Post on 09-Apr-2018
8/7/2019 ID-SIRTII - Cyber 6
1/44
Cyber-6Cyberspace
Cyberthreat
Cyberattack
Cybersecurity
Cybercrime
Cyberlaw
Six Aspect to Protect Critical
Infrastructures
8/7/2019 ID-SIRTII - Cyber 6
2/44
Knowledge Domain
7/15/2010
2
CyberSpace
CyberThreat
CyberAttack
CyberSecurity
CyberCrime
CyberLaw
8/7/2019 ID-SIRTII - Cyber 6
3/44
Cyber SpaceCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw
8/7/2019 ID-SIRTII - Cyber 6
4/44
Cyberspace
A reality communitybetween PHYSICAL WORLDand ABSTRACTION WORLD
1.4 billion of real humanpopulation (internet users)
Trillion US$ of potentialcommerce value
Billion business transactionsper hour in 24/7 mode
4
Internet is a VALUABLE thing indeed.Risk is embedded within.
8/7/2019 ID-SIRTII - Cyber 6
5/44
Posture of Internet
7/15/2010
5
45 jutauser tersebar di 18,000pulau
8/7/2019 ID-SIRTII - Cyber 6
6/44
Internet Statistics
Populasi Penduduk Indonesia 240,271,522 (akhir 2009)
Lebih dari 300 ISP, 30 NAP, 3 IX (national internetexchange)
1 juta internet user (1999), 45 juta users (2010)
100.000 internet subscribers (1999), 6 juta (2010)
Lebih dari 25 juta pengunjung media online setiap hari!
25 Gbit/s aggregate national traffic, 45 Gbit/sinternational traffic
8/7/2019 ID-SIRTII - Cyber 6
7/44
Information Roles
Kenapa Informasi Sangat Berharga?
Memuat data and fakta penting (news, reports,statistics, transaction, logs, dll.)
Dapat menciptakan persepsi kepada publik(market, politics, image, marketing, dll.)
Merepresentasikan asset yang bernilai (money,documents, password, secret code, etc.)
Merupakan bahan dasar pengetahuan (strategy,plan, intelligence, etc.)
7/15/2010
7
8/7/2019 ID-SIRTII - Cyber 6
8/44
Apakah Internet ?
A giant network of networks where peopleexchange information through various differentdigital-based ways:
7/15/2010
8
Email Mailing List Website
Chatting Newsgroup Blogging
E-commerce E-marketing E-government
what is the value of internet ???
8/7/2019 ID-SIRTII - Cyber 6
9/44
Cyber ThreatCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw
8/7/2019 ID-SIRTII - Cyber 6
10/44
Cyber Threat
10
Trend meningkat secara
exponensial
Motivnya bervarisasi
Dapat mengakibatkan
kerugian signifikan
terhadap ekonomi dan
politik
Sulit untuk dilakukan
mitigasi
Threats are there to stay.Cant do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
8/7/2019 ID-SIRTII - Cyber 6
11/44
Underground Economy
7/15/2010
11
8/7/2019 ID-SIRTII - Cyber 6
12/44
Growing Vulnerabilities
7/15/2010
12
* Gartner CIO Alert: Follow Gartners Guidelines for Updating Security on Internet Servers, Reduce Risks. J. Pescatore,
February 2003
** As of 2004, CERT/CC no longer tracks Security Incident statistics.
Incidents and Vulnerabilities Reported to CERT/CC
0
500
1000
1500
2000
25003000
3500
4000
4500
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
TotaVulneai
e
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
TotaSeryncdets
Vulnerabilities Security Incidents
Through 2008, 90 percent of
successful hacker attacks
will exploit well-knownsoftware vulnerabilities.
- Gartner*
8/7/2019 ID-SIRTII - Cyber 6
13/44
Potential Threats
Unstructured Threats Insiders Recreational Hackers Institutional Hackers
Structured Threats Organized Crime Industrial Espionage Hacktivists
National Security Threats Terrorists
Intelligence Agencies
Information Warriors
7/15/2010
13
8/7/2019 ID-SIRTII - Cyber 6
14/44
Cyber AttackCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw
8/7/2019 ID-SIRTII - Cyber 6
15/44
Cyberattack
Sudah sangat banyak seranganyang dilakukan di cyberspace.
Sebagian besar dipicu olehkejadian di dunia nyata.
Kejadian Estonia telahmembuka mata masyarakat di
seluruh dunia.
7/15/2010
15
8/7/2019 ID-SIRTII - Cyber 6
16/44
National Incidents
1 juta event (potential attacks) setiap hari, sebagianbesar datang dari US dan China.
Web deface menjadi aksi favorit.
Cyber Fraud, Phising, Email Spam dll.
Saling serang antar komunitas Indonesia dan Malaysia.
Dll.
8/7/2019 ID-SIRTII - Cyber 6
17/44
International Issues
BEIJING/OTTAWA (Reuters) - A cyber-espionage group based in southwestChina stole documents from the Indian Defense Ministry and emails from theDalai Lama's office, Canadian researchers said in a report on Tuesday.
TORONTO (Reuters) - A China-based cyber spy network has hacked intogovernment and private systems in 103 countries, including those of many
Indian embassies and the Dalai Lama, an Internet research group said. Afterinitial investigations when the group widened it research it found that theChina-based cyber espionage had hacked computer systems of embassies ofIndia, Pakistan, Germany, Indonesia, Thailand, South Korea and many othercountries.
(Reuters) The Chinese government is likely behind recent cyberattacks on
U.S. government Web sites and on U.S. companies in an apparent effort toquash criticism of the government there, an expert on U.S. and Chineserelations said. There's no conclusive proof that recent attacks on Google anddozens of other U.S. companies are directed by the Chinese government, butlogic would point to official Chinese involvement, said Larry Wortzel, amember of the U.S.-China Economic and Security Review Commission and aformer U.S. Army counterintelligence officer.
7/15/2010
17
8/7/2019 ID-SIRTII - Cyber 6
18/44
International Issues
(Reuters) - Israel is using its civilian technological advances to enhancecyberwarfare capabilities, the senior Israeli spymaster said on Tuesday ina rare public disclosure about the secret program. Using computernetworks for espionage -- by hacking into databases -- or to carry out
sabotage through so-called "malicious software" planted in sensitivecontrol systems has been quietly weighed in Israel against arch-foes likeIran.
(Reuters) - North Korea's communications ministry was behind a series ofcyber attacks against South Korean and U.S. websites in July, the South's
spy chief was quoted Friday as saying. Dozens of major U.S. and SouthKorean government and business sites were slowed or disabled withtraffic generated by malicious software planted on personal computersunknown to their users. South Korean officials said at the time that NorthKorea was a prime suspect.
7/15/2010
18
8/7/2019 ID-SIRTII - Cyber 6
19/44
Attacks Sophistication
7/15/2010
19
High
Low
1980 1985 1990 1995 2005
Intruder
Knowledge
Attack
Sophistication
Cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking
sessions
sweepers
sniffers
packet spoofing
GUIautomated probes/scans
denial of service
www attacks
Tools
stealth / advanced
scanning techniques
burglaries
network mgmt. diagnostics
distributedattack tools
Staged
AutoCoordinated
8/7/2019 ID-SIRTII - Cyber 6
20/44
Vulnerabilities Exploit Cycle
7/15/2010
20
Advanced
Intruders
Discover New
Vulnerability
Crude
Exploit ToolsDistributed
Novice Intruders
Use Crude
Exploit Tools
Automated
Scanning/Exploit
Tools Developed
Widespread Use
of AutomatedScanning/Exploit
Tools
Intruders
Begin
Using New
Typesof Exploits
Highest ExposureTime
# Of
Incidents
8/7/2019 ID-SIRTII - Cyber 6
21/44
Why Are Attacks so Often Successful
7/15/2010
21
Kurangnya deteksi, respons, dan eskalasi.
Tidak ada kebijakan atau prosedur formal untukmelakukan audit secara (pro) aktif dan/atau eventmanagement.
Kurangnya sistem authentication dan authorization.
Tidak ada batasan2 secara logic maupun organinasidalam sebuah network.
8/7/2019 ID-SIRTII - Cyber 6
22/44
What are The GreatestChallenges
22
8/7/2019 ID-SIRTII - Cyber 6
23/44
Cyber SecurityCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw
8/7/2019 ID-SIRTII - Cyber 6
24/44
Cybersecurity
Lead by ITU forinternational domain,while some standards areintroduced by differentinstitution (ISO, COBIT,ITIL, etc.)
Your security is mysecurity individual
behavior counts whilevarious collaborations areneeded
7/15/2010
24
Education, value, and ethicsare the best defense approaches.
8/7/2019 ID-SIRTII - Cyber 6
25/44
Strategies for Protection
7/15/2010
25
Protecting Information
Protecting Infrastructure
Protecting Interactions
8/7/2019 ID-SIRTII - Cyber 6
26/44
Mandatory Requirements
Critical infrastructures are those physical and cyber-based systems essential to the minimum operations ofthe economy and government. These systems are sovital, that their incapacity or destruction would have a
debilitating impact on the defense or economic securityof the nation.
Banking & Finance, Agriculture & Food, Chemical,Defense Industrial Base, Drinking Water and Wastewater
Treatment Systems, Emergency Services, Energy,Information Technology, Postal & Shipping, Public Health& Healthcare, Telecommunications, TransportationSystems
7/15/2010
26
8/7/2019 ID-SIRTII - Cyber 6
27/44
Metode Evaluasi
Complete Security Audit
Confidentiality, Integrity, Availability
Menggunakan standard (best practice)
Dilakukan pihak independen
Penetration Test :
Black Box
White Box Grey Box
Hasil hanya snapshot saat itu
Perlu dilakukan evaluasi berkala
27
7/15/2010
8/7/2019 ID-SIRTII - Cyber 6
28/44
System Under Test
Topologi
Network Element
Application
28
7/15/2010
8/7/2019 ID-SIRTII - Cyber 6
29/44
Best Practice Standard
7/15/2010
29
Access
Controls
Asset
Classification
Controls
Information
Security PolicySecurity
Organisation
Personnel
Security
Physical
SecurityCommunication
& Operations
Mgmt
System
Development &Maint.
Bus. Continuity
Planning
Compliance
Information
Integrity Confidentiality
Availability
1
2
3
4
5
6
7
8
9
10
ISO/IEC 27001:2005(Information technology - Security techniques -Information Security Management Systems - Requirements) The
standard in the UK is dual numbered BS 7799-2:2005.
8/7/2019 ID-SIRTII - Cyber 6
30/44
Cyber CrimeCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw
8/7/2019 ID-SIRTII - Cyber 6
31/44
Cybercrime
7/15/2010
31
Globally defined as INTERCEPTION,
INTERRUPTION, MODIFICATION, and
FABRICATION
Virtually involving international
boundaries and multi resources
Intentionally targeting to fulfill
special objective(s)
Convergence in nature with
intelligence efforts.
Crime has intentional objectives.Stay away from the bulls eye.
8/7/2019 ID-SIRTII - Cyber 6
32/44
Type of Attacks
32
8/7/2019 ID-SIRTII - Cyber 6
33/44
Motives of Activities
1. Thrill Seekers
2. Organized Crime
3. Terrorist Groups
4. Nation-States
7/15/2010
33
8/7/2019 ID-SIRTII - Cyber 6
34/44
Cyber LawCyberspace Cyberthreat Cyberattack Cybersecurity Cybercrime Cyberlaw
8/7/2019 ID-SIRTII - Cyber 6
35/44
Cyberlaw
7/15/2010
35
Difficult to keep updated as
technology trend moves
Different stories between the
rules and enforcement efforts
Require various infrastructure,
superstructure, and resources
Can be easily out-tracked bylaw practitioners
Cyberlaw is here to protect you.At least playing role in mitigation.
8/7/2019 ID-SIRTII - Cyber 6
36/44
First Cyber Law in Indonesia.
7/15/2010
36
Range of penalty: Rp 600 milli on - Rp 12 billi on (equal to US$ 60,000 to US$ 1,2 milli on) 6 to 12 years in prison (jail)
starting from
25 March 2008
Picture: Indonesia Parliament in Session
8/7/2019 ID-SIRTII - Cyber 6
37/44
Main Challenge.
7/15/2010
37
ILLEGAL
the distribution of
illegal materials within
the internet
ILLEGAL
the existence of
source with illegal
materials that can be
accessed through
the internet
8/7/2019 ID-SIRTII - Cyber 6
38/44
ID-SIRTIIIndonesia Security Incident Response Team on Internet Infrastructure
8/7/2019 ID-SIRTII - Cyber 6
39/44
8/7/2019 ID-SIRTII - Cyber 6
40/44
Mission and Objectives
To expedite the economic growth of the country through providingthe society with secure internet environment within the nation
1. Monitoring internet traffic for incident handling purposes.2. Managing log f iles to support law enforcement.3. Educating publ ic for securi ty awareness.4. Assisting institutions in managing security.5. Providing training to constituency and stakeholders.6. Running laboratory for simulation practices.7. Establishing external and international collaborations.
40
8/7/2019 ID-SIRTII - Cyber 6
41/44
Team and Structure
Deputy of Operationand Security
Deputy of Data Center,Applications & Database
Deputy of Researchand Development
Deputy of Educationand Public Affairs Deputy of ExternalCollaborations
General Secretary
Inspection Board Advisory Board
Ministry of ICTDirectorate ofPost & Telecommuni cation
41
8/7/2019 ID-SIRTII - Cyber 6
42/44
Topology Approach
42
8/7/2019 ID-SIRTII - Cyber 6
43/44
Lab Facilities
Network/Incident Simulation
Honeypot
Malware Anlysis
Digital Forensic
Data Mining/Warehouse
43
8/7/2019 ID-SIRTII - Cyber 6
44/44
Terima Kasih
Indonesia Security Incident Response Team on Internet InfrastructureMenara Ravindo 17th Floor, Jl. Kebon Sirih Kav. 75, Jakarta, Phone: 021 319 25551