Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Security Aspects Dr. Gulshan Rai Director Indian Computer Emergency Response Team (CERT-In) Department of Information Technology.

Published byChastity Karin French Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet Security Aspects Dr. Gulshan Rai Director Indian Computer Emergency Response Team (CERT-In) Department of Information Technology."— Presentation transcript:

1 Internet Security Aspects Dr. Gulshan Rai Director Indian Computer Emergency Response Team (CERT-In) Department of Information Technology

2 2 The Complexity of Today’s Network Pain points Complexity Cost Agility Security Router Internet Intranet Unmanaged Device New PC Internet Perimeter Network Branch Offices Remote Workers Home Users Unmanaged Devices Router Branch Offices Desktops Laptops Servers Extranet Servers Router Network Infrastructure Unmanaged Devices Perimeter Network Servers Trends shaping the future Ubiquitous computing, networking and mobility Embedded Computing Security IPv6 VoIP

3 3 Growing Concern Computing Technology has turned against us Exponential growth in security incidents Rapid emergence of civilian and military groups worldwide Asymmetric warfare has arrived in cyberspace

4 4 Type of Attacks on Internet Web Site Defacements Port Scanning Malicious Code –VIRUS –BOTS Phishing DNS Attacks Denial of Service and DDoS

5 5 Phishing Web site Legitimate Web Site Phishing

6 6 Current Threat Rank China United States Belgium Germany France

7 7 Nature of Attacks in Cyber World Rise of Cyber Spying –Curiosity probes funded and organised operations for variety of purpose –Web Espionage operation –Mapping of network, probing for weakness and strength Attackers targeting new technologies such as –Peer to peer and VOIP services –Social Network –On-line banking Sophisticated attacks –Attackers are refining their methods and consolidating assets to create global networks that support coordinated criminal activity

8 Trends in Cyber Attacks (2007) Phishing –Around 392 phishing cases affecting financial institutions in India and abroad were observed in the year 2007 –Increase in cases of fast-flux phishing and rock-phish –35% of phishing web sites were observed for financial services sector brands Bots and Malicious Code –Botnets are evolving with increased number of Bots –The command & control server regularly shifting –Malicious Code with keystroke-logging and secluded communications capacity are on rise and made confidential information threats a major concern –4% of all malicious activity detected during the first 6 months of 2007 originated from IP space registered to Fortune 100 companies –Largely malicious code distribution is done through Social engineering techniques in today’s scenario

9 9 Trends in Cyber Attacks Fake data about domain registrants on WHOIS directory Increased malicious activities in professional and commercial way –Trade of malicious code in popular forums such as IRC, Web-Sites etc –Emergence of Phishing Toolkits –Automated toolkits that could exploit user systems who visit a malicious or compromised website –Increasing number of underground economy servers which are used by criminals and criminal organisations to sell stolen information, typically for subsequent use in identity theft.

10 10 Trends in Cyber Attacks The current threat environment is characterized by compound attacks simultaneously from different locations Convergence of malware authors, phishers, spammers and B ot-herders –Spamthru Trojan – use botnets for spamming and DDoS –Strom worm – spread through spam to increase botnet and launch DDoS –Rock Phish – phishing sites of multiple brands hosted on single server –Fast Flux DNS based hosting of Phishing sites

11 11 Constraints Emergent behavior of some vulnerabilities and system are not fully understood Still do not understand the full nature of risks Nobody owns the problem –Finger pointing among developers, network operators, system administrators and users No one wants to be first to disclose information Immediacy of threat has led to too much focus on near term needs – Patch rather than innovate

12 12 Challenges to be met Develop new approaches for eradicating wide spread, epidemic attacks in cyberspace Ensure that new, critical system currently on the drawing board are immune from destructive attack Appropriate legal framework and best practices Design new computing system so that security and privacy aspects of those systems are understandable and controllable by the user

13 13 Need for Collaborations To resolve incidents, we need to track actual attacker Information exchange is needed globally to mitigate Cyber attacks Stakeholders to ensure secure cyber space –Law Enforcement agencies –CERTs –Service providers, ISPs –Domain registrars –Domain owners –Industry

14 14 Collaborative Efforts Reconciling various legal regimes with technological capability Standard procedures/manuals among countries mandating service providers for supply of information Instant Information Sharing Rapid Response to Security Incidents Research and Development –Internet Health Monitoring –DNS Security –Immune and Survivable Systems

15 15 Need of Today It’s important to get in at the beginning –Experience teaches us that these concerns are hard to add after the fact The Internet experience inform us: –It is also a social system, not simply a technology Once we give up privacy or security, we may not be able to regain it Important to assert a leadership role while we can!

16 16 Let us work together for a vision. Create an society in which spam, viruses and worms, the plagues of modern information technology are eliminated.

17 17 Thank you http://www.cert-in.org.in

Download ppt "Internet Security Aspects Dr. Gulshan Rai Director Indian Computer Emergency Response Team (CERT-In) Department of Information Technology."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Cyber Crime and Technology

Cyber Crime and Technology
© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Saif Bin Ghelaita Director of Technologies & Standards TRA UAE

Saif Bin Ghelaita Director of Technologies & Standards TRA UAE
Cyber Security : Indian perspective 8 Feb 2009 Dr. Gulshan Rai Director, CERT-IN Govt. of India

Cyber Security : Indian perspective 8 Feb 2009 Dr. Gulshan Rai Director, CERT-IN Govt. of India
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.

Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.
An Overview to Information Security and Security Initiatives in India Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In)

An Overview to Information Security and Security Initiatives in India Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In)
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.

Network Vulnerability Scanning Xiaozhen Xue Dept. of Computer Science Texas Tech University, USA Akbar Siami Namin Dept. of Computer.
Geneva, Switzerland, 15-16 September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
Preparedness for cybersecurity threats domestic aspects of cyber security Jaan Priisalu.

Preparedness for cybersecurity threats domestic aspects of cyber security Jaan Priisalu.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Similar presentations

Ads by Google