Cyber Security : Indian perspective

8 Feb 2009

Dr. Gulshan Rai Director, CERT-IN Govt. of India grai@mit.gov.in

Web Evolution
Web Sites (WWW)
1993 Web Invented and implemented 130 Nos. web sites 2738 Nos. 23500 Nos. 550 Million Nos.

1994 1995 2007

2008

850 Million Nos.

Internet Infrastructure in INDIA

Innovation fostering the Growth of NGNs

Smart devices
Television Computers PDA Mobile Phone (Single device to provide an end-to-end, seamlessly secure access)

Application Simplicity
Preference of single, simple and secure interface to access applications or content Ubiquitous interface - web browser

Flexible Infrastructure
Because of these areas of evolution, todays NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.

The Emergence of NGNs

The communication network operating two years ago are fathers telecommunication Network. NGNs are teenagers Network. No longer consumer and business accept the limitation of single-use device or network. Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere. The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.

The Complexity of Todays Network

Changes Brought in IT
Large network as backbone for connectivity across the country Multiple Service providers for providing links BSNL, MTNL, Reliance, TATA, Rail Tel Multiple Technologies to support network infrastructure CDMA, VSAT, DSL Multiple Applications
Laptops Extranet Servers Servers New PC

Intranet

Perimeter Network

Unmanaged Devices

Router Router

Router

Internet Network
` ` `

Infrastructure

Desktops

Trends shaping the future

Ubiquitous computing, networking and mobility Embedded Computing Security IPv6 VoIP

Branch Offices
Perimeter Network Servers Router

Branch Offices
` ` `

Router

Internet
Unmanaged Devices Router Unmanaged Device
`

Home Users Remote Workers

Challenges for Network Operator

Business challenges include new Pricing Structure, new relationship and new competitors.
Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support.

Developing a comprehensive Security Policy and architecture in support of NGN services.

To Reap Benefits
To reap benefits of NGN, the operator must address
Technology Risk Security Efficiency

NGN Architecture
Identify Layer
Compromises of end users owned by a telecom or a third-party service provider accessing services using devices like PC, PDA or mobile phone, to connect to the Internet
Partly Trusted Untrusted

Third-Party Application

Internet

Service Layer
Web Tier

Hosts service applications and provides a framework for the creation of customer-focused services provided by either operator or a third-party service provider

Service Provider Application

Network Layer
Performs service execution, service management, network management and media control functions Connects with the backbone network

Service Delivery Platform

Service Delivery Platform (Service Provider )

Common Framework

Backbone Network

Growing Concern
Computing Technology has turned against us Exponential growth in security incidents Pentagon, US in 2007 Estonia in April 2007 Computer System of German Chancellory and three Ministries Highly classified computer network in New Zealand & Australia Complex and target oriented software Common computing technologies and systems Constant probing and mapping of network systems
10

Cyber Threat Evolution

Virus

Malicious Code (Melissa)

Identity Theft (Phishing)

Breaking Web Sites

Advanced Worm / Trojan (I LOVE YOU)

Organised Crime Data Theft, DoS / DDoS

1977

1995

2000

2003-04

2005-06

2007-08

Cyber attacks being observed

Web defacement Spam Spoofing Proxy Scan Denial of Service Distributed Denial of Service Malicious Codes
Virus Bots

Data Theft and Data Manipulation

Identity Theft Financial Frauds

Social engineering Scams

Security Incidents reported during 2008

13

Trends of Incidents
Sophisticated attacks
Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity

Rise of Cyber Spying and Targeted attacks

Mapping of network, probing for weakness/vulnerabilities

Malware propagation through Website intrusion

Large scale SQL Injection attacks like Asprox Botnet

Malware propagation through Spam on the rise

Storm worm, which is one of the most notorious malware programs seen during 2007-08, circulates through spam

Trends of Incidents
Phishing
Increase in cases of fast-flux phishing and rock-phish Domain name phishing and Registrar impersonation

Crimeware
Targeting personal information for financial frauds

Information Stealing through social networking sites Rise in Attack toolkits

Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites

Global Attack Trend

Source: Websense

Top originating countries Malicious code

17

Three faces of cyber crime

Organised Crime
Terrorist Groups Nation States

18

Security of Information Assets

Security of information & information assets is becoming a major area of concern With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets

Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations
We need to generate Trust & Confidence

Challenges before the Industry

Model Followed Internationally

Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism. For example, in USA Legal drivers have been
SOX HIPPA GLBA FISMA etc.

In Europe, the legal driver has been the Data Protection Act supported by ISO27001 ISMS.

Information Security Management

INFORMATION SECURITY

Confidentiality

Integrity

Availability

Authenticity

People

Process

Technology

Security Policy Regulatory Compliance User Awareness Program Access Control Security Audit Incident Response Encryption, PKI Firewall, IPS/IDS Antivirus

22

Cyber Security Strategy India

Security Policy, Compliance and Assurance Legal Framework
IT Act, 2000 IT (Amendment) Bill, 2006 Data Protection & Computer crimes Best Practice ISO 27001 Security Assurance Framework- IT/ITES/BPO Companies

Security Incident Early Warning & Response CERT-In National Cyber Alert System
Information Exchange with international CERTs

Capacity building
Skill & Competence development Training of law enforcement agencies and judicial officials in the collection and analysis of digital evidence Training in the area of implementing information security in collaboration with Specialised Organisations in US

Setting up Digital Forensics Centres

Domain Specific training Cyber Forensics

Research and Development

Network Monitoring Biometric Authentication Network Security

International Collaboration

Status of security and quality compliance in India

Quality and Security
Large number of companies in India have aligned their internal process and practices to international standards such as ISO 9000 CMM Six Sigma Total Quality Management Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.

ISO 27001/BS7799 Information Security Management

Government has mandated implementation of ISO27001 ISMS by all critical sectors ISMS 27001 has mainly three components
Technology Process Incident reporting and monitoring

296 certificates issued in India out of 7735 certificates issued worldwide Majority of certificates issued in India belong to IT/ITES/BPO sector

Information Technology Security Techniques Information Security Management System

World
ISO 9000 951486 (175 counties)

China
210773 146

Italy
115309 148

Japan
73176 276

Spain
65112 93

India
46091 296

USA
36192 94

27001

7732

CERT-In Work Process

Detection Analysis
Department of Information Technology
Major ISPs
Foreign Ptns

Dissemination & Support ISP Hot Liners

Private Sectors

Home Users
Analysis

Dissemination

Detect

Press & TV / Radio

Recovery

Distributed Honeypot Deployment

PC & End User Security: Auto Security Patch Update

Windows Security Patch Auto Update

Microsoft Download Ctr.

Internet
`

ActiveX DL Server

No. of Download ActiveX: 18 Million

Sec. Patch ActiveX Site

PC & End User Security

Incident Response Help Desk

Internet

PSTN

Make a call using 1800 11 - 4949 Send fax using 1800 11 - 6969 Communicate through email at incident@cert-in.org.in Number of security incidents handled during 2008 (till Oct): 1425 Vulnerability Assessment Service

Intl Co-op: Cyber Security Drill

Joint International Incident Handling Coordination Drill

Participated APCERT International Incident Handling Drill 2006 Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack

Participated APCERT International Incident Handling Drill 2007 Participants: 13 APCERT Members + Korean ISPs Scenario: DDoS and Malicious Code Injection To be Model: World Wide Cyber Security Incidents Drill among security agencies

Thank you
Incident Response Help Desk

Phone: 1800 11 4949

FAX: 1800 11 6969

e-mail: incident at cert-in.org.in http://www.cert-in.org.in