Академический Документы
Профессиональный Документы
Культура Документы
Knowledge Domain
Cyber
Space
Cyber Cyber
Law Threat
Cyber Cyber
Crime Attack
Cyber
Security
7/15/2010
Cyber Space
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
4
Cyberspace
A reality community
between PHYSICAL WORLD
and ABSTRACTION WORLD
Posture of Internet
45 juta user tersebar di 18,000 pulau
7/15/2010
Internet Statistics
Populasi Penduduk Indonesia 240,271,522 (akhir 2009)
Information Roles
Kenapa Informasi Sangat Berharga?
Memuat data and fakta penting (news, reports,
statistics, transaction, logs, dll.)
Dapat menciptakan persepsi kepada publik
(market, politics, image, marketing, dll.)
Merepresentasikan asset yang bernilai (money,
documents, password, secret code, etc.)
Merupakan bahan dasar pengetahuan (strategy,
plan, intelligence, etc.)
7/15/2010
8
Apakah Internet ?
A giant network of networks where people
exchange information through various different
digital-based ways:
Cyber Threat
Motivnya bervarisasi
Dapat mengakibatkan
kerugian signifikan
terhadap ekonomi dan
politik
SMTP relay virus infection hoax malware distribution botnet open proxy
Threats are there to stay. root access theft sql injection trojan horse worms password cracking
Can’t do so much about it. spamming malicious software spoofing blended attack
11
Underground Economy
7/15/2010
12
Growing Vulnerabilities
Incidents and Vulnerabilities Reported to CERT/CC
4500 160,000
4000 “Through 2008, 90 percent of 140,000
500 20,000
0 0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore,
February 2003
** As of 2004, CERT/CC no longer tracks Security Incident statistics.
7/15/2010
13
Potential Threats
Unstructured Threats
Insiders
Recreational Hackers
Institutional Hackers
Structured Threats
Organized Crime
Industrial Espionage
Hacktivists
7/15/2010
Cyber Attack
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
15
Cyberattack
7/15/2010
National Incidents
1 juta event (potential attacks) setiap hari, sebagian
besar datang dari US dan China.
Dll.
17
International Issues
BEIJING/OTTAWA (Reuters) - A cyber-espionage group based in southwest
China stole documents from the Indian Defense Ministry and emails from the
Dalai Lama's office, Canadian researchers said in a report on Tuesday.
7/15/2010
18
International Issues
(Reuters) - Israel is using its civilian technological advances to enhance
cyberwarfare capabilities, the senior Israeli spymaster said on Tuesday in
a rare public disclosure about the secret program. Using computer
networks for espionage -- by hacking into databases -- or to carry out
sabotage through so-called "malicious software" planted in sensitive
control systems has been quietly weighed in Israel against arch-foes like
Iran.
7/15/2010
19
Attacks Sophistication
Auto
Coordinated
Cross site scripting Tools
“stealth” / advanced
High scanning techniques
packet spoofing denial of service Staged
Intruder
distributed
Knowledge sniffers
attack tools
sweepers www attacks
automated probes/scans
GUI
back doors
disabling audits network mgmt. diagnostics
hijacking
burglaries sessions
exploiting known vulnerabilities
Attack password cracking
Sophistication
self-replicating code
password guessing
Low
1980 1985 1990 1995 2005
7/15/2010
20
Advanced
Intruders
Discover New
Vulnerability
# Of
Incidents
7/15/2010
21
7/15/2010
What are The Greatest 22
Challenges
Cyber Security
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
24
Cybersecurity
Protecting Interactions
Protecting Information
Protecting Infrastructure
7/15/2010
26
Mandatory Requirements
• “Critical infrastructures are those physical and cyber-
based systems essential to the minimum operations of
the economy and government. These systems are so
vital, that their incapacity or destruction would have a
debilitating impact on the defense or economic security
of the nation.”
• Banking & Finance, Agriculture & Food, Chemical,
Defense Industrial Base, Drinking Water and Wastewater
Treatment Systems, Emergency Services, Energy,
Information Technology, Postal & Shipping, Public Health
& Healthcare, Telecommunications, Transportation
Systems
7/15/2010
27
Metode Evaluasi
Complete Security Audit
Penetration Test :
Black Box
White Box
Grey Box
Network Element
Application
7/15/2010
29
Access Physical
7 Controls Communication Security 5
& Operations
Mgmt 6
7/15/2010
Cyber Crime
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
31
Cybercrime
Type of Attacks
33
Motives of Activities
1. Thrill Seekers
2. Organized Crime
3. Terrorist Groups
4. Nation-States
7/15/2010
Cyber Law
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
35
Cyberlaw
starting from
25 March 2008
7/15/2010
37
Main Challenge.
ILLEGAL
“… the distribution of
illegal materials within
the internet …”
ILLEGAL
“… the existence of
source with illegal
materials that can be
accessed through
the internet …”
7/15/2010
ID-SIRTII
Indonesia Security Incident Response Team on Internet Infrastructure
39
Legal Framework
Undang-Undang No.36/1999
regarding National Telecommunication Industry
General Secretary
Topology Approach
43
Lab Facilities
Network/Incident Simulation
Honeypot
Malware Anlysis
Digital Forensic
Data Mining/Warehouse
Terima Kasih