I Know Your Secret ! Strategy to Secure Your Data and Files
Prof. Richardus Eko Indrajit DrBA Ir MSc MBA MPhil MA/MSi CEH CHFI ECSA/LPT EDRP ECIH
ACPM CWM ICWM
Agenda for Today
Cyber-‐6 The Security and Crime Phenomena
Personal “Hack” Threats on the Online World
Protect Me! Safeguarding Your Info Assets
Agenda for Today
Cyber-‐6 The Security and Crime Phenomena
Personal “Hack” Threats on the Online World
Protect Me! Safeguarding Your Info Assets
About the Cyber Space
A reality community between PHYSICAL WORLD and ABSTRACTION WORLD
1.4 billion of real human popula�on (internet users)
Trillion US$ of poten�al commerce value
Billion business transac�ons per hour in 24/7 mode
Internet is a VALUABLE thing indeed. Risk is embedded within.
Informa�on as Valuable Assets
Why informa�on? – It consists of important data and facts (news, reports, sta�s�cs, transac�on, logs, etc.)
– It can create percep�on to the public (market, poli�cs, image, marke�ng, etc.)
– It represents valuable assets (money, documents, password, secret code, etc.)
– It is a raw material of knowledge (strategy, plan, intelligence, etc.)
Internet as an Online Arena
A giant network of networks where people exchange informa�on through various different digital-‐based ways:
“… what is the value of internet ???”
Email Mailing List Website
Cha�ng Newsgroup Blogging
E-‐commerce E-‐marke�ng E-‐government
About the Cyber Threat
The trend has increased in an exponen�al rate mode
Mo�ves are vary from recrea�onal to criminal purposes
Can caused significant economic losses and poli�cal suffers
Difficult to mi�gate
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
Threats are there to stay. Can’t do so much about it.
Crackers Threat
Unstructured Threats – Insiders – Recrea�onal Hackers – Ins�tu�onal Hackers
Structured Threats – Organized Crime – Industrial Espionage – Hack�vists
Na�onal Security Threats – Terrorists – Intelligence Agencies – Informa�on Warriors
Vulnerabili�es Threat
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Incidents and Vulnerabilities Reported to CERT/CC
0500
10001500200025003000350040004500
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
Tota
l Vul
nera
bilit
ies
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
Tota
l Sec
urity
Inci
dent
s
Vulnerabilities Security Incidents
“Through 2008, 90 percent of successful hacker attacks will exploit well-known
software vulnerabilities.” - Gartner*
About the Cyber A�ack
Too many a�acks have been performed within the cyberspace.
Most are triggered by the cases in the real world.
The eternal wars and ba�les have been in towns lately.
Estonia notorious case has opened the eyes of all people in the world. A�ack can occur any�me and anyplace
without no�ce.
A�acks Sophis�ca�on
High
Low
1980 1985 1990 1995 2005
Intruder Knowledge
Attack Sophistication
Cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
sweepers
sniffers
packet spoofing
GUI automated probes/scans
denial of service
www attacks
Tools “stealth” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staged
Auto Coordinated
Exploita�on Cycle
Advanced Intruders Discover New Vulnerability
Crude Exploit Tools
Distributed
Novice Intruders Use Crude
Exploit Tools
Automated Scanning/Exploit Tools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Highest Exposure Time
# Of Incidents
About the Cyber Security
Lead by ITU for interna�onal domain, while some standards are introduced by different ins�tu�on (ISO, ITGI, ISACA, etc.)
“Your security is my security” – individual behavior counts while various collabora�ons are needed Educa�on, value, and ethics
are the best defense approaches.
Risk Management Aspect of Security
Risk
Vulnerabilities Threats
Controls
Security Requirements
Asset Values
Assets
Protect against
Exploit
Reduce
Expose
Have Met by
Impact on Organisation
Spectrum of Security
Physical security Procedural security Personnel security Compromising emana�ons security Opera�ng system security Communica�ons security a failure in any of these areas can undermine the security of a system
Best Prac�ce Standard
BS7799/ISO17799
Access Controls
Asset Classification
Controls
Information Security Policy
Security Organisation
Personnel Security
Physical Security Communication
& Operations Mgmt
System Development &
Maint.
Bus. Continuity Planning
Compliance
Informa�on
Integrity Confiden�ality
Availability
1
2
3
4
5
6
7
8
9
10
About the Cyber Crime
Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION
Virtually involving inter na�onal boundaries and mul� resources
Inten�onally targe�ng to fulfill special objec�ve(s)
Convergence in nature with intelligence efforts.
Crime has inten�onal objec�ves. Stay away from the bull’s eye.
About the Cyber Law
Difficult to keep updated as technology trend moves
Different stories between the rules and enforcement efforts
Require various infrastructure, superstructure, and resources
Can be easily “out-‐tracked” by law prac��oners
Cyberlaw is here to protect you. At least playing role in mi�ga�on.
First Cyber Law in Indonesia
Range of penalty: • Rp 600 million -‐ Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) • 6 to 12 years in prison (jail)
starting from 25 March 2008
Picture: Indonesia Parliament in Session
Main Challenge
ILLEGAL “… the distribution of illegal materials within the internet …”
ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”
Agenda for Today
Cyber-‐6 The Security and Crime Phenomena
Personal “Hack” Threats on the Online World
Protect Me! Safeguarding Your Info Assets
Agenda for Today
Cyber-‐6 The Security and Crime Phenomena
Personal “Hack” Threats on the Online World
Protect Me! Safeguarding Your Info Assets
Top Related