04/19/23

Internet Security Aspects

Dr. Gulshan RaiDirector

Indian Computer Emergency Response Team (CERT-In)Department of Information Technology

2

The Complexity of Today’s Network

Pain points• Complexity

• Cost

• Agility

• Security

Router

Internet

Intranet

`

UnmanagedDevice

New PC

Internet

PerimeterNetwork

BranchOffices

Remote Workers

Home Users

Unmanaged Devices

Router

RouterRouter

Router

` ` `

` ` `

BranchOffices

Desktops

Laptops

Servers

Extranet Servers

Router

Network Infrastructure

Unmanaged Devices

Perimeter Network Servers

Trends shaping the future• Ubiquitous computing,

networking and mobility

• Embedded Computing

• Security

• IPv6

• VoIP

3

Growing Concern

• Computing Technology has turned against us

• Exponential growth in security incidents

• Rapid emergence of civilian and military groups worldwide

• Asymmetric warfare has arrived in cyberspace

4

Type of Attacks on Internet

• Web Site Defacements

• Port Scanning

• Malicious Code– VIRUS– BOTS

• Phishing

• DNS Attacks

• Denial of Service and DDoS

5

Phishing Web siteLegitimate Web Site

Phishing

6

Current Threat Rank

• China

• United States

• Belgium

• Germany

• France

7

Nature of Attacks in Cyber World• Rise of Cyber Spying

– Curiosity probes funded and organised operations for variety of purpose

– Web Espionage operation– Mapping of network, probing for weakness and strength

• Attackers targeting new technologies such as – Peer to peer and VOIP services– Social Network– On-line banking

• Sophisticated attacks– Attackers are refining their methods and consolidating assets

to create global networks that support coordinated criminal activity

04/19/23

Trends in Cyber Attacks (2007)• Phishing

– Around 392 phishing cases affecting financial institutions in India and abroad were observed in the year 2007

– Increase in cases of fast-flux phishing and rock-phish– 35% of phishing web sites were observed for financial services

sector brands

• Bots and Malicious Code– Botnets are evolving with increased number of Bots – The command & control server regularly shifting – Malicious Code with keystroke-logging and secluded

communications capacity are on rise and made confidential information threats a major concern

– 4% of all malicious activity detected during the first 6 months of 2007 originated from IP space registered to Fortune 100 companies

– Largely malicious code distribution is done through Social engineering techniques in today’s scenario

9

Trends in Cyber Attacks• Fake data about domain registrants on WHOIS directory

• Increased malicious activities in professional and commercial way– Trade of malicious code in popular forums such as IRC, Web-Sites

etc– Emergence of Phishing Toolkits– Automated toolkits that could exploit user systems who visit a

malicious or compromised website– Increasing number of underground economy servers which are

used by criminals and criminal organisations to sell stolen information, typically for subsequent use in identity theft.

10

Trends in Cyber Attacks

• The current threat environment is characterized by compound attacks simultaneously from different locations

• Convergence of malware authors, phishers, spammers and Bot-herders– Spamthru Trojan – use botnets for spamming and DDoS– Strom worm – spread through spam to increase botnet

and launch DDoS– Rock Phish – phishing sites of multiple brands hosted on

single server– Fast Flux DNS based hosting of Phishing sites

11

Constraints

• Emergent behavior of some vulnerabilities and system are not fully understood

• Still do not understand the full nature of risks• Nobody owns the problem

– Finger pointing among developers, network operators, system administrators and users

• No one wants to be first to disclose information• Immediacy of threat has led to too much focus

on near term needs – Patch rather than innovate

12

Challenges to be met

• Develop new approaches for eradicating wide spread, epidemic attacks in cyberspace

• Ensure that new, critical system currently on the drawing board are immune from destructive attack

• Appropriate legal framework and best practices• Design new computing system so that security

and privacy aspects of those systems are understandable and controllable by the user

13

Need for Collaborations

• To resolve incidents, we need to track actual attacker

• Information exchange is needed globally to mitigate Cyber attacks

• Stakeholders to ensure secure cyber space– Law Enforcement agencies– CERTs– Service providers, ISPs– Domain registrars– Domain owners– Industry

14

Collaborative Efforts

• Reconciling various legal regimes with technological capability

• Standard procedures/manuals among countries mandating service providers for supply of information

• Instant Information Sharing• Rapid Response to Security Incidents• Research and Development

– Internet Health Monitoring– DNS Security– Immune and Survivable Systems

15

Need of Today

• It’s important to get in at the beginning– Experience teaches us that these concerns

are hard to add after the fact

• The Internet experience inform us:– It is also a social system, not simply a

technology

• Once we give up privacy or security, we may not be able to regain it

• Important to assert a leadership role while we can!

16

Let us work together for a vision. Create an society in which spam, viruses and worms, the plagues of modern information technology are eliminated.

17

Thank you

http://www.cert-in.org.in