Internet Security Aspects

1

Internet Security Aspects
Dr. Gulshan Rai Director Indian Computer
Emergency Response Team (CERT-In) Department of
Information Technology
2
The Complexity of Todays Network

3
Growing Concern

• Computing Technology has turned against us
• Exponential growth in security incidents
• Rapid emergence of civilian and military groups
  worldwide
• Asymmetric warfare has arrived in cyberspace

4
Type of Attacks on Internet

• Web Site Defacements
• Port Scanning
• Malicious Code
• VIRUS
• BOTS
• Phishing
• DNS Attacks
• Denial of Service and DDoS

5
Phishing
Phishing Web site
Legitimate Web Site
6
Current Threat Rank

• China
• United States
• Belgium
• Germany
• France

7
Nature of Attacks in Cyber World

• Rise of Cyber Spying
• Curiosity probes funded and organised operations
  for variety of purpose
• Web Espionage operation
• Mapping of network, probing for weakness and
  strength
• Attackers targeting new technologies such as
• Peer to peer and VOIP services
• Social Network
• On-line banking
• Sophisticated attacks
• Attackers are refining their methods and
  consolidating assets to create global networks
  that support coordinated criminal activity

8
Trends in Cyber Attacks (2007)

• Phishing
• Around 392 phishing cases affecting financial
  institutions in India and abroad were observed in
  the year 2007
• Increase in cases of fast-flux phishing and
  rock-phish
• 35 of phishing web sites were observed for
  financial services sector brands
• Bots and Malicious Code
• Botnets are evolving with increased number of
  Bots
• The command control server regularly shifting
• Malicious Code with keystroke-logging and
  secluded communications capacity are on rise and
  made confidential information threats a major
  concern
• 4 of all malicious activity detected during the
  first 6 months of 2007 originated from IP space
  registered to Fortune 100 companies
• Largely malicious code distribution is done
  through Social engineering techniques in todays
  scenario

9
Trends in Cyber Attacks

• Fake data about domain registrants on WHOIS
  directory
• Increased malicious activities in professional
  and commercial way
• Trade of malicious code in popular forums such as
  IRC, Web-Sites etc
• Emergence of Phishing Toolkits
• Automated toolkits that could exploit user
  systems who visit a malicious or compromised
  website
• Increasing number of underground economy servers
  which are used by criminals and criminal
  organisations to sell stolen information,
  typically for subsequent use in identity theft.

10
Trends in Cyber Attacks

• The current threat environment is characterized
  by compound attacks simultaneously from different
  locations
• Convergence of malware authors, phishers,
  spammers and Bot-herders
• Spamthru Trojan use botnets for spamming and
  DDoS
• Strom worm spread through spam to increase
  botnet and launch DDoS
• Rock Phish phishing sites of multiple brands
  hosted on single server
• Fast Flux DNS based hosting of Phishing sites

11
Constraints

• Emergent behavior of some vulnerabilities and
  system are not fully understood
• Still do not understand the full nature of risks
• Nobody owns the problem
• Finger pointing among developers, network
  operators, system administrators and users
• No one wants to be first to disclose information
• Immediacy of threat has led to too much focus on
  near term needs Patch rather than innovate

12
Challenges to be met

• Develop new approaches for eradicating wide
  spread, epidemic attacks in cyberspace
• Ensure that new, critical system currently on the
  drawing board are immune from destructive attack
• Appropriate legal framework and best practices
• Design new computing system so that security and
  privacy aspects of those systems are
  understandable and controllable by the user

13
Need for Collaborations

• To resolve incidents, we need to track actual
  attacker
• Information exchange is needed globally to
  mitigate Cyber attacks
• Stakeholders to ensure secure cyber space
• Law Enforcement agencies
• CERTs
• Service providers, ISPs
• Domain registrars
• Domain owners
• Industry

14
Collaborative Efforts

• Reconciling various legal regimes with
  technological capability
• Standard procedures/manuals among countries
  mandating service providers for supply of
  information
• Instant Information Sharing
• Rapid Response to Security Incidents
• Research and Development
• Internet Health Monitoring
• DNS Security
• Immune and Survivable Systems

15
Need of Today

• Its important to get in at the beginning
• Experience teaches us that these concerns are
  hard to add after the fact
• The Internet experience inform us
• It is also a social system, not simply a
  technology
• Once we give up privacy or security, we may not
  be able to regain it
• Important to assert a leadership role while we
  can!

16
Let us work together for a vision. Create an
society in which spam, viruses and worms, the
plagues of modern information technology are
eliminated.
17
Thank you http//www.cert-in.org.in