Cyber Security : Indian

perspective

8 Feb 2009

Dr. Gulshan Rai

Director, CERT-IN
Govt. of India
grai@mit.gov.in
 Web Evolution
Web Sites (WWW)

1993 Web Invented and implemented

130 Nos. web sites

1994 2738 Nos.

1995 23500 Nos.

2007 550 Million Nos.

2008 850 Million Nos.

Internet Infrastructure in INDIA

3
Innovation fostering the Growth of NGNs
• Smart devices
– Television
– Computers
– PDA
– Mobile Phone
(Single device to provide an end-to-end, seamlessly secure access)

• Application Simplicity
– Preference of single, simple and secure interface to access
applications or content
– Ubiquitous interface - web browser

• Flexible Infrastructure

Because of these areas of evolution, today’s NGNs are defined

more by the services they support than by traditional demarcation
of Physical Infrastructure.
 The Emergence of NGNs
• The communication network operating two years ago
are father’s telecommunication Network.
• NGNs are teenager’s Network.
• No longer consumer and business accept the limitation
of single-use device or network.
• Both individuals and Business want the ability to
communicate, work and be entertained over any device,
any time, anywhere.
• The demand of these services coupled with innovation
in technology is advancing traditional
telecommunication far outside its original purpose.
 The Complexity of Today’s Network
Changes Brought in IT Perimeter
Intranet Network
• Large network as backbone for
connectivity across the country
• Multiple Service providers for providing Laptops
links – BSNL, MTNL, Reliance, TATA, Extranet Servers

Rail Tel Servers

• Multiple Technologies to support Unmanaged

New PC
Router Router
network infrastructure CDMA, VSAT, Devices

DSL Router
Internet
Network
• Multiple Applications ` ` ` Infrastructure

Desktops
Branch

Trends shaping the future Perimeter Network

Branch
Offices
Offices

` ` `
Servers

Router Router
• Ubiquitous computing, networking and
mobility
• Embedded Computing Internet
• Security Unmanaged
• IPv6 Devices `

Router Home Users

• VoIP Unmanaged
Device Remote Workers

6
 Challenges for Network Operator
• Business challenges include new Pricing
Structure, new relationship and new competitors.

• Technical challenges include migrating and

integrating with new advances in technologies
from fibre optics, installation of Wi-Fi support.

• Developing a comprehensive Security Policy and

architecture in support of NGN services.
To Reap Benefits
• To reap benefits of NGN, the operator must
address
– Technology
– Risk
– Security
– Efficiency
 NGN Architecture
Identify Layer Partly
Trusted Untrusted

Compromises of end users owned by a telecom or a Internet

Third-Party
third-party service provider accessing services using
Application
devices like PC, PDA or mobile phone, to connect to
the Internet

Service Layer
Web Tier
Hosts service applications and provides a
framework for the creation of customer-focused
services provided by either operator or a third-party Service Provider
service provider Application

Service Delivery Platform

Network Layer Service
Delivery
Performs service execution, service management, Platform
(Service
network management and media control functions Common Framework
Provider )
Connects with the backbone network

Backbone Network
 Growing Concern
• Computing Technology has turned against us

• Exponential growth in security incidents

– Pentagon, US in 2007
– Estonia in April 2007
– Computer System of German Chancellory and three Ministries
– Highly classified computer network in New Zealand &
Australia

• Complex and target oriented software

• Common computing technologies and systems

• Constant probing and mapping of network systems

10
 Cyber Threat Evolution

Malicious
Identity Theft
Virus Code
(Phishing)
(Melissa)

Breaking Advanced Worm / Organised Crime

Web Sites Trojan (I LOVE Data Theft, DoS /
YOU) DDoS

1977 1995 2000 2003-04 2005-06 2007-08

Cyber attacks being observed
• Web defacement
• Spam
• Spoofing
• Proxy Scan
• Denial of Service
• Distributed Denial of Service
• Malicious Codes
– Virus
– Bots
• Data Theft and Data Manipulation
– Identity Theft
– Financial Frauds
• Social engineering Scams
Security Incidents reported during 2008

13
 Trends of Incidents
• Sophisticated attacks
– Attackers are refining their methods and consolidating assets to
create global networks that support coordinated criminal
activity

• Rise of Cyber Spying and Targeted attacks

– Mapping of network, probing for weakness/vulnerabilities

• Malware propagation through Website intrusion

– Large scale SQL Injection attacks like Asprox Botnet

• Malware propagation through Spam on the rise

– Storm worm, which is one of the most notorious malware
programs seen during 2007-08, circulates through spam
 Trends of Incidents
• Phishing
– Increase in cases of fast-flux phishing and rock-phish
– Domain name phishing and Registrar impersonation

• Crimeware
– Targeting personal information for financial frauds

• Information Stealing through social networking sites

• Rise in Attack toolkits

– Toolkits like Mpack and Neospolit can launch exploits for
browser and client-side vulnerabilities against users who
visit a malicious or compromised sites
Global Attack Trend

Source: Websense
Top originating countries – Malicious code

17
 Three faces of cyber crime

• Organised Crime

• Terrorist Groups

• Nation States

18
 Security of Information Assets
• Security of information & information assets is becoming a
major area of concern
• With every new application, newer vulnerabilities crop up,
posing immense challenges to those who are mandated to
protect the IT assets
• Coupled with this host of legal requirements and
international business compliance requirements on data
protection and privacy place a huge demand on
IT/ITES/BPO service organizations
• We need to generate ‘Trust & Confidence’
Challenges before the Industry
 Model Followed Internationally

• Internationally, the general approach has been to

have legal drivers supported by suitable
verification mechanism.
• For example, in USA Legal drivers have been
– SOX
– HIPPA
– GLBA
– FISMA etc.
• In Europe, the legal driver has been the “Data
Protection Act” supported by ISO27001 ISMS.
Information Security Management

INFORMATION SECURITY

Confidentiality Integrity Availability Authenticity

Security Policy
People
Regulatory Compliance
User Awareness Program
Access Control
Process Security Audit
Incident Response
Encryption, PKI
Technology Firewall, IPS/IDS
Antivirus

22
 Cyber Security Strategy – India
• Security Policy, Compliance and Assurance – Legal Framework
– IT Act, 2000
– IT (Amendment) Bill, 2006 – Data Protection & Computer crimes
– Best Practice ISO 27001
– Security Assurance Framework- IT/ITES/BPO Companies

• Security Incident – Early Warning & Response

– CERT-In National Cyber Alert System
– Information Exchange with international CERTs

• Capacity building
– Skill & Competence development
– Training of law enforcement agencies and judicial officials in the collection and analysis of digital
evidence
– Training in the area of implementing information security in collaboration with Specialised
Organisations in US

• Setting up Digital Forensics Centres

– Domain Specific training – Cyber Forensics

• Research and Development

– Network Monitoring
– Biometric Authentication
– Network Security

• International Collaboration
Status of security and quality compliance
in India
• Quality and Security
– Large number of companies in India have aligned their
internal process and practices to international standards
such as
• ISO 9000
• CMM
• Six Sigma
• Total Quality Management
– Some Indian companies have won special recognition for
excellence in quality out of 18 Deming Prize winners for
Total Quality Management in the last five years, six are
Indian companies.
ISO 27001/BS7799 Information Security
Management
• Government has mandated implementation of
ISO27001 ISMS by all critical sectors
• ISMS 27001 has mainly three components
– Technology
– Process
– Incident reporting and monitoring
• 296 certificates issued in India out of 7735
certificates issued worldwide
• Majority of certificates issued in India belong to
IT/ITES/BPO sector
 Information Technology – Security Techniques
Information Security Management System

World China Italy Japan Spain India USA

ISO 9000 951486 210773 115309 73176 65112 46091 36192
(175 counties)
27001 7732 146 148 276 93 296 94
 CERT-In Work Process
Detection Analysis Dissemination & Support

Department of
Information ISP Hot Liners
Technology
Major ISPs

Private Sectors
Foreign Ptns

Home Users

Analysis
Dissemination

Press & TV /
Detect

Radio

Recovery
Distributed Honeypot Deployment
 PC & End User Security: Auto Security Patch Update
Windows Security Patch Auto Update

Microsoft Download Ctr.

Internet
`

ActiveX DL Server

No. of Download ActiveX: 18 Million Sec. Patch ActiveX Site

 PC & End User Security
Incident Response Help Desk

Internet

PSTN

• Make a call using 1800 – 11 - 4949

• Send fax using 1800 – 11 - 6969
• Communicate through email at incident@cert-in.org.in
• Number of security incidents handled during 2008 (till Oct): 1425
• Vulnerability Assessment Service
 Int’l Co-op: Cyber Security Drill
Joint International Incident Handling Coordination Drill

• Participated APCERT International Incident • Participated APCERT International Incident

Handling Drill 2006
• Participants: 13 APCERT Members and New
Zealand, Vietnam including 5 major Korean
ISPs
• Scenario: Countermeasure against Malicious
Code and relevant infringement as DDoS attack
Handling Drill 2007
• Participants: 13 APCERT Members + Korean
ISPs
• Scenario: DDoS and Malicious Code Injection
• To be Model: World Wide Cyber Security
Incidents Drill among security agencies
 Thank you

Incident Response Help Desk

Phone: 1800 11 4949
FAX: 1800 11 6969
e-mail: incident at cert-in.org.in
http://www.cert-in.org.in