What is Cyberspace?

 Cyberspace refersto the nonphysical environment created

by joined computers interoperating on a network. In
cyberspace, computer operators interact in ways similar to
the real world, except cyberspace interaction does not
require physical movement beyond typing.

 The Internet forms the largest cyberspace environment,

housing many sub-environments within it.
THE NATURE OF CYBERSPACE
 Proliferation of Information Technology

 Rapid growth in Internet

 Increasing online transactions

 Information systems are essential part of

 Critical infrastructure
SECURITY OF CYBERSPACE : RISKS
 Critical infrastructures such as telecommunications ,
transportation, energy and finance can get affected by attacks on
information infrastructures.

 Attackers are not

confined to geographical boundaries
– Exploiting network interconnections and moving easily
through the infrastructure
– Becoming more skilled at masking their behaviour
– Tracking them is becoming difficult

TRENDS
Sophisticated attacks
OF INCIDENTS
◦ Attackers are refining their methods and consolidating assets to create global
networks that support coordinated criminal activity

 Rise of Cyber Spying and Targeted attacks

◦ Mapping of network, probing for weakness/vulnerabilities

 Malware propagation through Website intrusion

◦ Large scale SQL Injection attacks like Asprox Botnet

 Malware propagation through Spam on the rise

◦ Storm worm, which is one of the most notorious malware programs seen during
2007-08, circulates through spam
 Phishing
TRENDS OF INCIDENTS
◦ Increase in cases of fast-flux phishing and rock-phish
◦ Domain name phishing and Registrar impersonation

 Crimeware
◦ Targeting personal information for financial frauds
◦ Information Stealing through social networking sites

 Rise in Attack toolkits

◦ Toolkits like Mpack and Neospolit can launch exploits for browser and
client-side vulnerabilities against users who visit a malicious or
compromised sites
CYBER THREAT EVOLUTION
Malicious
Identity Theft
Virus Code
(Phishing)
(Melissa)

Breaking Advanced Worm / Organised Crime

Web Sites Trojan (I LOVE Data Theft, DoS /
YOU) DDoS

1977 1995 2000 2003-04 2005-06 2007-08


CYBER ATTACKS
WEB DEFACEMENT
 SPAM
 SPOOFING
 PROXY SCAN
 DENIAL OF SERVICE
 DISTRIBUTED DENIAL OF SERVICE
 MALICIOUS CODES
◦ VIRUS
◦ BOTS
 DATA THEFT AND DATA MANIPULATIONS
◦ IDENTITY FRAUDS
◦ FINANCIAL FRAUDS
 SOCIAL ENGINEERING SCAMS
SECURITY INCIDENTS REPORTED DURING 2008

8
GLOBAL ATTACK TREND
 GLOBAL TREND
• The current threat environment is characterized by an increase
in data theft, data leakage, and the creation of malicious code that
targets specific organizations.
• Attackers are refining their methods and consolidating assets to
create global networks that support coordinated criminal activity.
• Increased inter-operability between diverse threats.
• Year of the zero-day, targeted malicious code and the exploitation
of medium severity vulnerability.
• High levels of malicious activity across the internet with increases
in bot networks,phishing,spam and Trojans.
 Spam
SPAM
originating in India accounted for one percent
of all spam originating in the top 25 spam-producing
countries making India the eighteenth ranked
country worldwide for originating spam.

A high percentage of email originating in India

constituted spam. Of the messages originating in
India 76 percent were considered spam.
 CYBER SECURITY
 It seems that everything relies on computers and the internet now
— communication (email, cellphones), entertainment (digital
cable, mp3s), transportation (car engine systems, airplane
navigation), shopping (online stores, credit cards), medicine
(equipment, medical records), and the list goes on. How much of
your daily life relies on computers? How much of your personal
information is stored either on your own computer or on someone
else's system?
 Cyber security involves protecting that information by preventing,

detecting, and responding to attacks.

 Converged
Converged
Security
Security Organization
Organization

Physical Security Responses Cyber Security Responses

 THE PRIMARY SPLIT
 Logical Security: Associated with protection of information systems or “computer
security” where data is logically grouped, protected and presented as one system, but may
exist in physically disparate locations.

 Physical Security: Customarily associated with the tangible physical components of a

protection system such as locks and alarms and the associated disciplines that protect them.

 Each group has skills and expertise that should complement but often conflict
with that of the other group.

The BIG difference:

• When a physical asset has been stolen . . .
. . . it’s usually missing!
• When an information asset has been stolen . . .
. . . it’s usually still there!
 PASSWORDS
 Passwords are a common form of authentication and are
often the only barrier between a user and your personal
information. There are several programs attackers can use
to help guess or "crack" passwords, but by choosing good
passwords and keeping them confidential, you can make it
more difficult for an unauthorized person to access your
information.
PROTECTING THE PASSWORD
 Now that you've chosen a password that's difficult to guess, you have to
make sure not to leave it someplace for people to find. Writing it down and
leaving it in your desk, next to your computer, or, worse, taped to your
computer, is just making it easy for someone who has physical access to
your office.

 If your internet service provider (ISP) offers choices of authentication

systems, look for ones that use Kerberos, challenge/response, or public key
encryption rather than simple passwords .
 BIOMETRICS
 It is the science and technology of measuring and

analyzing biological data.

 This technology is used for security purposes.

 Its types are: iris recognition, finger print recognition, voice

pattern recognition, facial pattern recognition and D.N.A.

recognition.
 ANTIVIRUS SOFTWARES
 Anti-virus software can identify and block many viruses before
they can infect your computer.

 Once you have installed an anti-virus package, you should scan

your entire computer periodically.

◦ AUTOMATIC SCANS
◦ MANUAL SCANS
 FIREWALLS
 When anyone or anything can access your computer at any time, your
computer is more susceptible to being attacked. You can restrict
outside access to your computer and the information on it with a
firewall.

 Firewalls provide protection against outside attackers by shielding your

computer or network from malicious or unnecessary Internet traffic.
Firewalls can be configured to block data from certain locations while
allowing the relevant and necessary data through.
Firewalls are offered in two forms:

HARDWARE- Hardware-based firewalls are particularly useful for

protecting multiple computers but also offer a high degree of protection
for a single computer.

SOFTWARE - Relying on a software firewall alone does provide some

protection, realize that having the firewall on the same computer as the
information you're trying to protect may hinder the firewall's ability to
catch malicious traffic before it enters your system.
 CRYPTOGRAPHY
  Cryptography presents various methods for taking legible, readable
data, and transforming it into unreadable data for the purpose of
secure transmission, and then using a key to transform it back into
readable data when it reaches its destination.

 Some methods of cryptography uses a "secret key" to allow the

recipient to decrypt the message. The most common secret key
cryptosystem is the Data Encryption Standard (DES), or the more
secure Triple-DES which encrypts the data three times.
More common are systems that use a public key cryptography system. This
system uses two keys that work together; a public one, which anyone can
access, and a private one, which is kept secret by the party receiving the data.

When you want to send a secure message to someone, you encrypt that

message using the recipient's public key. But once encrypted, the recipient must
use his or her private key to decrypt it.

The goal of cryptography extends beyond merely making data unreadable, it

also extends into user authentication, that is, providing the recipient with
assurance that the encrypted message originated from a trusted source.
 What guidelines can you follow when publishing information on the internet?

 View the internet as a novel, not a diary - Make sure you are
comfortable with anyone seeing the information you put online.
 Be careful what you advertise  - When deciding how much

information to reveal, realize that you are broadcasting it to the

world.
 Realize that you can't take it back  - Once you publish something

online, it is available to other people and to search engines. You can

change or remove information after something has been published,
but it is possible that someone has already seen the original version.
 Coordinating Virus and Spyware Defense

Spyware and viruses can interfere with your computer's

ability to process information or can modify or destroy data.
You may feel that the more anti-virus and anti-spyware
programs you install on your computer, the safer you will be.
It is true that not all programs are equally effective, and they
will not all detect the same malicious code. However, by
installing multiple programs in an attempt to catch
everything, you may introduce problems.
 THREATS THROUGH ANTI-VIRUS &
ANTI-SPYWARE
Scanning your computer for viruses and spyware uses some of the
available memory on your computer. If you have multiple
programs trying to scan at the same time, you may limit the
amount of resources left to perform your tasks. Essentially, you
have created a denial of service against yourself for more
information). It is also possible that in the process of scanning for
viruses and spyware, anti-virus or anti-spyware software may
misinterpret the virus definitions of other programs.
 AVOIDANCE
 Investigate your options in advance 

 Limit the number of programs you install

 
 Install the software in phases 

 Watch for problems 

 SECURITY OF INFORMATION ASSETS
 Security of information & information assets is becoming a major area of

concern
 With every new application, newervulnerabilities crop up, posing
immense challenges to those who are mandated to protect the IT assets
 Coupled with this host
of legal requirements and international business
compliance requirements on data protection and privacy place a huge
demand on IT/ITES/BPO service organizations
 We need to generate ‘Trust & Confidence’
CYBER SECURITY STRATEGY-INDIA
• Security Policy, Compliance and Assurance – Legal
Framework
– IT Act, 2000
– IT (Amendment) Bill, 2006 – Data Protection & Computer crimes
– Best Practice ISO 27001
– Security Assurance Framework- IT/ITES/BPO Companies

• Security Incident – Early Warning & Response

– CERT-In National Cyber Alert System
– Information Exchange with international CERTs
• Capacity building
– Skill & Competence development
– Training of law enforcement agencies and judicial officials in the
collection and analysis of digital evidence
– Training in the area of implementing information security in
collaboration with Specialised Organisations in US
• Setting up Digital Forensics Centres
– Domain Specific training – Cyber Forensics
• Research and Development
– Network Monitoring
– Biometric Authentication
– Network Security
• International Collaboration