Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany
description
Transcript of Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany
![Page 1: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/1.jpg)
Analysis of the BotNet EcosystemPossible impact on Mobile Network Operators (MNO) and a proposal for Communication Service Provider (CSP) to address the security threat
CTTE 2011 · 16-18 May, 2011, Berlin, Germany
Jan KokNokia Siemens Networks GmbH & Co. KG Munich
Germany
Bernhard KurzNokia Siemens Networks GmbH &
Co. KG Munich Germany
Speaker: 101064551 林大慶
![Page 2: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/2.jpg)
/242
Outline•Botnet 原理與潛在威脅。•Botnet 的利益關係與影響。•Solution 的架構。
![Page 3: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/3.jpg)
/243
Botnet 原理以及潛在的威脅 Principles of a Botnet Botnet Statistics How to create and maintain a Botnet
![Page 4: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/4.jpg)
/244
Botnet 原理以及潛在的威脅•Principles of a Botnet
![Page 5: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/5.jpg)
/245
Botnet 原理以及潛在的威脅•Botnet Statistics
![Page 6: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/6.jpg)
/246
Botnet 原理以及潛在的威脅•Botnet Statistics
![Page 7: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/7.jpg)
/247
Botnet 原理以及潛在的威脅•How to create and maintain a Botnet
• Toolkit-Zeus• Dec. 2009, USD 700
![Page 8: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/8.jpg)
/248
Botnet 的利益關係與影響•A. Botnet Ecosystem•B. Why is a MNO more affected than a
FNO?•C. Trends about Mobile Malware•D. Predicting the Market Window•E. Financial Impact•F. Loss of Integrity•G. Loss of Profit due to increased Claims
![Page 9: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/9.jpg)
/249
Botnet 的利益關係與影響•A. Botnet EcosystemPicture 4: Botnet Ecosystem - Roles, Interaction and
Money FlowSource: Nokia Siemens Networks
![Page 10: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/10.jpg)
/2410
Botnet 的利益關係與影響•B. Why is a MNO more affected than a
FNO?▫SIM 存有用戶特定的資料▫App 會存取用戶特定的資料,如社交網路▫利用行動裝置可以取得用戶的位置 information▫ 使用者不認為自己有責任保護自己的行動裝置▫行動裝置有多個接面與外界連接▫能用的頻譜有限, MNO 要更嚴格管理他的流量
![Page 11: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/11.jpg)
/2411
Botnet 的利益關係與影響•C. Trends about Mobile Malware
![Page 12: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/12.jpg)
/2412
Botnet 的利益關係與影響•D. Predicting the Market Window
![Page 13: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/13.jpg)
/2413
Botnet 的利益關係與影響•E. Financial Impact
▫用戶提出索賠,營業利潤減少▫用戶流失,收益減少▫(A MNO in Germany with an installed base
of 39 million subscribers and an annual revenue of EUR 8 billion in 2009)
▫Network performance 三指標 Loss of Integrity Loss of Availability (x) Loss of Stability (x)
![Page 14: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/14.jpg)
/2414
Botnet 的利益關係與影響•F. Loss of Integrity
▫用戶對 MNO 的保密失去信心 預測 2012 年會增加 0.5% 的客戶流失率 損失 EUR 74 million ( 不包括損失信譽或是其他用戶失去信心 )
![Page 15: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/15.jpg)
/2415
Botnet 的利益關係與影響•G. Loss of Profit due to increased Claims
▫用戶資料遭到濫用 Passwords, credit card credentials EUR 33 million/4years
The potential losses are estimated to be the range of EUR 100 million over a period of four years(2012 till 2015)
![Page 16: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/16.jpg)
/2416
Solution 的架構
![Page 17: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/17.jpg)
/2417
Solution 的架構•Analysis
▫honeypot▫multiple information source▫knowledge
addresses, used communication protocols the structure of the serves that control the
Bot characteristics that can be used to detect
malware suggestions for the disinfection of victims
![Page 18: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/18.jpg)
/2418
Solution 的架構•Detection
▫monitor the traffic packet inspection the evaluation of traffic attributes
![Page 19: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/19.jpg)
/2419
Solution 的架構•Mitigation
▫鑑定受感染的裝置和客戶▫通知用戶▫提供掃毒的資訊▫自動開啟掃毒工具▫將收集來的資訊分享給第三方
![Page 20: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/20.jpg)
/2420
Solution 的架構•Prevention
▫隔離使用者 封鎖 IP addresses, domains or protocols 抑制它與 C&C serve 溝通 防止其他裝置再被感染 監控
![Page 21: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/21.jpg)
/2421
Solution 的架構•Anti-Botnet Operation Center
▫負責協調各個模組間的功能,亦能成為第三方的接口,如:與外部專家或其他營運商交換資料
![Page 22: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/22.jpg)
/2422
Solution 的架構
![Page 23: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/23.jpg)
/2423
Solution 的架構•整合在 4G 網路中•其他方法
▫Serving GPRS Support Node (SGSN)▫Gateway GPRS Support Node (GGSN)▫SMS Service Centre (SMS-SC)
![Page 24: Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany](https://reader035.fdocuments.in/reader035/viewer/2022062310/56816978550346895de16b9f/html5/thumbnails/24.jpg)
/2424
Conclusion