ipv6 and cyber security cisco-dot workshop - 10th july 2013

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Prakash Kumar

Director,

Cisco Consulting Services

IPv6 DoT Workshop

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Cisco Confidential – Redistribution Prohibited

Cyber Security: Landscape & Trends

Evolving Security Framework

Recommended Plan of Action


“Cyber Security is the analysis, warning, information sharing, vulnerability reduction, risk management and recovery efforts to detect, protect against and

mitigate the impact of threats that leverage the Cyber domain”

Based on

World Economic Forum 2012


Policy/ regulatory

environment & lack of

coordination amongst

agencies

Evolving threat landscape

increasingly difficult to

detect and mitigate

Technology transitions leading

to greater security challenges

Changing IT landscape

Network perimeter v/s

Human perimeter

Mobility/ BYOD/ Cloud

Virus/ Worms to Directed attacks

Botnets

Internally propagating malware


624,000

2007

2,600,000

2010

5,700,000

(projected)

2013

Cisco Confidential – Redistribution Prohibited

Cisco Confidential © 2012 Cisco and/or its affiliates. All rights reserved. 7

MOBILITY MOBILITY

THE NETWORK

COLLABORATION COLLABORATION

CLOUD

EXPANDED ATTACK SURFACE

COMPLIANCE OBLIGATIONS

REDUCED VISIBILITY AND CONTROL


Espionage Disruption Manipulation

Script

Kiddies

Hacktivist

Groups

Organized

Crime

Nation

States


Source: www.darkreading.com

Attacker steals Username/ password of a trusted partner

Registers nine SSL certificates for high-value domains including Google, Skype, Yahoo

Attacker uses phishing attack, infects employee with a trojan using Excel spreadsheet

Databaseof 40m SecurID seeds breached, that are used in 2-factor authentication.

Attacker breaks into Sony network in retaliation to a lawsuit

Playstation network down for more than a month

Attacker hacks servers run by a partner.

Steal WordPress source code , part of which is proprietary

Attacker uses bad website design, changes credit-card nos in URL

Steal information of 2m + customers

Attackers/ researchers send friend requests

Get access to 250GB data from more than 3000 profiles.


Credit card data was stored in plain text, got hit three times in two years. More than 600,000 credit card numbers, $10.5 b in fraudulent transactions. More than 400,000 plaintext passwords Union-based SQL injection to collect the data More than a million Unique Device Identifiers snagged from an FBI computer. Leveraged a Java vulnerability. Network penetration, Theft of approx 1.5 million credit cards, including Track 2 data, which can be used to clone credit cards. Approximately 1.6 million government and contractor accounts involving aerospace, the defense industry, financial services and law enforcement.


Approximately 6.5 million passwords stolen, which were comprised of unsalted SHA-1 hashes. Attack on a network used by Nationwide Insurance Company breached personal information of an estimated 1.1 million customers and applicants, including names, Social Security numbers, driver's license numbers, date of birth and possibly marital status, gender, occupation and employment information. Approximately 3.8 million tax records and nearly 400,000 credit card numbers stolen. Spearphishing exploit, Improper password policies, failure to encrypt social security numbers Personal details of 24 million people were hacked and stolen. 268 individual data breaches over a period of roughly three years. Governments reportedly exposed more than 94 million records containing personally identifiable information.


• Loss of brand image (Website defacing)

112 Indian govt websites hacked (Dec 2011 – Feb 2012)1

Websites of Supreme Court hacked (May 2012) 3

Website of Congress defaced (Dec 2011) 3

• Financial losses

Reported losses in Internet frauds in India in 2011 (Rs 787 lakh) 1

E-commerce sites, Cyber-bullying

• Loss of communication medium

DDoS attacks on government sites hosted by NIC (May 2012) 2

• Loss of privacy

US Defence data on Internet hijacked by China Telecom (2010) 2

10-25% of internet traffic originated from India or destined for India gets diverted through unknown autonomous systems 2

• Data Losses

174m data records stolen in 855 incidents investigated by Verizon 4

100m records of Sony compromised (Apr 2011) 3

Credit card data at Citigroup breached (Jun 2011) 3

Source 1 Statement in Indian Parliament 2 CERT-IN 3 News reports 4 Verizon 20120 Data breach investigation

report


Find users from public sites like Facebook / LinkedIn

1

Attacker sends targeted email with malicious attachment

2

You Got

Mail!!!

Naïve user open the exploit that installs backdoor

3

Attacker targets other servers / devices to escalate privileges

4

Data acquired from targeted servers

5

Data transferred externally

6

• Social networking

• Untrusted Links

• Internet Access

• Data privileges


Initial Compromise to Data Exfiltration

Initial Attack to Initial Compromise

Initial Compromise to Discovery

Discovery to Containment/

Restoration

Seconds Minutes Hours Days Weeks Months Years

10%

8%

0%

0%

75%

38%

0%

1%

12%

14%

2%

9%

2%

25%

13%

32%

0%

8%

29%

38%

1%

8%

54%

17%

1%

0%

2%

4%

Timespan of events by percent of breaches

+

Data is stolen in

hours in 60% of

breaches

85% of breaches

are not discovered

for weeks


INTERNAL

EXTERNAL Social Networking

Network reconnaissance

Malware

Cross site scripting

Data leakage

Attacks Security Policy

Identity management

Admission Control, Encryption,

Anomaly Detection

Endpoint security, Antivirus

Vulnerability exploit,

Mail filtering,

Visibility & Control

Security People

Network

Host

Application

Data


Anomaly Detection

& Mitigation

Encryption Software

App Vulnerability

Assessment

Access Control &

Video Surveillance

Vulnerability Scan

Risk Management

Facility Management

Virus Scanning - Host & Server

Endpoint Security

Web Security

Security Monitoring

Security Monitoring

App Security &

Identity Management

Event Logging

Malware Protection

Network Security

Secure Access Control Secure Mobility

Security Management

Anomaly Detection and Mitigation

Email Security Endpoint Security

Firewalls

Identity Management Integrated Router/Switch Security

Intrusion Detection &

Prevention Systems (IDS/IPS)

Multi-Function Security

Network Admission Control (NAC)

Cisco Policy Management

Security Management

Virtual Private Networks (VPN)

Web Security

Security Metrics

Cisco Confidential – Redistribution Prohibited

Architectural

Approach

http://www.symantec.com/


Sees All Traffic

Routes All Requests Sources All Data

Controls All Flows

Handles All Devices

Touches All Users

Shapes All Streams


Offers Comprehensive Visibility and Scalable Control

Global and Local Threat Intelligence

Common Policy and Management

Info

rmatio

n

Enfo

rcem

ent

Behavioral Analysis

Encryption Identity Awareness

Device Visibility Policy Enforcement

Access Control

Threat Defense

Sees All Traffic

Routes All Requests Sources All Data

Controls All Flows

Handles All Devices

Touches All Users Shapes All Streams

Network Enforced Policy


Plan

• Define the Security policy

• Identify assets, vulnerabilities & threats, intelligence sharing

• Create the Security Architecture

Build

• Create Risk management strategies, acceptable use policies

• Secure and monitor assets, Plan incident responses

• Conducting Security Posture Assessments

Manage

• Continuous Monitoring and review of security policies

• Updating intelligence about changing threats & vulnerabilities

• Optimization of network/ security policies


• Deploy end-to-end technology solutions

to meet your business needs

Product/Technology Solutions

Optimization

• Maximize value of security

investment

• Gain visibility into security

architecture and posture

Audits & Assessments Plan, Design, & Implement

• Protect your business with new

security technology

Business Transformation

• Secure and enable new

business opportunities

Operate

• Address day-to-day operations and

ever changing security threats

Delivered by Cisco and Our Partners


Product/Technology Solutions

Optimization

Audits & Assessments Plan, Design, & Implement

Business Transformation

Operate

Delivered by Cisco and Our Partners

• Security Architecture Assessment

• Security Posture Assessment

• Network Device Security Assessment

• Security Optimization

• Network Optimization

• TrustSec

- ISE

- 802.1x

• ASA Migration

• Email and Web Content

Security

• Security Plan, Design & Implement

• Secure Data Center Plan and Design

• Secure Unified Communications Plan & Design

• IT GRC

• Teleworker

• Cloud Security

• SMARTnet

• Remote Management Services

• Services for IPS

• Cisco IntelliShield Alert Manager Service


• Entire network designed by Cisco

• SoC was designed and operated by Cisco

• There was no interruption even though thousands of attacks were attempted


Security Expertise

Collaborative Partner Approach

Smart Personalized Services

Innovative Security Solutions

Security solutions to protect collaborative environments and

applications

Reduce operating costs with recommendations to improve

efficiency and operations

Services that support IT

efficiency, agility, and

overall network health

Deploy a highly available, secure converged

architecture


Thank you. Thank you.

[email protected],

[email protected]

mailto:[email protected]

mailto:[email protected]