ID-SIRTII - Cyber 6

8/7/2019 ID-SIRTII - Cyber 6

1/44

Cyber-6Cyberspace

Cyberthreat

Cyberattack

Cybersecurity

Cybercrime

Cyberlaw

Six Aspect to Protect Critical

Infrastructures


2/44

Knowledge Domain

7/15/2010

2

CyberSpace

CyberThreat

CyberAttack

CyberSecurity

CyberCrime

CyberLaw


3/44

Cyber SpaceCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw


4/44

Cyberspace

A reality communitybetween PHYSICAL WORLDand ABSTRACTION WORLD

1.4 billion of real humanpopulation (internet users)

Trillion US$ of potentialcommerce value

Billion business transactionsper hour in 24/7 mode

4

Internet is a VALUABLE thing indeed.Risk is embedded within.


5/44

Posture of Internet

7/15/2010

5

45 jutauser tersebar di 18,000pulau


6/44

Internet Statistics

Populasi Penduduk Indonesia 240,271,522 (akhir 2009)

Lebih dari 300 ISP, 30 NAP, 3 IX (national internetexchange)

1 juta internet user (1999), 45 juta users (2010)

100.000 internet subscribers (1999), 6 juta (2010)

Lebih dari 25 juta pengunjung media online setiap hari!

25 Gbit/s aggregate national traffic, 45 Gbit/sinternational traffic


7/44

Information Roles

Kenapa Informasi Sangat Berharga?

Memuat data and fakta penting (news, reports,statistics, transaction, logs, dll.)

Dapat menciptakan persepsi kepada publik(market, politics, image, marketing, dll.)

Merepresentasikan asset yang bernilai (money,documents, password, secret code, etc.)

Merupakan bahan dasar pengetahuan (strategy,plan, intelligence, etc.)

7/15/2010

7


8/44

Apakah Internet ?

A giant network of networks where peopleexchange information through various differentdigital-based ways:

7/15/2010

8

Email Mailing List Website

Chatting Newsgroup Blogging

E-commerce E-marketing E-government

what is the value of internet ???


9/44

Cyber ThreatCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw


10/44

Cyber Threat

10

Trend meningkat secara

exponensial

Motivnya bervarisasi

Dapat mengakibatkan

kerugian signifikan

terhadap ekonomi dan

politik

Sulit untuk dilakukan

mitigasi

Threats are there to stay.Cant do so much about it.

web defacement information leakage phishing intrusion Dos/DDoS

SMTP relay virus infection hoax malware distribution botnet open proxy

root access theft sql injection trojan horse worms password cracking

spamming malicious software spoofing blended attack


11/44

Underground Economy

7/15/2010

11


12/44

Growing Vulnerabilities

7/15/2010

12

* Gartner CIO Alert: Follow Gartners Guidelines for Updating Security on Internet Servers, Reduce Risks. J. Pescatore,

February 2003

** As of 2004, CERT/CC no longer tracks Security Incident statistics.

Incidents and Vulnerabilities Reported to CERT/CC

0

500

1000

1500

2000

25003000

3500

4000

4500

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

TotaVulneai

e

0

20,000

40,000

60,000

80,000

100,000

120,000

140,000

160,000

TotaSeryncdets

Vulnerabilities Security Incidents

Through 2008, 90 percent of

successful hacker attacks

will exploit well-knownsoftware vulnerabilities.

- Gartner*


13/44

Potential Threats

Unstructured Threats Insiders Recreational Hackers Institutional Hackers

Structured Threats Organized Crime Industrial Espionage Hacktivists

National Security Threats Terrorists

Intelligence Agencies

Information Warriors

7/15/2010

13


14/44

Cyber AttackCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw


15/44

Cyberattack

Sudah sangat banyak seranganyang dilakukan di cyberspace.

Sebagian besar dipicu olehkejadian di dunia nyata.

Kejadian Estonia telahmembuka mata masyarakat di

seluruh dunia.

7/15/2010

15


16/44

National Incidents

1 juta event (potential attacks) setiap hari, sebagianbesar datang dari US dan China.

Web deface menjadi aksi favorit.

Cyber Fraud, Phising, Email Spam dll.

Saling serang antar komunitas Indonesia dan Malaysia.

Dll.


17/44

International Issues

BEIJING/OTTAWA (Reuters) - A cyber-espionage group based in southwestChina stole documents from the Indian Defense Ministry and emails from theDalai Lama's office, Canadian researchers said in a report on Tuesday.

TORONTO (Reuters) - A China-based cyber spy network has hacked intogovernment and private systems in 103 countries, including those of many

Indian embassies and the Dalai Lama, an Internet research group said. Afterinitial investigations when the group widened it research it found that theChina-based cyber espionage had hacked computer systems of embassies ofIndia, Pakistan, Germany, Indonesia, Thailand, South Korea and many othercountries.

(Reuters) The Chinese government is likely behind recent cyberattacks on

U.S. government Web sites and on U.S. companies in an apparent effort toquash criticism of the government there, an expert on U.S. and Chineserelations said. There's no conclusive proof that recent attacks on Google anddozens of other U.S. companies are directed by the Chinese government, butlogic would point to official Chinese involvement, said Larry Wortzel, amember of the U.S.-China Economic and Security Review Commission and aformer U.S. Army counterintelligence officer.

7/15/2010

17


18/44

International Issues

(Reuters) - Israel is using its civilian technological advances to enhancecyberwarfare capabilities, the senior Israeli spymaster said on Tuesday ina rare public disclosure about the secret program. Using computernetworks for espionage -- by hacking into databases -- or to carry out

sabotage through so-called "malicious software" planted in sensitivecontrol systems has been quietly weighed in Israel against arch-foes likeIran.

(Reuters) - North Korea's communications ministry was behind a series ofcyber attacks against South Korean and U.S. websites in July, the South's

spy chief was quoted Friday as saying. Dozens of major U.S. and SouthKorean government and business sites were slowed or disabled withtraffic generated by malicious software planted on personal computersunknown to their users. South Korean officials said at the time that NorthKorea was a prime suspect.

7/15/2010

18


19/44

Attacks Sophistication

7/15/2010

19

High

Low

1980 1985 1990 1995 2005

Intruder

Knowledge

Attack

Sophistication

Cross site scripting

password guessing

self-replicating code

password cracking

exploiting known vulnerabilities

disabling audits

back doors

hijacking

sessions

sweepers

sniffers

packet spoofing

GUIautomated probes/scans

denial of service

www attacks

Tools

stealth / advanced

scanning techniques

burglaries

network mgmt. diagnostics

distributedattack tools

Staged

AutoCoordinated


20/44

Vulnerabilities Exploit Cycle

7/15/2010

20

Advanced

Intruders

Discover New

Vulnerability

Crude

Exploit ToolsDistributed

Novice Intruders

Use Crude

Exploit Tools

Automated

Scanning/Exploit

Tools Developed

Widespread Use

of AutomatedScanning/Exploit

Tools

Intruders

Begin

Using New

Typesof Exploits

Highest ExposureTime

# Of

Incidents


21/44

Why Are Attacks so Often Successful

7/15/2010

21

Kurangnya deteksi, respons, dan eskalasi.

Tidak ada kebijakan atau prosedur formal untukmelakukan audit secara (pro) aktif dan/atau eventmanagement.

Kurangnya sistem authentication dan authorization.

Tidak ada batasan2 secara logic maupun organinasidalam sebuah network.


22/44

What are The GreatestChallenges

22


23/44

Cyber SecurityCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw


24/44

Cybersecurity

Lead by ITU forinternational domain,while some standards areintroduced by differentinstitution (ISO, COBIT,ITIL, etc.)

Your security is mysecurity individual

behavior counts whilevarious collaborations areneeded

7/15/2010

24

Education, value, and ethicsare the best defense approaches.


25/44

Strategies for Protection

7/15/2010

25

Protecting Information

Protecting Infrastructure

Protecting Interactions


26/44

Mandatory Requirements

Critical infrastructures are those physical and cyber-based systems essential to the minimum operations ofthe economy and government. These systems are sovital, that their incapacity or destruction would have a

debilitating impact on the defense or economic securityof the nation.

Banking & Finance, Agriculture & Food, Chemical,Defense Industrial Base, Drinking Water and Wastewater

Treatment Systems, Emergency Services, Energy,Information Technology, Postal & Shipping, Public Health& Healthcare, Telecommunications, TransportationSystems

7/15/2010

26


27/44

Metode Evaluasi

Complete Security Audit

Confidentiality, Integrity, Availability

Menggunakan standard (best practice)

Dilakukan pihak independen

Penetration Test :

Black Box

White Box Grey Box

Hasil hanya snapshot saat itu

Perlu dilakukan evaluasi berkala

27

7/15/2010


28/44

System Under Test

Topologi

Network Element

Application

28

7/15/2010


29/44

Best Practice Standard

7/15/2010

29

Access

Controls

Asset

Classification

Controls

Information

Security PolicySecurity

Organisation

Personnel

Security

Physical

SecurityCommunication

& Operations

Mgmt

System

Development &Maint.

Bus. Continuity

Planning

Compliance

Information

Integrity Confidentiality

Availability

1

2

3

4

5

6

7

8

9

10

ISO/IEC 27001:2005(Information technology - Security techniques -Information Security Management Systems - Requirements) The

standard in the UK is dual numbered BS 7799-2:2005.


30/44

Cyber CrimeCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw


31/44

Cybercrime

7/15/2010

31

Globally defined as INTERCEPTION,

INTERRUPTION, MODIFICATION, and

FABRICATION

Virtually involving international

boundaries and multi resources

Intentionally targeting to fulfill

special objective(s)

Convergence in nature with

intelligence efforts.

Crime has intentional objectives.Stay away from the bulls eye.


32/44

Type of Attacks

32


33/44

Motives of Activities

1. Thrill Seekers

2. Organized Crime

3. Terrorist Groups

4. Nation-States

7/15/2010

33


34/44

Cyber LawCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw


35/44

Cyberlaw

7/15/2010

35

Difficult to keep updated as

technology trend moves

Different stories between the

rules and enforcement efforts

Require various infrastructure,

superstructure, and resources

Can be easily out-tracked bylaw practitioners

Cyberlaw is here to protect you.At least playing role in mitigation.


36/44

First Cyber Law in Indonesia.

7/15/2010

36

Range of penalty: Rp 600 milli on - Rp 12 billi on (equal to US$ 60,000 to US$ 1,2 milli on) 6 to 12 years in prison (jail)

starting from

25 March 2008

Picture: Indonesia Parliament in Session


37/44

Main Challenge.

7/15/2010

37

ILLEGAL

the distribution of

illegal materials within

the internet

ILLEGAL

the existence of

source with illegal

materials that can be

accessed through

the internet


38/44

ID-SIRTIIIndonesia Security Incident Response Team on Internet Infrastructure


39/44


40/44

Mission and Objectives

To expedite the economic growth of the country through providingthe society with secure internet environment within the nation

1. Monitoring internet traffic for incident handling purposes.2. Managing log f iles to support law enforcement.3. Educating publ ic for securi ty awareness.4. Assisting institutions in managing security.5. Providing training to constituency and stakeholders.6. Running laboratory for simulation practices.7. Establishing external and international collaborations.

40


41/44

Team and Structure

Deputy of Operationand Security

Deputy of Data Center,Applications & Database

Deputy of Researchand Development

Deputy of Educationand Public Affairs Deputy of ExternalCollaborations

General Secretary

Inspection Board Advisory Board

Ministry of ICTDirectorate ofPost & Telecommuni cation

41


42/44

Topology Approach

42


43/44

Lab Facilities

Network/Incident Simulation

Honeypot

Malware Anlysis

Digital Forensic

Data Mining/Warehouse

43


44/44

Terima Kasih

Indonesia Security Incident Response Team on Internet InfrastructureMenara Ravindo 17th Floor, Jl. Kebon Sirih Kav. 75, Jakarta, Phone: 021 319 25551

Documents

ID-SIRTII - Cyber 6