KEAMANAN INFORMASI DAN INTERNET PDF

Preview

Summary

Special Presenta�on on  KEAMANAN INFORMASI DAN INTERNET  Konsep – Prinsip – Strategi – Implementasi – Tata Kelola  Prof. Richardus Eko Indrajit  Execu�ve Chairman of ID‐SIRTII    eko@idsir�i.or.id  www.EkoIndrajit.com   Apa yang harus DILAKUKAN ?  Apa yang harus DILAKUKAN ?  Apa yang harus DILAKUKAN...

Description

Accelerat ing t he world's research.

KEAMANAN INFORMASI DAN INTERNET Richardus Eko Indrajit

Related papers

Download a PDF Pack of t he best relat ed papers 

Special Presenta�on on 

KEAMANAN INFORMASI DAN INTERNET  Konsep – Prinsip – Strategi – Implementasi – Tata Kelola 

Prof. Richardus Eko Indrajit  Execu�ve Chairman of ID‐SIRTII 

 

eko@idsir�i.or.id  www.EkoIndrajit.com  

Apa yang harus DILAKUKAN ? 

Apa yang harus DILAKUKAN ? 

Apa yang harus DILAKUKAN ? 

Apa yang harus DILAKUKAN ? 

Apa yang harus DILAKUKAN ? 

Apa yang harus DILAKUKAN ? 

Fenomena LAMA, Perilaku BARU 

             

Anak pertama lahir  Anak gadis dimarahin orang tua  Suami bertengkar dengan istri  Komputer dan telpon rusak  Pegawai naik pangkat  Pergi ke toilet di tempat publik  Silaturahmi keluarga saat hari raya   dan lain sebagainya 

FUNGSI VERTIKAL : pengambilan keputusan

Fungsi Strategis TI 

FUNGSI HORISONTAL: transaksi

Prinsip Pemanfaatan Teknologi Informasi #1    TI sebagai penunjang kegiatan operasional atau  transaksional  –  Mengirimkan uang antar bank  –  Memesan karcis pesawat  –  Mengambil mata kuliah per semester  –  Membeli pulsa telepon  –  Mengak��an peralatan elektronik  dan lain sebagainya 

Prinsip Pemanfaatan Teknologi Informasi #2    TI sebagai penunjang proses pengambilan keputusan  –  Menyimpan dan mengorganisasikan data  –  Mengolah dan merepresentasikan data  –  Membuat laporan berkala maupun ad‐hoc  –  Menjalankan skenario dan simulasi kompleks  –  Mengelola informasi dan pengetahuan  dan lain sebagainya 

Prinsip Pemanfaatan Teknologi Informasi #3    TI sebagai penunjang ak�vitas komunikasi dan  kolaborasi  –  Mengirimkan dokumen dan berkas digital  –  Melakukan pembicaraan lintas batas  –  Menjalankan ak�vitas kooperasi virtual  –  Mengunduh data dari beragam sumber  –  Mengunggah informasi ke berbagai tempat  dan lain sebagainya 

Kenyataan Tak Terabaikan    Dunia nyata dan dunia cyber telah saling berkonvergensi  saling melengkapi    Ak�vitas kegiatan sehari‐hari terjadi di kedua dunia tersebut    Jumlah interaksi antar individu dan ins�tusi/organisasi  meningkat secara signifikan    Jenis teknologi semakin beragam dan manusiawi     Potensi melakukan kegiatan intelijen berbasis digital semakin  besar (e.g. sudah dijalankan) 

Agenda for Today    Cyber‐6: Revisi�ng the Global Trend on Internet    The Roles of ID‐SIRTII in the Na�on    Holis�c Approach on Comba�ng Cyber Crime 

Agenda for Today    Cyber‐6: Revisi�ng the Global Trend on Internet    The Roles of ID‐SIRTII in the Na�on    Holis�c Approach on Comba�ng Cyber Crime 

Knowledge Domain: The Cyber Six 

Cyber  Space  Cyber  Law 

Cyber  Threat 

Cyber  Crime 

Cyber  A�ack  Cyber  Security 

1 Cyberspace.    A reality community between  PHYSICAL WORLD and  ABSTRACTION WORLD    1.4 billion of real human  popula�on (internet users)    Trillion US$ of poten�al  commerce value    Billion business transac�ons  per hour in 24/7 mode 

Internet is a VALUABLE thing indeed.  Risk is embedded within.  17 

Informa�on Roles    Why informa�on?  –  It consists of important data and facts (news, reports,  sta�s�cs, transac�on, logs, etc.)  –  It can create percep�on to the public (market, poli�cs,  image, marke�ng, etc.)  –  It represents valuable assets (money, documents,  password, secret code, etc.)  –  It is a raw material of knowledge (strategy, plan,  intelligence, etc.)  

What is Internet ?    A giant network of networks where people exchange  informa�on through various different digital‐based ways: 

Email 

Mailing List 

Website 

Cha�ng 

Newsgroup 

Blogging 

E‐commerce 

E‐marke�ng 

E‐government 

“… what is the value of internet ???“

2 Cyberthreat.     

 

 

The trend has increased in an exponential rate mode Motives are vary from recreational to criminal purposes Can caused significant economic losses and political suffers Difficult to mitigate web defacement

Threats are there to stay.  Can’t do so much about it. 

SMTP relay root access

information leakage

virus infection theft spamming

hoax

sql injection

phishing

intrusion

malware distribution trojan horse

malicious software

spoofing

Dos/DDoS

botnet

worms

open proxy

password cracking

blended attack

20 

Interna�onal Issues    What Does FBI Say About Companies:  –  –  –  –  – 

91% have detected employee abuse  70% indicate the Internet as a frequent a�ack point  64% have suffered financial losses  40% have detected a�acks from outside  36% have reported security incidents 

    Source: FBI Computer Crime and Security 

Survey 2001 

Professions Threat 

Knowledge Threats 

So�ware Tools Threat 

Vulnerabili�es‐dBase Threat 

Hacking‐dBase Threat 

Underground Economy 

Growing Vulnerabili�es  Incidents and Vulnerabilities Reported to CERT/CC 4500

2500

“Through 2008, 90 percent of successful hacker attacks will exploit well-known software vulnerabilities.” ”

2000

- Gartner*

3500 3000

140,000 120,000 100,000 80,000 60,000

1500 1000

40,000

500

20,000

0

0 1995

1996

1997

1998

1999

Vulnerabilities

2000

2001

2002

2003

2004

Security Incidents

* Gartner  CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003  ** As of  2004, CERT/CC no longer tracks Security Incident sta�s�cs. 

Total Security Incidents

Total Vulnerabilities

4000

160,000

Poten�al Threats 

Unstructured Threats       

 Insiders   Recrea�onal Hackers   Ins�tu�onal Hackers 

Structured Threats       

Organized Crime  Industrial Espionage  Hack�vists 

Na�onal Security Threats    Terrorists    Intelligence Agencies     Informa�on Warriors 

3 Cybera�ack.    Too many a�acks have been  performed within the cyberspace.    Most are triggered by the cases in the  real world.    The eternal wars and ba�les have  been in towns lately.    Estonia notorious case has opened the  eyes of all people in the world. 

A�ack can occur any�me and  anyplace without no�ce. 

Internet and Crimes 

MENINGKAT  SIGNIFIKAN !!! 

ID‐SIRTII Monitoring Analysis 

Case #1 

Case #2 

Case #3 

Case #4 

Case #5 

A�acks Sophis�ca�on 

Auto Coordinated

Tools

Cross site scripting ” / advanced
stealth”

High

scanning techniques packet spoofing denial of service

Intruder Knowledge

sniffers sweepers GUI

Staged

distributed attack tools www attacks automated probes/scans

back doors network mgmt. diagnostics

disabling audits

hijacking sessions

burglaries

exploiting known vulnerabilities

Attack Sophistication

password cracking self-replicating code password guessing

Low 1980

1985

1990

1995

2005

Vulnerabili�es Exploit Cycle 

Novice Intruders Use Crude Exploit Tools

Crude Exploit Tools Distributed

Automated Scanning/Exploit Tools Developed Widespread Use of Automated Scanning/Exploit Tools

Advanced Intruders Discover New Vulnerability # Of  Incidents 

Time 

Highest Exposure

Intruders Begin Using New Types of Exploits

File Management 

Microsoft Excel

URL Management 

URL

Directory Traversal Management 

Directory Traversal

Mailing List Management 

Email Reply

Live Camera Management 

Java Applet

Surveillance Camera Management 

Web Monitor

Security Camera Management 

Sony

Mul�ple Camera Management 

Multi Frame

4 Cybersecurity.    Lead by ITU for interna�onal  domain, while some standards  are introduced by different  ins�tu�on (ISO, ITGI, ISACA,  etc.)    Your security is my security”  – individual behavior counts  while various collabora�ons  are needed 

Educa�on, value, and ethics   are the best defense approaches. 

Risk Management Aspect 

Threats

Exploi t

Vulnerabilities

Protect against

Controls

Expose

Reduce

Risk 

Assets

Met by

Have

Security Requirements

Asset Values

Impact on Organisation

Strategies for Protec�on 

Protecting Interactions

Protecting Information

Protecting Infrastructure

Physical Security Checklist 

Informa�on Security Checklist 

Mandatory Requirements  Cri�cal infrastructures are those physical and cyber‐ based systems essen�al to the minimum opera�ons of  the economy and government.  These systems are so  vital, that their incapacity or destruc�on would have a  debilita�ng impact on the defense or economic  security of the na�on.”    Agriculture & Food, Banking & Finance, Chemical,  Defense Industrial Base, Drinking Water and  Wastewater Treatment Systems, Emergency Services,  Energy, Informa�on Technology, Postal & Shipping,  Public Health & Healthcare, Telecommunica�ons,  Transporta�on Systems 

 



Informa�on Security Disciplines    Physical security    Procedural security    Personnel security    Compromising emana�ons security    Opera�ng system security    Communica�ons security     a failure in any of these areas can undermine the  security of a system  

Best Prac�ce Standard 

BS7799/ISO17799

1 

Information Security Policy

10 

Security Organisation

Compliance

2 

9 

Bus. Continuity Planning 8 

Integrity 

Confiden�ality 

Asset Classification Controls

3 

Informa�on 

System Development & Maint.

7 

Access Controls

Personnel Security

Availability 

Communication & Operations Mgmt

Physical Security 6 

5 

4 

These Two Guys ….. 

versus

5 Cybercrime.   

     

Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION Virtually involving inter national boundaries and multi resources Intentionally targeting to fulfill special objective(s) Convergence in nature with intelligence efforts. Crime has inten�onal objec�ves.  Stay away from the bull’s eye. 

Type of A�acks 

Malicious Ac�vi�es 

Mo�ves of Ac�vi�es  1.  2.  3.  4. 

Thrill Seekers   Organized Crime   Terrorist Groups  Na�on‐States 

6 Cyberlaw.         

Difficult to keep updated as technology trend moves Different stories between the rules and enforcement efforts Require various infrastructure, superstructure, and resources Can be easily out-tracked” by law practitioners

Cyberlaw is here to protect you.  At least playing role in mi�ga�on. 

The Crime Scenes 

IT as a Tool

IT as a Storage Device

IT as a Target

First Cyber Law in Indonesia. 

Range of penalty:   Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)   6 to 12 years in prison (jail)

starting from

25 March 2008

Picture: Indonesia Parliament in Session

Main Challenge. 

ILLEGAL … the distribution of illegal materials within the internet …”

ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”

Agenda for Today    Cyber‐6: Revisi�ng the Global Trend on Internet    The Roles of ID‐SIRTII in the Na�on    Holis�c Approach on Comba�ng Cyber Crime 

The Background  It all starts from the hacking incident to the Na�onal Elec�on System in 2004:    WHO should response to the NATIONAL LEVEL ICT incident ? 

HACKED !!!

The National Tabulation System

The Founda�on  The Founders 

National Constitution UU No.36/1999 regarding National Telecommunication Industry Ministry of ICT

Government Regulation No.52/2000

ICT Professional Association

regarding Telecommunication Practices ISP Association

Established on May 2006 as the National CSIRT/CC of Indonesia Minister of ICT Decree No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure

National Police

General Attorney

Department of Justice

The Mission  To provide the society with a secure internet environment 

The Major Tasks 

Monitoring internet traffic for incident management   Managing traffic log files for law enforcement  Advising cri�cal infrastructure ins�tu�ons   Educa�ng public on informa�on security aspect  Conduc�ng training and development effort   Running simula�on laboratory and R&D center  Genera�ng external and interna�onal collabora�ons 

The Main Ac�vi�es 

Core Process 

Cons�tuents 

Monitor  Internet  Traffic 

Analyse  Incidents  Response and  Handle Incidents  Deliver  Required  Log Files 

Manage  Log Files 

Report on  Incident  Handling  Management  Process and  Research  Vital  Sta�s�cs 

Suppor�ng Ac�vi�es 

Educate Public for Security Awareness  Assist Ins�tu�ons in Managing Security  Provide Training to Cons�tuency and Stakeholders  Run Laboratory for Simula�on Prac�ces  Establish External and Interna�onal Collabora�ons 

Customers 

The Cons�tuents 

ISPs    NAPs    IXs  sponsor  Government  of Indonesia 

Law  Enforcement 

ID-SIRTII

Na�onal  Security  Communi�es 

Interna�onal  CSIRTs/CERTs 

The CERTs Topology 

ID-SIRTII (CC) as National CSIRT

Sector CERT

Internal CERT

Vendors CERT

Community CERT

Bank CERT

Telkom CERT

Cisco CERT

A CERT

Airport CERT

SGU CERT

Microsoft CERT

B CERT

University CERT

Police CERT

Oracle CERT

C CERT

GOV CERT

KPK CERT

SUN CERT

D CERT

Military CERT

CIMB CERT

IBM CERT

Lemsaneg CERT

SOE CERT

KPU CERT

SAP CERT

PANDI CERT

SME CERT

Pertamina CERT

Yahoo CERT

Security FIRST

Hospital CERT

Kominfo CERT

Google CERT

Central Bank CERT

Other CERTs

Other CERTs

Other CERTs

ID-CERT

The People  Ministry of ICT Directorate of Post & Telecommunication

Inspection Board

Advisory Board

Chairman Vice Chairman

General Secretary

Deputy of Operation and Security

Deputy of Research and Development

Deputy of Data Center, Applications & Database

Deputy of Education and Public Affairs

Deputy of External Collaborations

with 25 Staff Employees 

The Technology  Covering 80% of total internet traffic within the country … 

The Holis�c View 

SECURE INTERNET INFRASTRUCTURE ENVIRONMENT

MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD People

Process

Technology

Advisory Board

Preventive and Reactive

Traffic Monitoring System

Executive Board

Quality Mngt. System

Log File Management System

STAKEHOLDERS COLLABORATION AND SUPPORT NATIONAL REGULATION AND GOVERNANCE STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT

Interna�onal Link and Partners                         

MyCERT  SingCERT  ThaiCERT  BrCERT  VietnamCERT  BangCERT  JPCERT/CC  KrCERT/CC  APCERT  FIRST/USA  BhutanCERT  CamCERT 

   

MMCERT  MongCERT 

 

ChinaCERT  KirzhistanCERT 

 

IndiaCERT  UzbekCERT 

       

AzerbaijanCERT 

 

PhCERT  SrilankaCERT 

 

Kiriba�CERT  AusCERT 

   

OIC‐CERT 

The Headquarter 

Ravindo Tower   17th Floor  Kebon Sirih Kav. 75   Jakarta 10340,   Indonesia 

Work Philosophy 

Why does a car have BRAKES ???

The car have BRAKES so that it can go FAST … !!!

Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?

Agenda for Today    Cyber‐6: Revisi�ng the Global Trend on Internet    The Roles of ID‐SIRTII in the Na�on    Holis�c Approach on Comba�ng Cyber Crime 

Two Way Rela�onship 



Real  World 

Cyber  Space 

Physical War””

“Virtual War””

Two Way Rela�onship 

Real  World 

relate 

relate 

real interaction real transaction real resources real people flow of information flow of product/services flow of money

Cyber  Space 

Two Way Rela�onship 

Ethics Law

Real  World 

Cyber  Space 

Rule of Conduct Mechanism

Cyber Law Ruling

Cyber Space interaction with Real World Penalty” ”

Classic Defini�on of War 

WAR is here to stay… “Can Cyber Law alone become the weapon for modern defense against 21st century Cyber Warfare & Cyber Crime?“

Two Way Rela�onship 

Real  World 

impact 

impact 

Cyber  Space 

Two Way Rela�onship 

blackmail threaten destroy attack

mess up

ruin