Cyber Security

Information about Cyber Security

Published on August 5, 2009

Author: sushilkannan



Cyber Security : 1 Cyber Security N SUSHIL KANNAN Jt. Asstt. Director National Crime Records Bureau Duration : 60 Minutes Going about : 2 Going about Understanding Information Security Safeguarding methodologies Q & A Session What is Cyberspace? : 3 What is Cyberspace? Cyberspace is a worldwide network of computers and the equipment that connects them, which by its very design is free and open to the public (the Internet) The problem has gotten more prevalent with always-on, high-speed internet access. Attackers are always out there looking for that type of computer What is Cyberspace? : 4 What is Cyberspace? As long as your computer is connected to the internet, that connection can go both ways. The attackers are mostly malicious pranksters, looking to access personal and business machines or disrupt net service with virus programs proliferated via email, usually just to prove they can. However, there are also more serious attackers out there whose goals could range from mining valuable data (your credit card or bank information, design secrets, research secrets, etc) to even disrupting critical systems like the stock market, power grids, air-traffic controllers programs, and the most dangerous-our nuclear weapons Cyberspace as a Battleground? : 5 Cyberspace as a Battleground? Each day, there is an increase in the number of threats against our nation's critical infrastructures. These threats come in the form of computer intrusion (hacking), denial of service attacks, and virus deployment. Slide 6: 6 Web Evolution Growing Concern : 7 7 Growing Concern Computing Technology has turned against us Exponential growth in security incidents Pentagon, US in 2007 Estonia in April 2007 Computer System of German Chancellory and three Ministries Highly classified computer network in New Zealand & Australia Complex and target oriented software Common computing technologies and systems Constant probing and mapping of network systems Slide 8: 8 8 8 Infrastructure in India Slide 9: 9 9 Complexity in Network Cyber Threat Evolution : 10 Cyber Threat Evolution Virus Breaking Web Sites Malicious Code (Melissa) Advanced Worm / Trojan (I LOVE YOU) Identity Theft (Phishing) Organised Crime Data Theft, DoS / DDoS 1995 2000 2003-04 2005-06 2007-08 1977 Cyber attacks being observed : 11 Cyber attacks being observed Web defacement Spam Spoofing Proxy Scan Denial of Service Distributed Denial of Service Malicious Codes Virus Bots Data Theft and Data Manipulation Identity Theft Financial Frauds Social engineering Scams Slide 12: 12 12 Incidents reported in 2008 Trends of Incidents : 13 Trends of Incidents Sophisticated attacks Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity Rise of Cyber Spying and Targeted attacks Mapping of network, probing for weakness/vulnerabilities Malware propagation through Spam on the rise Storm worm, which is one of the most notorious malware programs seen during 2007-08, circulates through spam Trends of Incidents : 14 Trends of Incidents Phishing Increase in cases of fast-flux phishing and rock-phish Domain name phishing and Registrar impersonation Crimeware Targeting personal information for financial frauds Information Stealing through social networking sites Rise in Attack toolkits Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites Global Attack Trend : 15 Global Attack Trend Source: Websense Slide 16: 16 16 Top Malicious Code Originating Countries Three faces of cyber crime : 17 17 Three faces of cyber crime Organized Crime Terrorist Groups Nation States Slide 18: 18 Security of information & information assets is becoming a major area of concern With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations We need to generate ‘Trust & Confidence’ Security of Information Assets Virus ProfilesNimda (note the garbage in the subject) : 19 Virus ProfilesNimda (note the garbage in the subject) Sircam (note the “personal” text) Both emails have executable attachments with the virus payload. Slide 20: 20 Trojan Horse arrives via email or software like free games. Trojan Horse is activated when the software or attachment is executed. Trojan Horse releases virus, monitors computer activity, installs backdoor, or transmits information to hacker. Trojan horse attack Denial of Service Attacks : 21 Denial of Service Attacks In a denial of service attack, a hacker compromises a system and uses that system to attack the target computer, flooding it with more requests for services than the target can handle. In a distributed denial of service attack, hundreds of computers (known as a zombies) are compromised, loaded with DOS attack software and then remotely activated by the hacker. Spamming Attacks : 22 Spamming Attacks Sending out e-mail messages in bulk. It’s electronic “junk mail.” Spamming can leave the information system vulnerable to overload. Less destructive, used extensively for e-marketing purposes. What Does it Mean- “Security”? : 23 What Does it Mean- “Security”? “Security” is the quality or state of being secure--to be free from danger. But what are the types of security we have to be concern with? Physical security - addresses the issues necessary to protect the physical items, objects or areas of an organization from unauthorized access and misuse. Personal security - addresses the protection of the individual or group of individuals who are authorized to access the organization and its operations. Operations security- protection of the details of a particular operation or series of activities. What Does it Mean- “Security”? : 24 What Does it Mean- “Security”? Communications security - concerned with the protection of an organization’s communications media, technology, and content. Network security is the protection of networking components, connections, and contents. Information Security – protection of information and its critical elements, including the systems and hardware that use, store, or transmit that information. Slide 25: 25 Shoulder surfing takes many forms. Some may not be obvious. Slide 26: 26 Traditional Hacker Profile*: “juvenile, male, delinquent, computer genius” Modern Hacker Profile: “age 12-60, male or female, unknown background, with varying technological skill levels. May be internal or external to the organization” The Dilemma of Security : 27 The Dilemma of Security The problem that we cannot get away from in computer security is that we can only have good security if everyone understands what security means, and agrees with the need for security. Security is a social problem, because it has no meaning until a person defines what it means to them. The harsh reality is the following: In practice, most users have little or no understanding of security. This is our biggest security hole. Slide 28: 28 Hacker Remote System Computer as Subject of Crime Computer as Object of Crime Internet Biometrics Devices : 29 Biometrics Devices Biometrics Devices : 30 Biometrics Devices Biometrics Devices : 31 Biometrics Devices Machine Overtake Mankind : 32 2010 1990 1985 1980 2005 2000 1995 2015 50 75 100 25 0 % Network Traffic Mankind Machines Machines 8Bn 90Bn Machine Overtake Mankind 2009 Internet Security – Concluding Remark : 33 Internet Security – Concluding Remark “The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it.” Professor Gene Spafford Q & A : Q & A “It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change” Charles Darwin Survival….. ThanQ! : 35 ThanQ! N. SUSHIL KANNAN [email protected]

Related presentations