Transcript Trends shaping the future

Internet Security Aspects
Dr. Gulshan Rai
Director
Indian Computer Emergency Response Team (CERT-In)
Department of Information Technology
The Complexity of Today’s Network
Trends shaping the
future
• Ubiquitous computing,
networking and mobility
• Embedded Computing
• Security
• IPv6
• VoIP
Perimeter
Network
Intranet
Laptops
Extranet Servers
Servers
Unmanaged
Devices
New PC
Router
Router
Router
Internet
Network
`
`
`
Infrastructure
Desktops
Branch
Offices
Branch
Offices
Pain points
•
•
•
•
Perimeter Network
Servers
`
Router
Complexity
Cost
Agility
Security
`
Router
Internet
Unmanaged
Devices
Router
Unmanaged
Device
`
Home Users
Remote Workers
2
`
Growing Concern
• Computing Technology has turned against us
• Exponential growth in security incidents
• Rapid emergence of civilian and military
groups worldwide
• Asymmetric
cyberspace
warfare
has
arrived
in
3
Type of Attacks on Internet
• Web Site Defacements
• Port Scanning
• Malicious Code
– VIRUS
– BOTS
• Phishing
• DNS Attacks
• Denial of Service and DDoS
4
Phishing
Phishing Web site
Legitimate Web Site
5
Current Threat Rank
•
•
•
•
•
China
United States
Belgium
Germany
France
6
Nature of Attacks in Cyber World
• Rise of Cyber Spying
– Curiosity probes funded and organised operations for variety of
purpose
– Web Espionage operation
– Mapping of network, probing for weakness and strength
• Attackers targeting new technologies such as
– Peer to peer and VOIP services
– Social Network
– On-line banking
• Sophisticated attacks
– Attackers are refining their methods and consolidating assets
to create global networks that support coordinated criminal
activity
7
Trends in Cyber Attacks (2007)
• Phishing
– Around 392 phishing cases affecting financial institutions in India
and abroad were observed in the year 2007
– Increase in cases of fast-flux phishing and rock-phish
– 35% of phishing web sites were observed for financial services
sector brands
• Bots and Malicious Code
– Botnets are evolving with increased number of Bots
– The command & control server regularly shifting
– Malicious Code with keystroke-logging and secluded
communications capacity are on rise and made confidential
information threats a major concern
– 4% of all malicious activity detected during the first 6 months of
2007 originated from IP space registered to Fortune 100
companies
– Largely malicious code distribution is done through Social
engineering techniques in today’s scenario
Trends in Cyber Attacks
• Fake data about domain registrants on WHOIS directory
• Increased malicious activities in professional and commercial
way
– Trade of malicious code in popular forums such as IRC, Web-Sites
etc
– Emergence of Phishing Toolkits
– Automated toolkits that could exploit user systems who visit a
malicious or compromised website
– Increasing number of underground economy servers which are
used by criminals and criminal organisations to sell stolen
information, typically for subsequent use in identity theft.
9
Trends in Cyber Attacks
• The current threat environment is characterized
by compound attacks simultaneously from
different locations
• Convergence of malware
spammers and Bot-herders
authors,
phishers,
– Spamthru Trojan – use botnets for spamming and DDoS
– Strom worm – spread through spam to increase botnet
and launch DDoS
– Rock Phish – phishing sites of multiple brands hosted on
single server
– Fast Flux DNS based hosting of Phishing sites
10
Constraints
• Emergent behavior of some vulnerabilities and
system are not fully understood
• Still do not understand the full nature of risks
• Nobody owns the problem
– Finger pointing among developers, network
operators, system administrators and users
• No one wants to be first to disclose information
• Immediacy of threat has led to too much focus
on near term needs – Patch rather than innovate
11
Challenges to be met
• Develop new approaches for eradicating wide
spread, epidemic attacks in cyberspace
• Ensure that new, critical system currently on the
drawing board are immune from destructive
attack
• Appropriate legal framework and best practices
• Design new computing system so that security
and privacy aspects of those systems are
understandable and controllable by the user
12
Need for Collaborations
• To resolve incidents, we need to track actual
attacker
• Information exchange is needed globally to mitigate
Cyber attacks
• Stakeholders to ensure secure cyber space
–
–
–
–
–
–
Law Enforcement agencies
CERTs
Service providers, ISPs
Domain registrars
Domain owners
Industry
13
Collaborative Efforts
• Reconciling various legal regimes with technological
capability
• Standard procedures/manuals among countries
mandating service providers for supply of
information
• Instant Information Sharing
• Rapid Response to Security Incidents
• Research and Development
– Internet Health Monitoring
– DNS Security
– Immune and Survivable Systems
14
Need of Today
• It’s important to get in at the beginning
– Experience teaches us that these concerns
are hard to add after the fact
• The Internet experience inform us:
– It is also a social system, not simply a
technology
• Once we give up privacy or security, we may
not be able to regain it
• Important to assert a leadership role while we
can!
15
Let us work together for a vision. Create an
society in which spam, viruses and worms,
the plagues of modern information
technology are eliminated.
16
Thank you
http://www.cert-in.org.in
17