asia-Pacific region. It outlines the various threats organizations face, the components necessary for an effective CERT, and the need for information sharing and collaboration among stakeholders. Additionally, it emphasizes the necessity of a structured approach to incident handling and the establishment of policies and procedures to manage security threats effectively.

Internet
Related topics:
Cyber-Security

Embed presentation

Downloaded 32 times
Cybersecurity by the #s Regulatory Internet Governance Symposium – Vanuatu 20 October 2016
Cybersecurity by the #s Network Security • A view from the logical layer • Network Security • What are we up against? • The cybersecurity ecosystem CERT | CSIRT • Incident Response • Coordination • Information Sharing • Building a CERT • Components of a CERT/CSIRT • The Road Forward
A view from the logical layer https://www.icann.org/news/multimedia/1563
The fundamental challenge 00101000 01101001 01101110 00101001 01110011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01100010 01111001 00100000 01100100 01100101 01110011 01101001 01100111 01101110 (in)Security by Design https://blog.apnic.net/2015/07/07/mapping-the-internet-in-the-asia-pacific/
Confidentiality Integrity Availability SECURITY prevents unauthorized use or disclosure of information safeguards the accuracy and completeness of information authorized users have reliable and timely access to information Goals of Information Security
Terms: Breaking it down • Threat – Any circumstance or factor with the potential to cause harm – a motivated, capable adversary • Vulnerability – A weakness in a system; in procedures, design, or implementation that can be exploited • Software bugs, design flaws, operational mistakes • Risk – The probability that a particular vulnerability will occur – The severity (impact) of that occurrence = likelihood x consequences
Security tradeoffs • Services offered vs. security provided – Each service offers its own security risk – The more services, the less security • Ease of use vs. security – Every security mechanism causes inconvenience – The more “plug n play”, the less security • Risk of loss vs. Cost of security – Assets carry value and risk of loss – The higher the value, the higher the security cost • These factors can be balanced in a comprehensive security policy
What are we up against?
What can the attackers do? • Eavesdropping – Listen in on communications • Masquerading – Impersonating someone else • Forgery – Invent or duplicate/replay information • Trespass – Obtain unauthorised access • Subversion – Modify data and messages in transit • Destruction – Vandalise or delete important data • Disruption – Disable or prevent access to services • Infiltration – Hide out inside our machines • Hijacking – “Own” and use machines for nefarious purposes
And why do they do it? Motivation Examples Knowledge driven • Recreational • Research Issue-based • Hacktivism • Patriotism Antisocial • Revenge • Vandalism Competitive • Theft of IP • Damage to competitors Criminal • Theft of assets • Extortion Strategic • Espionage • State-driven or sponsored
And, how to they do it? • Targeting the user – Masquerading – “Phishing” – DNS Cache Poisoning • IP Address “spoofing” • Disruption – DoS attacks – DDoS attacks
“Phishing” • “Fishing” for information such as usernames, passwords, credit card details, other personal information • Ex: Forged emails apparently from legitimate enterprises, direct users to forged websites.
DNS Cache Poisoning The Internet www.apnic.netwww.apnic.net? www.apnic.net 199.43.0.44 DNS 175.98.98.133 203.119.102.244 199.43.0.44 ☹︎
Securing websites – SSL certificates The Internet www.apnic.net www.apnic.net? 203.119.102.244 DNS 175.98.98.133 203.119.102.244 ☺︎ SSL
Securing DNS – DNSSEC The Internet www.apnic.net www.apnic.net? DNS 175.98.98.133 203.119.102.244 ☺︎ 203.119.102.244 SEC
Misusing IP Addresses… The Internet Global Routing Table 4.128/9 60.100/16 60.100.0/20 135.22/16 … Global Routing Table 4.128/9 60.100/16 60.100.0/20 135.22/16 199.43.0.0/24 … Announce 199.43.0.0/24 R 202.12.29.0/24 Traffic 199.43.0.0/24 ☹︎
Misusing IP Addresses… The Internet Global Routing Table 4.128/9 60.100/16 60.100.0/20 135.22/16 … Global Routing Table 4.128/9 60.100/16 60.100.0/20 135.22/16 202.12.29.0/24 … Announce 202.12.29.0/24 R 202.12.29.0/24 RPKI ☺︎
IP address spoofing InternetISP 203.119.102.244 175.98.98.133 Request Src: 175.98.98.133 Dst: 203.119.102.244 Response Src: 203.119.102.244 Dst: 175.98.98.133 ☺︎
IP address spoofing InternetISP 203.119.102.244 175.98.98.133 Response Src: 203.119.102.244 Dst: 199.43.0.44 199.43.0.44 Request Src: 199.43.0.44 Dst: 203.119.102.244 ☹︎
DoS attack: Amplification InternetISP 203.119.102.244 175.98.98.133 199.43.0.44 Request Src: 199.43.0.44 Dst: 203.119.102.244 ☹︎ Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD Request Src: 199.43.0.44 Dst: 203.119.102.244 Request Src: 199.43.0.44 Dst: 203.119.102.244 Request Src: 199.43.0.44 Dst: 203.119.102.244 Request Src: 199.43.0.44 Dst: 203.119.102.244 Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD
Defeating IP spoofing – BCP38 InternetISP 203.119.102.244 175.98.98.133 ☺︎ BCP38 (2000) Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing ISP Request Src: 199.43.0.44 Dst: 203.119.102.244
DDoS attack: Distributed DoS InternetISP ☹︎ “Botnet”
Network Security In A Nutshell • Ensuring Confidentiality's, Integrity, Availability • Building a risk management approach • Implemented through cybersecurity program C I A • Security as a process • Technology, people, and process
The Bigger Picture Network & Information Security Cybersecurity
Users Public Safety Regulators Operators Vendors Software CERTs Internet Security Ecosystem
Asia-Pacific CERTs
Asia-Pacific CERTs
Incident Response Security Incident • A computer security incident is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices • Examples: – An attacker commands a botnet to send high volumes of connection requests to a web server, causing it to crash – Users are tricked into opening a “quarterly report” sent via email that is actually malware; running the tool has infected their computers and established connections with an external host. – An attacker obtains sensitive data and threatens that the details will be released publicly if the organization does not pay a designated sum of money. (Source: NIST SP800-61Incident Handling Guide)
1. Preparation – Preparing to handle Incidents – Preventing Incidents 2. Detection and Analysis Source: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf Stages of Incident Handling 3. Containment, Eradication & Recovery 4. Post Incident Activities
Asia-Pacific CERTs
Coordination Source: NIST Computer Security Incident Handling Guide
Asia-Pacific CERTs
Information Sharing • Trusted Group • Sharing of threat intelligence • Co-ordinated Response • Reach out to the community
Why a Team? • Dedicated resources for Incident Management – Dedicated Service(s) – Human Resources – Specific Polices and SOPs – Expertise & Skillsets • Structured Incident Management / Handling Procedures • Integration with other activities Internal & External to the organization – SOC / IT – CERTs / ISACs etc
Building a - CERT - CSIRT
Defining a CSIRT …is a team that performs, coordinates, and supports the response to security incidents that involve sites within a defined constituency • In ways which the specific community agrees to be in its general interest • Team = Organization that does Incident Response (IR) work! • Must react to reported security incidents or threat faced by the constituency
Defining a CSIRT …is a team that performs, coordinates, and supports the response to security incidents that involve sites within a defined constituency • Mandate & Terms of Reference • Defined Structure • Operational Capacity
38 Components of a CERT/CSIRT
Constituency • Who is the Team meant to serve? • Constituency help defines: – What is the purpose & nature of the CSIRT – Who is the CSIRT Serving – What types of security incidents the CSIRT handles – What are the relationship with other CSIRTs • Constituencies might overlap – Co-ordination is key – CSIRT of the “Last Resort”
Different Types of CSIRTs • National CSIRTs • Coordination Centers • Analysis Centers • Enterprise CSIRTs • Vendor Teams • Incident Response Providers • Regional CERTs Source: US-CERT https://www.cert.org/incident-management/csirt-development/csirt-faq.cfm
Policies & SOPs • Specific for Incident Response & Handling • Definition of Security Incidents and Related Terms • Define Scope, Roles & Responsibilities • Sharing of Information within the organization or with external parties • What to do in the event of a security incident – Specific SOP for dealing with different types of incidents – Forms, Templates, Required information – How to reach you outside office hours • Dealing with Crisis – Escalation (Internal & External) – Dealing with the Media /Press • Setting Realistic Expectations – Dealing with Service Providers
Team Structure • Team Models – Central Incident Response Team – Distributed Incident Response Team – Co-ordination Team • Functions / Workflow – Incident Reporting • Report from internal or external – Incident Analysis • What is happening, Impact, Patterns – Incident Response • Containment, Eradication & Recovery • Post-Incident Activity / Recommendations • How many people do we need in a team?
Services • Incident Handling & Response – Core activity • Advisory / Notification – Issue advisory relevant to constituency • Education and Awareness – Promoting best practices – Policies and SOPs – Cyber Security Exercises • Information Sharing – i.e. Global / Regional CSIRTs groups, ISACS • Other Services – Reactive – Proactive – Security Quality Management
Types of Services Example * Enterprise CSIRT * Proactive Services Reactive Services Security Quality Management Services • Security Alerts • Security Reporting • Security Diagnosis • Monitoring of Websites • Vulnerability Handling • Incident Handling • Artifact Handling • Security Consultation • Security Education • Security Training • Evaluation of Technologies Source: NTT-CERT https://conference.apnic.net/data/39/150304_ntt-cert-activity_1425447986.pdf
Tools & Facilities • Basically two categories of tools – Managing Incident Reports – Tools for analysis • Handling & Managing Incidents Reported – Able to collect & store incidents reported – Track status, produce reports – Function of system can be mapped to SOP – Encryption tools for secure communication • Security Incidents Monitoring & Analysis – Tools for processing or analyzing logs, binaries, network traffic – Forensics Tools – Tools for information sharing – Labs / Separate resources for analysis / testing – Tools in the Public domains (i.e. Passive DNS) • Office / Work facilities – Secure room, Office facilities, etc • Good Resource: FIRST Membership Site Visit: http://www.first.org/membership/site-visit-V1.0.pdf
Building Relationships • Internal – Early buy-in from leadership and constituency – Costing • The cost tends to vary based on a lot of factors – Size of team – Services provided – Nature of Organisation • Start Small – Using open source tools – Scale up as capability and need grows • External – Becoming of a part of a trusted community • Attending Meetings / Conferences • Capacity Development (Training)
Asia-Pacific CERTs
Road Forward “Establishment of a National Computer Emergency Response Team (CERT) that is capable of dealing with relevant Cybersecurity threats for citizens, tourists, businesses and government in Vanuatu”
Lets stay engaged! Klée Aiken External Relations Manager klee@apnic.net Adli Wahid Security Specialist FIRST Board Member adli@apnic.net Upcoming security engagements: • APCERT Conference | Tokyo, JP • 24 to 27 Oct 2016 • NGN Forum | Suva, FJ • 1 to 3 Nov 2016 • Technical Assistance | Suva & Nadi, FJ • 24 to 26 Nov 2016 • PacNOG 19 | Nadi, FJ • 28 Nov to 2 Dec
Tankio tumas! Questions?

More Related Content

PDF
Introduction to CSIRTs
byAPNIC
 
PPTX
APrIGF 2015: Security and the Internet of Things
byAPNIC
 
PPTX
Development of Jisc security programme - Networkshop44
byJisc
 
PDF
WHOIS Database for Incident Response & Handling
byAPNIC
 
PPTX
Stockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
byAPNIC
 
PPTX
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
byAPNIC
 
PPTX
PRFP-10: Cyber threats and security in the Pacific
byAPNIC
 
PPTX
Cyber Security Week 2015: Get involved and contribute
byAPNIC
 
Introduction to CSIRTs
byAPNIC
 
APrIGF 2015: Security and the Internet of Things
byAPNIC
 
Development of Jisc security programme - Networkshop44
byJisc
 
WHOIS Database for Incident Response & Handling
byAPNIC
 
Stockholm Internet Forum 2017: Development of CERTs in the Asia Pacific
byAPNIC
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
byAPNIC
 
PRFP-10: Cyber threats and security in the Pacific
byAPNIC
 
Cyber Security Week 2015: Get involved and contribute
byAPNIC
 

What's hot

PPTX
Exhibitor session: Efficient IP
byJisc
 
PPTX
Tech 2 Tech - security
byJisc
 
PDF
APEC TEL 62: APNIC Security Engagement Activities
byAPNIC
 
PDF
Honeynet architecture
byamar koppal
 
PPTX
ION Malta - IETF Update
byDeploy360 Programme (Internet Society)
 
PDF
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
byAPNIC
 
PDF
APAN 52: APNIC Report
byAPNIC
 
PPTX
Fostering National Incident Response Capacity
byAPNIC
 
PDF
APrIGF 2021: Internet of Communities – Working Together to Build Trust
byAPNIC
 
PPTX
ION Malta - Introduction to DNSSEC
byDeploy360 Programme (Internet Society)
 
PPTX
ION Malta - Opening Slides
byDeploy360 Programme (Internet Society)
 
PPTX
ION Malta - DANE: The Future of TLS
byDeploy360 Programme (Internet Society)
 
PDF
PANDI Meeting 12: Supporting resilience and security in Internet routing
byAPNIC
 
PPTX
Strengthen DNS Through Infrastructure Design
byAPNIC
 
PDF
Collective responsibility for security and resilience of the global routing s...
byAPNIC
 
PPTX
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
byDeploy360 Programme (Internet Society)
 
PPTX
APNIC update PNG IXP Inauguration
byAPNIC
 
PDF
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
byAPNIC
 
PDF
APEC TEL 62: IPv6 Deployment Update
byAPNIC
 
PDF
ION Malta - IPv6 Case Study: Finland
byDeploy360 Programme (Internet Society)
 
Exhibitor session: Efficient IP
byJisc
 
Tech 2 Tech - security
byJisc
 
APEC TEL 62: APNIC Security Engagement Activities
byAPNIC
 
Honeynet architecture
byamar koppal
 
ION Malta - IETF Update
byDeploy360 Programme (Internet Society)
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Key...
byAPNIC
 
APAN 52: APNIC Report
byAPNIC
 
Fostering National Incident Response Capacity
byAPNIC
 
APrIGF 2021: Internet of Communities – Working Together to Build Trust
byAPNIC
 
ION Malta - Introduction to DNSSEC
byDeploy360 Programme (Internet Society)
 
ION Malta - Opening Slides
byDeploy360 Programme (Internet Society)
 
ION Malta - DANE: The Future of TLS
byDeploy360 Programme (Internet Society)
 
PANDI Meeting 12: Supporting resilience and security in Internet routing
byAPNIC
 
Strengthen DNS Through Infrastructure Design
byAPNIC
 
Collective responsibility for security and resilience of the global routing s...
byAPNIC
 
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
byDeploy360 Programme (Internet Society)
 
APNIC update PNG IXP Inauguration
byAPNIC
 
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
byAPNIC
 
APEC TEL 62: IPv6 Deployment Update
byAPNIC
 
ION Malta - IPv6 Case Study: Finland
byDeploy360 Programme (Internet Society)
 

Viewers also liked

PPTX
Threat Modeling And Analysis
byLalit Kale
 
PDF
Real World Application Threat Modelling By Example
byNCC Group
 
PDF
DevSecOps: Taking a DevOps Approach to Security
byAlert Logic
 
PPTX
The Journey to DevSecOps
bySeniorStoryteller
 
PDF
Building Risk Management into Enterprise Architecture
byiasaglobal
 
ODP
OWASP WTE - Now in the Cloud!
byMatt Tesauro
 
PPTX
Continuous and Visible Security Testing with BDD-Security
byStephen de Vries
 
PPTX
Security testautomation
byLinkesh Kanna Velu
 
PPTX
DevOps AppSec Pipeline Velcocity NY 2015
byAaron Weaver
 
PDF
Agile Secure Software Development in a Large Software Development Organisatio...
byAchim D. Brucker
 
PDF
New Farming Methods in the Epistemological Wasteland of Application Security
byJames Wickett
 
PDF
Rugged DevOps: Bridging Security and DevOps
byJames Wickett
 
PDF
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
byDenim Group
 
PDF
Continuous Security Testing - DevSecCon
byStephen de Vries
 
PPTX
Continuous Security Testing in a Devops World #OWASPHelsinki
byStephen de Vries
 
PPTX
Automating security tests for Continuous Integration
byStephen de Vries
 
PDF
Continous Integration of (JS) projects & check-build philosophy
byFrançois-Guillaume Ribreau
 
PDF
Automated Security Testing
byseleniumconf
 
PDF
Pythonista も ls を読むべきか?
byKatsunori FUJIWARA
 
PDF
Integración contínua con Jenkins
byCésar Hernández
 
Threat Modeling And Analysis
byLalit Kale
 
Real World Application Threat Modelling By Example
byNCC Group
 
DevSecOps: Taking a DevOps Approach to Security
byAlert Logic
 
The Journey to DevSecOps
bySeniorStoryteller
 
Building Risk Management into Enterprise Architecture
byiasaglobal
 
OWASP WTE - Now in the Cloud!
byMatt Tesauro
 
Continuous and Visible Security Testing with BDD-Security
byStephen de Vries
 
Security testautomation
byLinkesh Kanna Velu
 
DevOps AppSec Pipeline Velcocity NY 2015
byAaron Weaver
 
Agile Secure Software Development in a Large Software Development Organisatio...
byAchim D. Brucker
 
New Farming Methods in the Epistemological Wasteland of Application Security
byJames Wickett
 
Rugged DevOps: Bridging Security and DevOps
byJames Wickett
 
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
byDenim Group
 
Continuous Security Testing - DevSecCon
byStephen de Vries
 
Continuous Security Testing in a Devops World #OWASPHelsinki
byStephen de Vries
 
Automating security tests for Continuous Integration
byStephen de Vries
 
Continous Integration of (JS) projects & check-build philosophy
byFrançois-Guillaume Ribreau
 
Automated Security Testing
byseleniumconf
 
Pythonista も ls を読むべきか?
byKatsunori FUJIWARA
 
Integración contínua con Jenkins
byCésar Hernández
 

Similar to Cybersecurity by the numbers

PDF
Setting up CSIRT
byAPNIC
 
PDF
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
byIGN MANTRA
 
PDF
Noah Maina: Computer Emergency Response Team (CERT)
byHamisi Kibonde
 
PDF
Module 1 Introduction of Network security
byhoangvttlu
 
PPTX
CSIRT-Coordination-and-Collaboration-Overview.pptx
byMuhammad Salahuddien
 
PPTX
L11 Transition And Key Roles and SAT ROB IRP.pptx
byStevenTharp2
 
PDF
APCERT Updates
byAPNIC
 
PPT
introcsce813-lect6csce813-lect6csce813-lect6.ppt
byabhimannyubanerjee
 
PPT
IRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRT.ppt
byabhimannyubanerjee
 
PPT
2.4.1 - Intro to Cyber Security for students.ppt
byrameshselvarajkkp
 
PDF
INCIDENT RESPONSE NIST IMPLEMENTATION
bySylvain Martinez
 
PPT
Latihan6 comp-forensic-bab5
bysabtolinux
 
PDF
Cert adli wahid_iisf2011
byDirectorate of Information Security | Ditjen Aptika
 
PDF
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
byIGN MANTRA
 
PDF
CNIT 50: 9. NSM Operations
bySam Bowne
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
PDF
Philippines Cybersecurity Conference 2021: The role of CERTs
byAPNIC
 
PPTX
IAEM cybersecurity 101
bySarah K Miller
 
PPTX
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
byJack Kessler
 
PPT
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
byCristian Driga
 
Setting up CSIRT
byAPNIC
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
byIGN MANTRA
 
Noah Maina: Computer Emergency Response Team (CERT)
byHamisi Kibonde
 
Module 1 Introduction of Network security
byhoangvttlu
 
CSIRT-Coordination-and-Collaboration-Overview.pptx
byMuhammad Salahuddien
 
L11 Transition And Key Roles and SAT ROB IRP.pptx
byStevenTharp2
 
APCERT Updates
byAPNIC
 
introcsce813-lect6csce813-lect6csce813-lect6.ppt
byabhimannyubanerjee
 
IRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRTIRT.ppt
byabhimannyubanerjee
 
2.4.1 - Intro to Cyber Security for students.ppt
byrameshselvarajkkp
 
INCIDENT RESPONSE NIST IMPLEMENTATION
bySylvain Martinez
 
Latihan6 comp-forensic-bab5
bysabtolinux
 
Cert adli wahid_iisf2011
byDirectorate of Information Security | Ditjen Aptika
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
byIGN MANTRA
 
CNIT 50: 9. NSM Operations
bySam Bowne
 
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
Philippines Cybersecurity Conference 2021: The role of CERTs
byAPNIC
 
IAEM cybersecurity 101
bySarah K Miller
 
2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD
byJack Kessler
 
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
byCristian Driga
 

More from APNIC

PDF
IPv6 Deployment and Best Practices, presented by Makito Lay
byAPNIC
 
PDF
DDoS in India, presented at INNOG 8 by Dave Phelan
byAPNIC
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
byAPNIC
 
PDF
The Internet - By the numbers, presented at npNOG 11
byAPNIC
 
PDF
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
byAPNIC
 
PDF
DNSSEC Made Easy, presented at PHNOG 2025
byAPNIC
 
PPTX
APNIC Report, presented at APAN 60 by Thy Boskovic
byAPNIC
 
PDF
Global Networking Trends, presented at the India ISP Conclave 2025
byAPNIC
 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
byAPNIC
 
PDF
Cleaning up your RPKI invalids, presented at PacNOG 35
byAPNIC
 
PDF
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
byAPNIC
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
byAPNIC
 
PDF
Make DDoS expensive for the threat actors
byAPNIC
 
PDF
DDos Mitigation Strategie, presented at bdNOG 19
byAPNIC
 
PDF
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
byAPNIC
 
PDF
Transmission Control Protocol (TCP) and Starlink
byAPNIC
 
PDF
BGP Security Best Practices that Matter, presented at PHNOG 2025
byAPNIC
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
byAPNIC
 
PDF
Measuring Starlink Protocol Performance, presented at LACNIC 43
byAPNIC
 
PDF
Fast Reroute in SR-MPLS, presented at bdNOG 19
byAPNIC
 
IPv6 Deployment and Best Practices, presented by Makito Lay
byAPNIC
 
DDoS in India, presented at INNOG 8 by Dave Phelan
byAPNIC
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
byAPNIC
 
The Internet - By the numbers, presented at npNOG 11
byAPNIC
 
APNIC's Role in the Pacific Islands, presented at Pacific IGF 2205
byAPNIC
 
DNSSEC Made Easy, presented at PHNOG 2025
byAPNIC
 
APNIC Report, presented at APAN 60 by Thy Boskovic
byAPNIC
 
Global Networking Trends, presented at the India ISP Conclave 2025
byAPNIC
 
Triggering QUIC, presented by Geoff Huston at IETF 123
byAPNIC
 
Cleaning up your RPKI invalids, presented at PacNOG 35
byAPNIC
 
ICP -2 Review – What It Is, and How to Participate and Provide Your Feedback
byAPNIC
 
The Internet -By the Numbers, Sri Lanka Edition
byAPNIC
 
Make DDoS expensive for the threat actors
byAPNIC
 
DDos Mitigation Strategie, presented at bdNOG 19
byAPNIC
 
APNIC Update - Global Synergy among the RIRs: Connecting the Regions
byAPNIC
 
Transmission Control Protocol (TCP) and Starlink
byAPNIC
 
BGP Security Best Practices that Matter, presented at PHNOG 2025
byAPNIC
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
byAPNIC
 
Measuring Starlink Protocol Performance, presented at LACNIC 43
byAPNIC
 
Fast Reroute in SR-MPLS, presented at bdNOG 19
byAPNIC
 

Recently uploaded

PPTX
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
PPTX
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
PPTX
Overview-of-Anti-DDoS-Solutions-On-Premise-vs-On-Cloud.pptx
bybunhongkruy
 
PPTX
Why-Enterprises-Should-Build-Their-Own-Core-Network-and-Own-Their-ASN-and-Pub...
bybunhongkruy
 
PPTX
Anti-DDoS Service Introduction(Customer Version) - 2025(1).pptx
bybunhongkruy
 
PDF
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PPTX
Lesson 3 - Methodology of Green Computing - part2 - dela cruz.pptx
byOmar Fernandez
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PDF
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
PPTX
tacacstrianingforwirelessnetworkengineers
byRaviTejaTammineni
 
PPTX
Number_Guessing_Game_Dsbsbssbzboc[1].pptx
byfbinsta3426
 
DOCX
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
PDF
Novi.LMS.Veseli.Cetvrtak.001 (1).pdfjjjj
byzoran radovic
 
PPTX
Dalhousie University Diploma
by文凭办理维多利亚大学购买毕业证学位认证知乎【Q微:1954292140】
 
PDF
LMS.Golconda.Vanredni.Broj.001.pdfjjjjjjj
byzoran radovic
 
PDF
Greetings All Students Update 3 by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
Overview-of-Anti-DDoS-Solutions-On-Premise-vs-On-Cloud.pptx
bybunhongkruy
 
Why-Enterprises-Should-Build-Their-Own-Core-Network-and-Own-Their-ASN-and-Pub...
bybunhongkruy
 
Anti-DDoS Service Introduction(Customer Version) - 2025(1).pptx
bybunhongkruy
 
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Lesson 3 - Methodology of Green Computing - part2 - dela cruz.pptx
byOmar Fernandez
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
tacacstrianingforwirelessnetworkengineers
byRaviTejaTammineni
 
Number_Guessing_Game_Dsbsbssbzboc[1].pptx
byfbinsta3426
 
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
Novi.LMS.Veseli.Cetvrtak.001 (1).pdfjjjj
byzoran radovic
 
Dalhousie University Diploma
by文凭办理维多利亚大学购买毕业证学位认证知乎【Q微:1954292140】
 
LMS.Golconda.Vanredni.Broj.001.pdfjjjjjjj
byzoran radovic
 
Greetings All Students Update 3 by LDMMIA
by©LDMMIA, ©Reiki Yoga
 

Cybersecurity by the numbers

  • 1.
    Cybersecurity by the#s Regulatory Internet Governance Symposium – Vanuatu 20 October 2016
  • 2.
    Cybersecurity by the#s Network Security • A view from the logical layer • Network Security • What are we up against? • The cybersecurity ecosystem CERT | CSIRT • Incident Response • Coordination • Information Sharing • Building a CERT • Components of a CERT/CSIRT • The Road Forward
  • 3.
    A view fromthe logical layer https://www.icann.org/news/multimedia/1563
  • 4.
    The fundamental challenge 0010100001101001 01101110 00101001 01110011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01100010 01111001 00100000 01100100 01100101 01110011 01101001 01100111 01101110 (in)Security by Design https://blog.apnic.net/2015/07/07/mapping-the-internet-in-the-asia-pacific/
  • 5.
    Confidentiality Integrity Availability SECURITY prevents unauthorizeduse or disclosure of information safeguards the accuracy and completeness of information authorized users have reliable and timely access to information Goals of Information Security
  • 6.
    Terms: Breaking itdown • Threat – Any circumstance or factor with the potential to cause harm – a motivated, capable adversary • Vulnerability – A weakness in a system; in procedures, design, or implementation that can be exploited • Software bugs, design flaws, operational mistakes • Risk – The probability that a particular vulnerability will occur – The severity (impact) of that occurrence = likelihood x consequences
  • 7.
    Security tradeoffs • Servicesoffered vs. security provided – Each service offers its own security risk – The more services, the less security • Ease of use vs. security – Every security mechanism causes inconvenience – The more “plug n play”, the less security • Risk of loss vs. Cost of security – Assets carry value and risk of loss – The higher the value, the higher the security cost • These factors can be balanced in a comprehensive security policy
  • 8.
    What are weup against?
  • 9.
    What can theattackers do? • Eavesdropping – Listen in on communications • Masquerading – Impersonating someone else • Forgery – Invent or duplicate/replay information • Trespass – Obtain unauthorised access • Subversion – Modify data and messages in transit • Destruction – Vandalise or delete important data • Disruption – Disable or prevent access to services • Infiltration – Hide out inside our machines • Hijacking – “Own” and use machines for nefarious purposes
  • 10.
    And why dothey do it? Motivation Examples Knowledge driven • Recreational • Research Issue-based • Hacktivism • Patriotism Antisocial • Revenge • Vandalism Competitive • Theft of IP • Damage to competitors Criminal • Theft of assets • Extortion Strategic • Espionage • State-driven or sponsored
  • 11.
    And, how tothey do it? • Targeting the user – Masquerading – “Phishing” – DNS Cache Poisoning • IP Address “spoofing” • Disruption – DoS attacks – DDoS attacks
  • 12.
    “Phishing” • “Fishing” forinformation such as usernames, passwords, credit card details, other personal information • Ex: Forged emails apparently from legitimate enterprises, direct users to forged websites.
  • 13.
    DNS Cache Poisoning TheInternet www.apnic.netwww.apnic.net? www.apnic.net 199.43.0.44 DNS 175.98.98.133 203.119.102.244 199.43.0.44 ☹︎
  • 14.
    Securing websites –SSL certificates The Internet www.apnic.net www.apnic.net? 203.119.102.244 DNS 175.98.98.133 203.119.102.244 ☺︎ SSL
  • 15.
    Securing DNS –DNSSEC The Internet www.apnic.net www.apnic.net? DNS 175.98.98.133 203.119.102.244 ☺︎ 203.119.102.244 SEC
  • 16.
    Misusing IP Addresses… TheInternet Global Routing Table 4.128/9 60.100/16 60.100.0/20 135.22/16 … Global Routing Table 4.128/9 60.100/16 60.100.0/20 135.22/16 199.43.0.0/24 … Announce 199.43.0.0/24 R 202.12.29.0/24 Traffic 199.43.0.0/24 ☹︎
  • 17.
    Misusing IP Addresses… TheInternet Global Routing Table 4.128/9 60.100/16 60.100.0/20 135.22/16 … Global Routing Table 4.128/9 60.100/16 60.100.0/20 135.22/16 202.12.29.0/24 … Announce 202.12.29.0/24 R 202.12.29.0/24 RPKI ☺︎
  • 18.
    IP address spoofing InternetISP 203.119.102.244 175.98.98.133 Request Src:175.98.98.133 Dst: 203.119.102.244 Response Src: 203.119.102.244 Dst: 175.98.98.133 ☺︎
  • 19.
    IP address spoofing InternetISP 203.119.102.244 175.98.98.133 Response Src:203.119.102.244 Dst: 199.43.0.44 199.43.0.44 Request Src: 199.43.0.44 Dst: 203.119.102.244 ☹︎
  • 20.
    DoS attack: Amplification InternetISP 203.119.102.244 175.98.98.133 199.43.0.44 Request Src:199.43.0.44 Dst: 203.119.102.244 ☹︎ Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD Request Src: 199.43.0.44 Dst: 203.119.102.244 Request Src: 199.43.0.44 Dst: 203.119.102.244 Request Src: 199.43.0.44 Dst: 203.119.102.244 Request Src: 199.43.0.44 Dst: 203.119.102.244 Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD Response Src: 203.119.102.244 Dst: 199.43.0.44 BIG PAYLOAD
  • 21.
    Defeating IP spoofing– BCP38 InternetISP 203.119.102.244 175.98.98.133 ☺︎ BCP38 (2000) Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing ISP Request Src: 199.43.0.44 Dst: 203.119.102.244
  • 22.
    DDoS attack: DistributedDoS InternetISP ☹︎ “Botnet”
  • 23.
    Network Security InA Nutshell • Ensuring Confidentiality's, Integrity, Availability • Building a risk management approach • Implemented through cybersecurity program C I A • Security as a process • Technology, people, and process
  • 24.
    The Bigger Picture Network& Information Security Cybersecurity
  • 25.
  • 26.
  • 27.
  • 28.
    Incident Response Security Incident •A computer security incident is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices • Examples: – An attacker commands a botnet to send high volumes of connection requests to a web server, causing it to crash – Users are tricked into opening a “quarterly report” sent via email that is actually malware; running the tool has infected their computers and established connections with an external host. – An attacker obtains sensitive data and threatens that the details will be released publicly if the organization does not pay a designated sum of money. (Source: NIST SP800-61Incident Handling Guide)
  • 29.
    1. Preparation – Preparingto handle Incidents – Preventing Incidents 2. Detection and Analysis Source: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf Stages of Incident Handling 3. Containment, Eradication & Recovery 4. Post Incident Activities
  • 30.
  • 31.
    Coordination Source: NIST ComputerSecurity Incident Handling Guide
  • 32.
  • 33.
    Information Sharing • TrustedGroup • Sharing of threat intelligence • Co-ordinated Response • Reach out to the community
  • 34.
    Why a Team? •Dedicated resources for Incident Management – Dedicated Service(s) – Human Resources – Specific Polices and SOPs – Expertise & Skillsets • Structured Incident Management / Handling Procedures • Integration with other activities Internal & External to the organization – SOC / IT – CERTs / ISACs etc
  • 35.
  • 36.
    Defining a CSIRT …isa team that performs, coordinates, and supports the response to security incidents that involve sites within a defined constituency • In ways which the specific community agrees to be in its general interest • Team = Organization that does Incident Response (IR) work! • Must react to reported security incidents or threat faced by the constituency
  • 37.
    Defining a CSIRT …isa team that performs, coordinates, and supports the response to security incidents that involve sites within a defined constituency • Mandate & Terms of Reference • Defined Structure • Operational Capacity
  • 38.
  • 39.
    Constituency • Who isthe Team meant to serve? • Constituency help defines: – What is the purpose & nature of the CSIRT – Who is the CSIRT Serving – What types of security incidents the CSIRT handles – What are the relationship with other CSIRTs • Constituencies might overlap – Co-ordination is key – CSIRT of the “Last Resort”
  • 40.
    Different Types ofCSIRTs • National CSIRTs • Coordination Centers • Analysis Centers • Enterprise CSIRTs • Vendor Teams • Incident Response Providers • Regional CERTs Source: US-CERT https://www.cert.org/incident-management/csirt-development/csirt-faq.cfm
  • 41.
    Policies & SOPs •Specific for Incident Response & Handling • Definition of Security Incidents and Related Terms • Define Scope, Roles & Responsibilities • Sharing of Information within the organization or with external parties • What to do in the event of a security incident – Specific SOP for dealing with different types of incidents – Forms, Templates, Required information – How to reach you outside office hours • Dealing with Crisis – Escalation (Internal & External) – Dealing with the Media /Press • Setting Realistic Expectations – Dealing with Service Providers
  • 42.
    Team Structure • TeamModels – Central Incident Response Team – Distributed Incident Response Team – Co-ordination Team • Functions / Workflow – Incident Reporting • Report from internal or external – Incident Analysis • What is happening, Impact, Patterns – Incident Response • Containment, Eradication & Recovery • Post-Incident Activity / Recommendations • How many people do we need in a team?
  • 43.
    Services • Incident Handling& Response – Core activity • Advisory / Notification – Issue advisory relevant to constituency • Education and Awareness – Promoting best practices – Policies and SOPs – Cyber Security Exercises • Information Sharing – i.e. Global / Regional CSIRTs groups, ISACS • Other Services – Reactive – Proactive – Security Quality Management
  • 44.
    Types of ServicesExample * Enterprise CSIRT * Proactive Services Reactive Services Security Quality Management Services • Security Alerts • Security Reporting • Security Diagnosis • Monitoring of Websites • Vulnerability Handling • Incident Handling • Artifact Handling • Security Consultation • Security Education • Security Training • Evaluation of Technologies Source: NTT-CERT https://conference.apnic.net/data/39/150304_ntt-cert-activity_1425447986.pdf
  • 45.
    Tools & Facilities •Basically two categories of tools – Managing Incident Reports – Tools for analysis • Handling & Managing Incidents Reported – Able to collect & store incidents reported – Track status, produce reports – Function of system can be mapped to SOP – Encryption tools for secure communication • Security Incidents Monitoring & Analysis – Tools for processing or analyzing logs, binaries, network traffic – Forensics Tools – Tools for information sharing – Labs / Separate resources for analysis / testing – Tools in the Public domains (i.e. Passive DNS) • Office / Work facilities – Secure room, Office facilities, etc • Good Resource: FIRST Membership Site Visit: http://www.first.org/membership/site-visit-V1.0.pdf
  • 46.
    Building Relationships • Internal –Early buy-in from leadership and constituency – Costing • The cost tends to vary based on a lot of factors – Size of team – Services provided – Nature of Organisation • Start Small – Using open source tools – Scale up as capability and need grows • External – Becoming of a part of a trusted community • Attending Meetings / Conferences • Capacity Development (Training)
  • 47.
  • 48.
    Road Forward “Establishment ofa National Computer Emergency Response Team (CERT) that is capable of dealing with relevant Cybersecurity threats for citizens, tourists, businesses and government in Vanuatu”
  • 49.
    Lets stay engaged! KléeAiken External Relations Manager klee@apnic.net Adli Wahid Security Specialist FIRST Board Member adli@apnic.net Upcoming security engagements: • APCERT Conference | Tokyo, JP • 24 to 27 Oct 2016 • NGN Forum | Suva, FJ • 1 to 3 Nov 2016 • Technical Assistance | Suva & Nadi, FJ • 24 to 26 Nov 2016 • PacNOG 19 | Nadi, FJ • 28 Nov to 2 Dec
  • 50.