Cyber Security : Indian

perspective
 2010 Survey: Study Highlights

• In past 12 months, 75% of companies experienced cyber attackes

• Loss of USD 2mn annually
•Every enterprise(100%) experienced Cyber losses in 2009
•Top 3 reported losses: loss of IPR, customer card info and customer PIR
•Top 3 costs : productivity, revenue and loss of customer trust
•Network security(44%), End point security(44%), Messaging Security(39%)
•Top 3 standards ISO, HIPAA, SOX,CIS,PCI and ITIL
 Web Evolution

Web Sites (WWW)

1993 Web Invented and implemented

130 Nos. web sites

1994 2738 Nos.

1995 23500 Nos.

2007 550 Million Nos.

2008 850 Million Nos.

Internet Infrastructure in INDIA

5
Innovation fostering the Growth of
NGNs
Smart devices
Television
Computers
PDA
Mobile Phone
(Single device to provide an end-to-end, seamlessly secure
access)

Application Simplicity
Preference of single, simple and secure interface to
access
applications or content
Ubiquitous interface - web browser
Flexible Infrastructure
Because of these areas of evolution, today’s NGNs are
defined
more by the services they support than by traditional
demarcation of Physical Infrastructure.
The Emergence of
NGNs
The communication network operating two years
ago are father’s telecommunication Network.
NGNs are teenager’s Network.
No longer consumer and business accept the
limitation of single-use device or network.
Both individuals and Business want the ability to
communicate, work and be entertained over any
device, any time, anywhere.
The demand of these services coupled with
innovation in technology is advancing traditional
telecommunication far outside its original purpose.
 The Complexity of Today’s Network
Changes Brought in IT Perimeter
Network
Intranet
• Large network as backbone for
connectivity across the country
• Multiple Service providers for
Laptops
providing links – BSNL, MTNL, Extranet Servers

Reliance, TATA, Rail Tel Servers

• Multiple Technologies to support

New PC
network infrastructure CDMA, VSAT, Unmanaged
Devices
Router Router

DSL Router
• Multiple Applications InternetNetwork
Infrastructure

Desktops
Branch
Branch Offices

Trends shaping the Perimeter Network

Offices

Servers
future Router
Router

• Ubiquitous computing, networking

and mobility
• Embedded Computing Internet
• Security
Unmanaged
• IPv6 Devices
• VoIP
Router Home Users
Unmanaged
Device Remote Workers

8
Challenges for Network
Operator
Business challenges include new Pricing Structure,
new relationship and new competitors.

Technical challenges include migrating and

integrating with new advances in technologies
from fibre optics, installation of Wi-Fi support.

Developing a comprehensive Security Policy and

architecture in support of NGN services.
To Reap Benefits
To reap benefits of NGN, the operator must address
Technology
Risk
Security
Efficiency
NGN Architecture
Identify Layer Partly
Trusted Untrusted

Compromises of end users owned by a telecom or a Internet

Third-Party
third-party service provider accessing services using
Application
devices like PC, PDA or mobile phone, to connect to
the Internet

Service Layer
Web Tier

Hosts service applications and provides a

framework for the creation of customer-focused
services provided by either operator or a third-party
Service Provider
service provider Application

Service Delivery Platform

Network Layer Service
Delivery
Platform
Performs service execution, service management, (Service
network management and media control functions Provider ) Common Framework

Connects with the backbone network

Backbone Network
Growing Concern
Computing Technology has turned against us

Exponential growth in security incidents

Pentagon, US in 2007
Estonia in April 2007
Computer System of German Chancellory and three
Ministries
Highly classified computer network in New Zealand &
Australia

Complex and target oriented software

Common computing technologies and systems

Constant probing and mapping of network systems

12
Cyber Threat
Evolution

Malicious
Code Identity Theft
Virus (Phishing)
(Melissa)

Breaking Advanced Worm / Organised Crime

Web Sites Trojan (I LOVE Data Theft, DoS /
YOU) DDoS

1977 1995 2000 2003-04 2005-06 2007-08

Cyber attacks being
observed
Web defacement
Spam
Spoofing
Proxy Scan
Denial of Service
Distributed Denial of Service
Malicious Codes

Virus
Bots
Data Theft and Data Manipulation
Identity Theft
Financial Frauds
Social engineering Scams
Security Incidents reported during 2008

15
Trends of Incidents
Sophisticated attacks
Attackers are refining their methods and consolidating
assets to create global networks that support coordinated
criminal activity

Rise of Cyber Spying and Targeted attacks

Mapping of network, probing for weakness/vulnerabilities

Malware propagation through Website intrusion

Large scale SQL Injection attacks like Asprox Botnet

Malware propagation through Spam on the rise

Storm worm, which is one of the most notorious malware
programs seen during 2007-08, circulates through spam
Trends of Incidents
Phishing
Increase in cases of fast-flux phishing and rock-phish
Domain name phishing and Registrar impersonation

Crimeware
Targeting personal information for financial frauds

Information Stealing through social networking

sites

Rise in Attack toolkits

Toolkits like Mpack and Neospolit can launch exploits for
browser and client-side vulnerabilities against users who
visit a malicious or compromised sites
Global Attack Trend

Source: Websense
Top originating countries – Malicious code

19
Three faces of cyber
crime

Organised Crime

Terrorist Groups

Nation States

20
 Security of Information Assets
Security of information & information assets is
becoming a major area of concern

With every new application, newer vulnerabilities crop

up, posing immense challenges to those who are
mandated to protect the IT assets

Coupled with this host of legal requirements and

international business compliance requirements on data
protection and privacy place a huge demand on
IT/ITES/BPO service organizations

We need to generate ‘Trust & Confidence’

Challenges before the Industry
Model Followed Internationally
Internationally, the general approach has been to
have legal drivers supported by suitable
verification mechanism.
For example, in USA Legal drivers have been
SOX
HIPPA
GLBA
FISMA etc.

In Europe, the legal driver has been the “Data

Protection Act” supported by ISO27001 ISMS.
Information Security Management

INFORMATION SECURITY

Confidentiality Integrity Availability Authenticity

Security Policy
People Regulatory Compliance
User Awareness Program
Access Control
Security Audit
Process Incident Response
Encryption, PKI
Firewall, IPS/IDS
Antivirus
Technology

24
 Cyber Security Strategy – India
• Security Policy, Compliance and Assurance – Legal Framework
– IT Act, 2000
– IT (Amendment) Bill, 2006 – Data Protection & Computer crimes
– Best Practice ISO 27001
– Security Assurance Framework- IT/ITES/BPO Companies

• Security Incident – Early Warning & Response

– CERT-In National Cyber Alert System
– Information Exchange with international CERTs

• Capacity building
– Skill & Competence development
– Training of law enforcement agencies and judicial officials in the collection and analysis of digital
evidence
– Training in the area of implementing information security in collaboration with Specialised
Organisations in US

• Setting up Digital Forensics Centres

– Domain Specific training – Cyber Forensics

• Research and Development

– Network Monitoring
– Biometric Authentication
– Network Security

• International Collaboration
Status of security and quality compliance
in
India
Quality and Security
Large number of companies in India have aligned
their internal process and practices to international
standards such as
ISO 9000
CMM
Six Sigma
Total Quality Management

Some Indian companies have won special recognition

for excellence in quality out of 18 Deming Prize
winners for Total Quality Management in the last five
years, six are Indian companies.
ISO 27001/BS7799 Information
Security
Management
Government has mandated implementation of
ISO27001 ISMS by all critical sectors
ISMS 27001 has mainly three components
Technology
Process
Incident reporting and monitoring

296 certificates issued in India out of 7735

certificates issued worldwide
Majority of certificates issued in India belong to
IT/ITES/BPO sector
 Information Technology – Security
Techniques
Information Security Management System
World China Italy Japan Spain India USA
ISO 9000 951486 210773 115309 73176 65112 46091 36192
(175 counties)

27001 7732 146 148 276 93 296 94

 CERT-CERT-In Work Process

Detection Analysis Dissemination & Support

Department of
Information ISP Hot Liners
Technology

Major ISPs

Private Sectors
Foreign Ptns

Home Users

Analysis

Disseminati
on
Detect
Press & TV /
Radio

Recovery
Distributed Honeypot Deployment
PC & End User Security: Auto Security Patch
Update
Windows Security Patch Auto Update

Microsoft Download Ctr.

Internet

ActiveX DL Server

No. of Download ActiveX: 18 Million

Sec. Patch ActiveX Site
PC & End User
Security
Incident Response Help Desk

Internet

PSTN

• Make a call using 1800 – 11 - 4949

• Send fax using 1800 – 11 - 6969
• Communicate through email at [email protected]
• Number of security incidents handled during 2008 (till Oct): 1425
• Vulnerability Assessment Service
Int’l Co-op: Cyber Security
Drill
Joint International Incident Handling Coordination Drill

• Participated APCERT International Incident • Participated APCERT International Incident

Handling Drill 2006 Handling Drill 2007
• Participants: 13 APCERT Members and New • Participants: 13 APCERT Members + Korean
Zealand, Vietnam including 5 major Korean ISPs
ISPs • Scenario: DDoS and Malicious Code Injection
• Scenario: Countermeasure against Malicious • To be Model: World Wide Cyber Security
Code and relevant infringement as DDoS attack Incidents Drill among security agencies
Cyberforensics

Branch of forensic science pertaining to legal evidence found in computers

and digital storage media
Preservation
• Evidence changed, court case is gone
Identification
• Of the 100,000 files, what is evidence of a crime?
Extraction
• Take the evidence off the hard drive for presentation
Documentation
• Document what you found to present in court
Interpretation
• Interpret the evidence in light of the charges
Something about Botnet

A botnet operator sends out viruses or worms, infecting ordinary users' computers,
whose payload is a malicious application—the bot.

The bot on the infected PC logs into a particular C&C server (often an IRC server, but, in
some cases a web server).

A spammer purchases access to the botnet from the operator.

The spammer sends instructions via the IRC server to the infected PCs, causing them to
send out spam messages to mail servers
Related Websites

http://www.cyberforensics.in

http://pcquest.ciol.com

http://cert.in

http://isaca.org
http://www.youtube.com/watch?v=NZYi1iJsXRc&featur
e=related

http://www.cyberforensics.in/Default.aspx