Cyber Security : Indian

collarlimabeansΑσφάλεια

23 Φεβ 2014 (πριν από 3 χρόνια και 7 μήνες)

94 εμφανίσεις

Cyber Security : Indian
perspective


8 Feb 2009

Dr. Gulshan Rai

Director, CERT
-
IN

Govt. of India

grai@mit.gov.in

Web Sites (WWW)

1993

Web Invented and implemented

130 Nos. web sites

1994

2738 Nos.

1995

23500 Nos.

2007

550 Million Nos.

2008

850 Million Nos.

Web Evolution

3

3

Internet Infrastructure in INDIA

Innovation fostering the Growth of NGNs


Smart devices


Television


Computers


PDA


Mobile Phone



(
Single device to provide an end
-
to
-
end, seamlessly secure access)



Application Simplicity


Preference of single, simple and secure interface to access
applications or content


Ubiquitous interface
-

web browser



Flexible Infrastructure



Because of these areas of evolution, today’s NGNs are defined
more by the services they support than by traditional demarcation
of Physical Infrastructure.

The Emergence of NGNs


The communication network operating two years ago
are father’s telecommunication Network.


NGNs are teenager’s Network.


No longer consumer and business accept the
limitation of single
-
use device or network.


Both individuals and Business want the ability to
communicate, work and be entertained over any
device, any time, anywhere.


The demand of these services coupled with innovation
in technology is advancing traditional
telecommunication far outside its original purpose.

6



The Complexity of Today’s Network

Changes Brought in IT


Large network as backbone for
connectivity across the country


Multiple Service providers for
providing links


BSNL, MTNL,
Reliance, TATA, Rail Tel


Multiple Technologies to support
network infrastructure CDMA, VSAT,
DSL


Multiple Applications

Router

Internet

Intranet

`
Unmanaged

Device

New PC

Internet

Perimeter

Network

Branch

Offices

Remote Workers

Home Users

Unmanaged
Devices

Router

Router

Router

Router

`
`
`
`
`
`
Branch

Offices

Desktops

Laptops

Servers

Extranet Servers

Router

Network
Infrastructure

Unmanaged
Devices

Perimeter Network
Servers

Trends shaping the
future


Ubiquitous computing, networking
and mobility


Embedded Computing


Security


IPv6


VoIP

Challenges for Network Operator


Business challenges include new Pricing
Structure, new relationship and new competitors.



Technical challenges include migrating and
integrating with new advances in technologies
from fibre optics, installation of Wi
-
Fi support.



Developing a comprehensive Security Policy and
architecture in support of NGN services.

To Reap Benefits


To reap benefits of NGN, the operator must
address


Technology


Risk


Security


Efficiency

NGN Architecture

Identify

Layer


Compromises

of

end

users

owned

by

a

telecom

or

a

third
-
party

service

provider

accessing

services

using

devices

like

PC,

PDA

or

mobile

phone,

to

connect

to

the

Internet



Service

Layer


Hosts

service

applications

and

provides

a

framework

for

the

creation

of

customer
-
focused

services

provided

by

either

operator

or

a

third
-
party

service

provider



Network

Layer


Performs service execution, service management,
network management and media control functions


Connects with the backbone network

Internet

Third
-
Party

Application

Untrusted

Web Tier

Service Provider
Application

Service
Delivery
Platform
(Service
Provider )

Service Delivery Platform

Common Framework

Backbone Network

Partly
Trusted

10

Growing Concern


Computing

Technology

has

turned

against

us



Exponential

growth

in

security

incidents


Pentagon,

US

in

2007


Estonia

in

April

2007


Computer

System

of

German

Chancellory

and

three

Ministries


Highly

classified

computer

network

in

New

Zealand

&

Australia



Complex

and

target

oriented

software




Common

computing

technologies

and

systems



Constant

probing

and

mapping

of

network

systems

Cyber Threat Evolution

Virus

Breaking
Web Sites

Malicious
Code
(Melissa)

Advanced Worm /
Trojan (I LOVE
YOU)

Identity Theft
(Phishing)

Organised Crime

Data Theft, DoS /
DDoS

1995

2000

2003
-
04

2005
-
06

2007
-
08

1977

Cyber attacks being observed


Web defacement


Spam


Spoofing


Proxy Scan


Denial of Service


Distributed Denial of Service


Malicious Codes


Virus


Bots


Data Theft and Data Manipulation


Identity Theft


Financial Frauds


Social engineering Scams

13

Security Incidents reported during 2008

Trends of Incidents



Sophisticated

attacks


Attackers

are

refining

their

methods

and

consolidating

assets

to

create

global

networks

that

support

coordinated

criminal

activity



Rise

of

Cyber

Spying

and

Targeted

attacks


Mapping

of

network,

probing

for

weakness/vulnerabilities



Malware

propagation

through

Website

intrusion



Large

scale

SQL

Injection

attacks

like

Asprox

Botnet



Malware

propagation

through

Spam

on

the

rise


Storm

worm,

which

is

one

of

the

most

notorious

malware

programs

seen

during

2007
-
08
,

circulates

through

spam



Trends of Incidents


Phishing


Increase

in

cases

of

fast
-
flux

phishing

and

rock
-
phish


Domain

name

phishing

and

Registrar

impersonation



Crimeware


Targeting

personal

information

for

financial

frauds



Information

Stealing

through

social

networking

sites



Rise

in

Attack

toolkits


Toolkits

like

Mpack

and

Neospolit

can

launch

exploits

for

browser

and

client
-
side

vulnerabilities

against

users

who

visit

a

malicious

or

compromised

sites

Global Attack Trend

Source: Websense

17

Top originating countries


Malicious code

18

Three faces of cyber crime


Organised Crime



Terrorist Groups



Nation States

Security of Information Assets


Security of information & information assets is becoming a
major area of concern


With every new application, newer vulnerabilities crop up,
posing immense challenges to those who are mandated to
protect the IT assets


Coupled with this host of legal requirements and
international business compliance requirements on data
protection and privacy place a huge demand on
IT/ITES/BPO service organizations


We need to generate ‘Trust & Confidence’

Challenges before the Industry

Model Followed Internationally


Internationally, the general approach has been to
have legal drivers supported by suitable
verification mechanism.


For example, in USA Legal drivers have been


SOX


HIPPA


GLBA


FISMA etc.


In Europe, the legal driver has been the “Data
Protection Act” supported by ISO27001 ISMS.

22

Confidentiality

INFORMATION SECURITY

Integrity

Availability

Authenticity

Security

Policy

People

Process

Technology

Regulatory

Compliance

Access

Control

Security

Audit

User

Awareness

Program

Incident

Response

Firewall,

IPS/IDS

Encryption,

PKI

Antivirus

Information Security Management

Cyber Security Strategy


India




Security

Policy,

Compliance

and

Assurance



Legal

Framework


IT

Act,

2000


IT

(Amendment)

Bill,

2006



Data

Protection

&

Computer

crimes


Best

Practice

ISO

27001


Security

Assurance

Framework
-

IT/ITES/BPO

Companies



Security

Incident



Early

Warning

&

Response


CERT
-
In

National

Cyber

Alert

System


Information

Exchange

with

international

CERTs



Capacity

building



Skill

&

Competence

development



Training

of

law

enforcement

agencies

and

judicial

officials

in

the

collection

and

analysis

of

digital

evidence


Training

in

the

area

of

implementing

information

security

in

collaboration

with

Specialised

Organisations

in

US



Setting

up

Digital

Forensics

Centres


Domain

Specific

training



Cyber

Forensics



Research

and

Development


Network

Monitoring


Biometric

Authentication


Network

Security



International

Collaboration

Status of security and quality compliance
in India


Quality and Security


Large number of companies in India have aligned their
internal process and practices to international standards
such as


ISO 9000


CMM


Six Sigma


Total Quality Management


Some Indian companies have won special recognition for
excellence in quality out of 18 Deming Prize winners for
Total Quality Management in the last five years, six are
Indian companies.

ISO 27001/BS7799 Information Security
Management


Government has mandated implementation of
ISO27001 ISMS by all critical sectors


ISMS 27001 has mainly three components


Technology


Process


Incident reporting and monitoring


296 certificates issued in India out of 7735
certificates issued worldwide


Majority of certificates issued in India belong to
IT/ITES/BPO sector

Information Technology


Security Techniques

Information Security Management System




World China


Italy


Japan

Spain


India USA

ISO 9000 951486 210773


115309


73176

65112


46091


36192

(175 counties)

27001


7732


146


148


276


93


296


94


CERT
-
In Work Process

Department of
Information
Technology

Detection

Analysis

Dissemination & Support

Analysis

Recovery

Detect

Dissemination

ISP Hot Liners

Press & TV /
Radio

Home Users

Private Sectors

Major ISPs

Foreign Ptns

Distributed Honeypot Deployment

PC & End User Security: Auto Security Patch Update

Windows Security Patch Auto Update

`
`
`
No. of Download ActiveX: 18 Million

Internet

Microsoft Download Ctr.

ActiveX DL Server

Sec. Patch ActiveX Site

Incident Response Help Desk

PC & End User Security

Internet

PSTN


Make a call using 1800


11
-

4949


Send fax using 1800


11
-

6969


Communicate through email at incident@cert
-
in.org.in


Number of security incidents handled during 2008 (till Oct): 1425


Vulnerability Assessment Service

Int’l Co
-
op: Cyber Security Drill

Joint International Incident Handling Coordination Drill


Participated APCERT International Incident
Handling Drill 2006


Participants: 13 APCERT Members and New
Zealand, Vietnam including 5 major Korean
ISPs


Scenario: Countermeasure against Malicious
Code and relevant infringement as
DDoS

attack


Participated APCERT International Incident
Handling Drill 2007


Participants: 13 APCERT Members + Korean
ISPs


Scenario:
DDoS

and Malicious Code Injection


To be Model: World Wide Cyber Security
Incidents Drill among security agencies

Thank you


Incident Response Help Desk

Phone: 1800 11 4949

FAX: 1800 11 6969

e
-
mail: incident
at

cert
-
in.org.in

http://www.cert
-
in.org.in