26 - i know your secret
DESCRIPTION
How to avoid internet attack in banking industryTRANSCRIPT
Prof. Richardus Eko Indrajit Chairman of ID-‐SIRTII and APTIKOM [email protected] www.eko-‐indrajit.com
Trend Kejahatan Berbasis IT di Dunia Perbankan
Special Presenta�on on
About ID-‐SIRTII and APTIKOM
The Na�onal CSIRT/CERT of Indonesia (quasi government ins�tu�on)
Conduc�ng traffic monitoring and log management of the country’s internet infrastructure
Coordina�ng more than 300 ISPs all over the na�on
Responsible for safeguarding internet infrastructure used by mission cri�cal ins�tu�ons
Associa�on of IT colleges and universi�es in Indonesia
Consist of 750 higher-‐learning ins�tu�ons (more than 1,500 study programs)
Approximately 600,000 ac�ve student body, with 50,000 graduates per year
Join collabora�on for curriculum development and shared-‐resources/services ini�a�ves
“ building public awareness on internet security “
Internet and Crimes
Phone Banking Fraud
Credit and Debit Card Crime
ID-‐SIRTII Monitoring Analysis
Knowledge Domain: The Cyber Six
Cyber Space
Cyber Threat
Cyber A�ack
Cyber Security
Cyber Crime
Cyber Law
1 Cyberspace.
A reality community between PHYSICAL WORLD and ABSTRACTION WORLD
1.4 billion of real human popula�on (internet users)
Trillion US$ of poten�al commerce value
Billion business transac�ons per hour in 24/7 mode
Internet is a VALUABLE thing indeed. Risk is embedded within.
8
Informa�on Roles
Why informa�on? – It consists of important data and facts (news, reports, sta�s�cs, transac�on, logs, etc.)
– It can create percep�on to the public (market, poli�cs, image, marke�ng, etc.)
– It represents valuable assets (money, documents, password, secret code, etc.)
– It is a raw material of knowledge (strategy, plan, intelligence, etc.)
What is Internet ?
A giant network of networks where people exchange informa�on through various different digital-‐based ways:
Email Mailing List Website
Cha�ng Newsgroup Blogging
E-‐commerce E-‐marke�ng E-‐government
““… what is the value of internet ???””
2 Cyberthreat.
n The trend has increased in an exponential rate mode
n Motives are vary from recreational to criminal purposes
n Can caused significant economic losses and political suffers
n Difficult to mitigate
Threats are there to stay. Can’t do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
11
Interna�onal Issues
What Does FBI Say About Companies: – 91% have detected employee abuse – 70% indicate the Internet as a frequent a�ack point – 64% have suffered financial losses – 40% have detected a�acks from outside – 36% have reported security incidents
Source: FBI Computer Crime and Security Survey 2001
Underground Economy
Growing Vulnerabili�es
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003 ** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Incidents and Vulnerabilities Reported to CERT/CC
0500
10001500200025003000350040004500
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
Tota
l Vul
nera
bilit
ies
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
Tota
l Sec
urity
Inci
dent
s
Vulnerabilities Security Incidents
““Through 2008, 90 percent of successful hacker attacks
will exploit well-known software vulnerabilities.””
- Gartner*
Poten�al Threats
Unstructured Threats w Insiders w Recrea�onal Hackers w Ins�tu�onal Hackers
Structured Threats w Organized Crime w Industrial Espionage w Hack�vists
Na�onal Security Threats w Terrorists w Intelligence Agencies w Informa�on Warriors
3 Cybera�ack.
Too many a�acks have been performed within the cyberspace.
Most are triggered by the cases in the real world.
The eternal wars and ba�les have been in towns lately.
Estonia notorious case has opened the eyes of all people in the world.
A�ack can occur any�me and anyplace without no�ce.
Case #1
Case #2
Case #3
Case #4
Case #5
A�acks Sophis�ca�on
High
Low
1980 1985 1990 1995 2005
Intruder Knowledge
Attack Sophistication
Cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
sweepers
sniffers
packet spoofing
GUI automated probes/scans
denial of service
www attacks
Tools ““stealth”” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staged
Auto Coordinated
Vulnerabili�es Exploit Cycle
Advanced Intruders Discover New Vulnerability
Crude Exploit Tools
Distributed
Novice Intruders Use Crude
Exploit Tools
Automated Scanning/Exploit Tools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Highest Exposure Time
# Of Incidents
4 Cybersecurity.
Educa�on, value, and ethics are the best defense approaches.
Lead by ITU for interna�onal domain, while some standards are introduced by different ins�tu�on (ISO, ITGI, ISACA, etc.)
“Your security is my security” – individual behavior counts while various collabora�ons are needed
Risk Management Aspect
Risk
Vulnerabilities Threats
Controls
Security Requirements
Asset Values
Assets
Protect against
Exploit
Reduce
Expose
Have Met by
Impact on Organisation
Strategies for Protec�on
Protecting Information
Protecting Infrastructure
Protecting Interactions
Mandatory Requirements
“Cri�cal infrastructures are those physical and cyber-‐based systems essen�al to the minimum opera�ons of the economy and government. These systems are so vital, that their incapacity or destruc�on would have a debilita�ng impact on the defense or economic security of the na�on.”
Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and Wastewater Treatment Systems, Emergency Services, Energy, Informa�on Technology, Postal & Shipping, Public Health & Healthcare, Telecommunica�ons, Transporta�on Systems
Informa�on Security Disciplines
Physical security Procedural security Personnel security Compromising emana�ons security Opera�ng system security Communica�ons security a failure in any of these areas can undermine the security of a system
Best Prac�ce Standard
BS7799/ISO17799
Access Controls
Asset Classification
Controls
Information Security Policy
Security Organisation
Personnel Security
Physical Security Communication
& Operations Mgmt
System Development &
Maint.
Bus. Continuity Planning
Compliance
Informa�on
Integrity Confiden�ality
Availability
1
2
3
4
5
6
7
8
9
10
5 Cybercrime.
n Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION
n Virtually involving inter national boundaries and multi resources
n Intentionally targeting to fulfill special objective(s)
n Convergence in nature with intelligence efforts.
Crime has inten�onal objec�ves. Stay away from the bull’s eye.
Type of A�acks
Malicious Ac�vi�es
Mo�ves of Ac�vi�es
1. Thrill Seekers 2. Organized Crime 3. Terrorist Groups 4. Na�on-‐States
6 Cyberlaw.
n Difficult to keep updated as technology trend moves
n Different stories between the rules and enforcement efforts
n Require various infrastructure, superstructure, and resources
n Can be easily “out-tracked” by law practitioners
Cyberlaw is here to protect you. At least playing role in mi�ga�on.
The Crime Scenes
IT as a Tool
IT as a Storage Device IT as a Target
First Cyber Law in Indonesia.
Range of penalty: Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) 6 to 12 years in prison (jail)
starting from 25 March 2008
Picture: Indonesia Parliament in Session
Main Challenge.
ILLEGAL “… the distribution of illegal materials within the internet …”
ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”
ID-‐SIRTII Mission and Objec�ves.
““To expedite the economic growth of the country through providing the society with secure internet environment within the nation””
1. Monitoring internet traffic for incident handling purposes.
2. Managing log files to support law enforcement.
3. Educating public for security awareness.
4. Assisting institutions in managing security.
5. Providing training to constituency and stakeholders.
6. Running laboratory for simulation practices.
7. Establishing external and international collaborations.
Cons�tuents and Stakeholders.
ID-SIRTII
ISPs
NAPs
IXs
Law Enforcement
National Security
Communities
International CSIRTs/CERTs
Government of Indonesia
sponsor
Coordina�on Structure.
ID-SIRTII (CC) as National CSIRT
Sector CERT Internal CERT Vendor CERT Commercial CERT
Bank CERT
Airport CERT
University CERT
GOV CERT
Military CERT
SOE CERT
SME CERT
Telkom CERT
BI CERT
Police CERT
KPK CERT
Lippo CERT
KPU CERT
Pertamina CERT
Hospital CERT UGM CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
B CERT
C CERT
D CERT
E CERT
F CERT
G CERT
H CERT
Other CERTs Other CERTs Other CERTs Other CERTs
Major Tasks.
INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS
Reactive Services Proactive Services Security Quality Management Services
1. Monitoring traffic Alerts and Warnings Announcements Technology Watch
Intrusion Detection Services
x
2. Managing log files Artifact Handling x x
3. Educating public x x Awareness Building
4. Assisting institutions Security-Related Information
Dissemnination Vulnerability Handling
Intrusion Detection Services
Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications,
and Infrastructure
Security Consulting
5. Provide training x X Education Training
6. Running laboratory x x Risk Analysis BCP and DRP
7. Establish collaborations Incident Handling x Product Evaluation
Incidents Defini�on and Samples.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
““one or more intrusion events that you suspect are involved in a possible violation of your security policies””
““an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel””
““any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat””
““an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the
environment.””
Priori�es on Handling Incidents.
TYPE OF INCIDENT AND ITS PRIORITY
Public Safety and National Defense
(Very Priority)
Economic Welfare
(High Priority)
Political Matters
(Medium Priority)
Social and Culture Threats
(Low Priority)
1. Interception
Many to One
One to Many
Many to Many
Automated Tool (KM-Based Website)
2. Interruption
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
3. Modification
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
4. Fabrication
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
Core Chain of Processes.
Monitor Internet Traffic
Manage Log Files
Response and Handle Incidents
Establish External and International Collaborations
Run Laboratory for Simulation Practices
Provide Training to Constituency and Stakeholders
Assist Institutions in Managing Security
Educate Public for Security Awareness
Deliver Required Log Files
Analyse Incidents
Report on Incident Handling
Management Process and
Research Vital
Statistics
Supporting Activities
Core Process
Legal Framework.
Undang-Undang No.36/1999 regarding National Telecommunication Industry
Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices
Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management
Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure
New Cyberlaw on Information and Electronic Transaction
Challenges to ID-‐SIRTII Ac�vi�es.
Preven�on – “Securing” internet-‐based transac�ons – Reducing the possibili�es of successful a�acks – Working together with ISP to inhibit the distribu�on of illegal materials
Reac�on – Preserving digital evidence for law enforcement purposes – Providing technical advisory for further mi�ga�on process
Quality Management – Increasing public awareness level – Ensuring security level in cri�cal infrastructure ins�tu�ons
Work Philosophy.
Why does a car have BRAKES ??? The car have BRAKES so that it can go FAST … !!!
Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?
Holis�c Framework.
SECURE INTERNET INFRASTRUCTURE
ENVIRONMENT
People
Process
Technology
Log File Management
System
Traffic Monitoring
System
Incident Indication Analysis
Incident Response.
Management
Advisory Board
Executive Board
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
Two Way Rela�onship
Cyber Space
Real World
““Physical War”” ““Virtual War””
Two Way Rela�onship
relate relate
Cyber Space
Real World
real interaction real transaction real resources
real people
flow of information flow of product/services
flow of money
Two Way Rela�onship
Cyber Space
Real World Ethics
Law Rule of Conduct
Mechanism
Cyber Law
““Ruling Cyber Space interaction with Real World Penalty””
Classic Defini�on of War
WAR is here to stay… ““Can Cyber Law alone become the weapon for modern defense against 21st century Cyber Warfare & Cyber Crime?””
impact
Two Way Rela�onship
Cyber Space
impact
Real World
Two Way Rela�onship
Cyber Space
Real World
Poli�cal Incidents
Interna�onal Events
Published Books
Training Materials
Pirated Tools
Community of Interests
threaten
attack
crime
blackmail
destroy
penetrate
destroy disrupt terminate
ruin mess up
Two Way Rela�onship
Real World
Personal Blogs
Ci�zen Journalism
Anonymous Interac�on
Phishing and Forgery
Campaign and Provoca�on
Communi�es Reviews
Cyber Space
sue
investigate
suspect
sabotage
inspect examine
spy gossip
justify
perceive
condemn
The Paradox of Increasing Internet Value
internet users
transac�on value
interac�on frequency
communi�es spectrum
usage objec�ves
+ + + + =
The Internet Value
threats
it means…
a�acks crimes
Internet Security Issues Domain
INTERNET SECURITY
TECHNICAL ISSUES
BUSINESS ISSUES
SOCIAL ISSUES
Internet is formed through connec�ng a set of digital-‐based physical technology that follows a good number of standards and protocols All technical components (hardware and so�ware) interact to each other within a complex dependent…
It is a part of business system as transac�ons and interac�ons are being conducted accordingly As technology mimic, enable, drive, and transform the business, internet dependency is high For the ac�vi�es that rely on �me and space – where resources and processes can be digitalized -‐ the network is the business
What are interac�ng in the net are real people, not just a bunch of “intellectual machines” – by the end of the day, human mind, characters, behaviors, and values ma�er It is not an “isolated world” that does not have any rela�onship with the real physical world
Technical Trend Perspec�ve
malicious code vulnerabili�es
spam and spyware
phishing and iden�fy the�
�me to exploita�on
the phenomena…
the efforts…
Firewalls
An�spyware
An�Virus
So�ware Patches
Web and Email Security
Malware Blocking
Network Access Control
Intrusion Preven�on
Applica�on and Device Control
Encryp�on and PKI
Business Trend Perspec�ve
the context…
Risk Management Prac�ces
Cost Benefit Analysis
Regulatory Compliance
Governance Requirements
Digital Asset Management
Standard and Policy
Enforcement
the strategy…
IT Audit Technology Compliance
Disaster Recovery Center
Security Management
Backup and Recovery
ISO Compliance
Storage and Backup Management
Business Con�ngency Plan
Applica�on and Device Control
Archiving and Reten�on Management
Chief Security Officer
Standard Cer�fica�on
Social Trend Perspec�ve
the characteris�cs…
the choices…
Computer Savvy Society
Digital System Everywhere
Free World, Open Market
Borderless Geography
Internet as New Fron�er
policy vs. design enforcement vs. culture
regula�on vs. ethical behavior preven�on vs. reac�on
top-‐down vs. bo�om-‐up
pressure vs. educa�on
standard vs. self control reward vs. punishment
The Core Rela�onships
People (Social Aspects)
Technology (Technical Aspects)
Context/Content Applica�ons (Business Aspects)
Converging Trend
TECHNICAL ISSUES
BUSINESS ISSUES
SOCIAL ISSUES
Internetworking Dependency
Since the strength of a chain depends on the weakest link,
then YOUR SECURITY is MY SECURITY…
Things to Do
1. Iden�fy your valuable assets 2. Define your security perimeter 3. Recognize all related par�es involved 4. Conduct risk analysis and mi�ga�on strategy 5. Ensure standard security system intact 6. Ins�tu�onalize the procedures and mechanism 7. Share the experiences among others 8. Con�nue improving security quality
Key ac�vi�es: use the THEORY OF CONSTRAINTS ! (Find the weakest link, and help them to increase their security performance and capabili�es…)
What should we do?
Monitoring the dynamic environment happening in real world and cyber world?
Building effec�ve procedures and mechanism among ins�tu�ons responsible for these two worlds?
Forming interna�onal framework for collabora�on and coopera�on to combat cyber crimes?
Finding the most fast and effec�ve methodology to educate society on cyber security?
Developing and adop�ng mul�-‐lateral cyber law conven�on? Ac�ng like intelligence agencies? Interpol? Detec�ves? CSIRTs/CERTs? ASEAN? United Na�ons?
Lessons Learned
As the value of internet increase, so does the risk of having it in our life.
Hackers and crackers help each others, why shouldn’t we collaborate?
Enough talking and planning, start execu�ng your risk management strategy…
Beware …
Prof. Richardus Eko Indrajit Chairman of ID-‐SIRTII and APTIKOM [email protected] www.eko-‐indrajit.com
Thank You