Cyber Security and Critical Information Infrastructure

Transcription

1 Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes Brought in IT Large network as backbone for connectivity across the country Multiple Service providers for providing links BSNL, MTNL, Reliance, TATA, Rail Tel Multiple Technologies to support network infrastructure CDMA, VSAT, DSL Multiple Applications Trends shaping the future Ubiquitous computing, networking and mobility Embedded Computing Security IPv6 VoIP Intranet Laptops Servers New PC Unmanaged Devices Internet Network Infrastructure Desktops Perimeter Network Extranet Servers Perimeter Network Servers Smart devices Television Computers PDA Mobile Phone Application Simplicity Preference of single, simple and secure interface Ubiquitous interface web browser Flexible Infrastructure Today s NGNs are defined more by the services they support than by traditional demarcation of physical infrastructure. Branch Offices Unmanaged Devices Branch Offices Internet Home Users Unmanaged Device Remote Workers 2

2 The Emergence of NGNs The communication networks operating two years ago have undergone tremendous change. NGNs are the order of the day. No longer consumer and business accept the limitation of single-use device or network. Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere. The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose. 3 Cyber Threat Evolution Virus Malicious Code (Melissa) Identity Theft (Phishing) Breaking Web Sites Advanced Worm / Trojan (I LOVE YOU) Organised Crime Data Theft, DoS / DDoS

3 Trends of Incidents Sophisticated attacks are happening onto IT infrastructure Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity. Information stealing is the main objective rather than destruction. Rise of Cyber Spying and Targeted attacks. Continuous mapping of network, probing for weakness/vulnerabilities. Malware propagation through Website intrusion and large scale SQL Injection attacks. Malware propagation through Spam on the rise Increase in phishing cases, particularly fast flux and domain phishing 5 Trends of Incidents (contd.) Website compromise through SQL injection, exploiting weak input validation (Asprox botnet) Uploading malicious contents onto websites through stolen FTP credentials (Neosploit) Rise in defacement of Govt. websites after 26/11 attack; websites hosted outside India on cheap hosting providers Targeted attacks for stealing sensitive information through social engineering and malicious office documents (Ghostnet) Compromise of popular websites and redirection of users to malicious websites for malware propagation (iframe insertion) Sale of phishing toolkits on underground websites (Metaphisher) Large scale creation of botnets for launching DDoS attacks, Spam, Phishing, fast flux DNS attacks (conficker worm) 6

4 Security of Information Assets Security of information & information assets is becoming a major area of concern With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand. There is a need to generate Trust & Confidence 7 Challenges before us Sensible investment & RoI Facilitating secure business access to inside users Keeping intruders at bay User awareness & education for alignment with security policies Training and retention 8

5 Information Security Management INFORMATION SECURITY Confidentiality Integrity Availability Authenticity People Process Technology Security Policy Regulatory Compliance User Awareness Program Access Control Security Audit Incident Response Encryption, PKI Firewall, IPS/IDS Antivirus 9 Issues to be addressed Standardization of IT infrastructure and processes Identification of critical assets and risk assessment Adoption of suitable security standards Security Command and Control Centre All hardware and software should be deployed only after hardening File Integrity Verification tools should be deployed on every server All software applications should be deployed only after security review of software (code review) Regular Vulnerability Assessment and Penetration Testing of IT systems Identity Management Uniform implementation of security policy throughout the organization (zones) Website hosting policy IT infrastructure Audit Mock security drills 10

6 CERT-In Workflow CERT-In Work Process Detection Analysis Dissemination & Support Major ISPs Foreign Ptns Department of Information Technology ISP Hot Liners Private Sectors Home Users Analysis Detect Dissemination Press & TV / Radio Recovery 11 Int l Co-op: Cyber Security Drills and Exercises Joint International Incident Handling Coordination Drills Participated APCERT International Incident Handling Drill 2006 Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack Participated APCERT International Incident Handling Drill 2007 Participants: 13 APCERT Members + Korean ISPs Scenario: DDoS and Malicious Code Injection Participated APCERT International Incident Handling Drill 2008 Participants: 13 APCERT Members Scenario: Online Underground Economy 12 12

7 Thank you Incident Response Help Desk Phone: FAX: incident at cert-in.org.in