About mmCERT (Our Issue, Challenges & Initiatives) · o Nowadays cyber security initiatives become...
Transcript of About mmCERT (Our Issue, Challenges & Initiatives) · o Nowadays cyber security initiatives become...
About mmCERT (Our Issue, Challenges & Initiatives)
ITU Cybersecurity Forum and Cyber Drill
Vientiane, Lao PDR 9-11 December 2013
Copyright @2013, mmCERT/cc
Ye Yint Min Thu Htut mmCERT/cc
Table of Contents
mmCERT Initiatives
Cyber Security Issues
Challenges
Conclusion
Copyright @2013, mmCERT/cc
mmCERT Initiatives
Myanmar Computer Emergency Response Team (mmCERT)
was formed by e-National Task Force according to the
Initiative of ASEAN Integration (IAI) agreement in July 2004.
mmCERT is a non profit organization and wholly government
funded since 2004.
mmCERT is a transitioning member of APCERT since
December, 2011.
mmCERT/cc was launched by Ministry of Communication and
Information Technology in December 2010.
Copyright @2013, mmCERT/cc
Ministry of Communication and Information Technology (MCIT)
Myanmar Post and Telecommunications (MPT)
Information and Technology Department (IT Dept.)
mmCERT/cc
Management = 3
Staff = 9
Organization Structure
Related Organizations Global • Internal CERT/CSIRT Local • Internet Service Providers • Data Centers • Government Agencies • Cyber Crime Unit • MCF, MCPA • Businesses • Internet Users
Copyright @2013, mmCERT/cc
Functions of mmCERT/cc
Operation
Incident Handling
Web Monitoring (MM)
Research Tsubame
ITMA 3
Awareness
www.mmcert.org.mm
Weekly Electronic Newsletter, Pamphlet
International Cooperation
Cyber Security Exercise (Drill) Training/ Workshop/ Conference
Seminar, Training
Security Auditing (Check List) & Advisory
Support
HRD, Finance & Administration ISMS & Mission Support
Copyright @2013, mmCERT/cc
Cyber Security Issues
DDoS Attack in Data Center
Targeted DDoS/ DoS Attack
Targeted E.Mail Attack
Web Defacement
SPAM E.Mail
Phishing
Scanning
Violation of Privacy in SNS
2012 - 2013
Copyright @2013, mmCERT/cc
4%
0% 29%
6%
17%
38%
2%
4%
Type of Incidents
Scanning
Sniffing
DoS
DDoS
Malware
Exploiting knownVulnerabilitiesLogin Account
Unauthorized use
Incident Statistics in 2013
Copyright @2013, mmCERT/cc
Example Incident
Exploiting Weakness of Framework
Used Outdated framework (Joomla 1.5.x)
Copyright @2013, mmCERT/cc
Example Incident
Copyright @2013, mmCERT/cc
Exploiting Weakness of Framework
Can easily found several exploit on net
Exploited & Defaced
Challenges
Copyright @2013, mmCERT/cc
Human Resource Development
Professional Skillful Workers
Penetration Tester
Malware Analyst
Incident Handler
Forensic Expert
Challenges
Copyright @2013, mmCERT/cc
Best Achievement
Standard Penetration Testing Methodology
Standard System Security Guide
Standard Security Assessment / Advisory
Report
o Nowadays cyber security initiatives become national strategic level
with government’s direction.
o Myanmar’s economic development is gradually growing up late 2010.
o More and more incidents are waiting for us.
o We need security assessment in the various sectors.
We expect to promote collaboration with
international organizations especially ITU, IMPACT,
JPCERT and ASEAN member states.
We expect training / materials / guidance from them.
Conclusion
Copyright @2013, mmCERT/cc
www.mmcert.org.mm [email protected]
+95 9 452338122
Thank you for your attention. Q & A
Copyright @2013, mmCERT/cc