Prof. Richardus Eko Indrajit
Chairman of ID-‐SIRTII and APTIKOM
indrajit@post.harvard.edu www.eko-‐indrajit.com
About ID-‐SIRTII and APTIKOM
; The Na�onal CSIRT/CERT of Indonesia (quasi government ins�tu�on)
; Conduc�ng traffic monitoring and log management of the country’s
internet infrastructure
; Coordina�ng more than 300 ISPs all over the na�on
; Responsible for safeguarding internet infrastructure used by mission cri�cal ins�tu�ons
; Associa�on of IT colleges and universi�es in Indonesia
; Consist of 750 higher-‐learning development and shared-‐
resources/services ini�a�ves
Knowledge Domain: The Cyber Six
Cyber Space
Cyber Threat
Cyber A�ack
Cyber Security Cyber
1
Cyberspace.
; A reality community between PHYSICAL WORLD and
ABSTRACTION WORLD
; 1.4 billion of real human popula�on (internet users)
; Trillion US$ of poten�al commerce value
; Billion business transac�ons per hour in 24/7 mode
Internet is a VALUABLE thing indeed. Risk is embedded within.
Informa�on Roles
;
Why informa�on?
–
It consists of important data and facts (news, reports,
sta�s�cs, transac�on, logs, etc.)
–
It can create percep�on to the public (market, poli�cs,
image, marke�ng, etc.)
–
It represents valuable assets (money, documents,
password, secret code, etc.)
–
It is a raw material of knowledge (strategy, plan,
What is Internet ?
;
A giant network of networks where people exchange
informa�on through various different digital-‐based ways:
Email Mailing List Website
Cha�ng Newsgroup Blogging
E-‐commerce E-‐marke�ng E-‐government
2
Cyberthreat.
n The trend has increased in
an exponential rate mode
n Motives are vary from
recreational to criminal purposes
n Can caused significant
economic losses and political suffers
n Difficult to mitigate
Threats are there to stay. Can’t do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
Interna�onal Issues
;
What Does FBI Say About Companies:
– 91% have detected employee abuse
– 70% indicate the Internet as a frequent a�ack point – 64% have suffered financial losses
– 40% have detected a�acks from outside – 36% have reported security incidents
Source: FBI Computer Crime and Security
Growing Vulnerabili�es
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Incidents and Vulnerabilities Reported to CERT/CC
0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
To
Vulnerabilities Security Incidents “
“Through 2008, 90 percent of successful hacker attacks will exploit well-known software
vulnerabilities.””
Poten�al Threats
Unstructured Threats
w Insidersw Recrea�onal Hackers w Ins�tu�onal Hackers
Structured Threats
w Organized Crime w Industrial Espionage w Hack�vists
Na�onal Security Threats
w Terrorists3
Cybera�ack.
; Too many a�acks have been
performed within the cyberspace.
; Most are triggered by the cases in the real world.
; The eternal wars and ba�les have been in towns lately.
; Estonia notorious case has opened the eyes of all people in the world.
A�acks Sophis�ca�on
Cross site scripting
password guessing
self-replicating code password cracking
exploiting known vulnerabilities disabling audits
back doors
hijacking sessions sweepers
sniffers packet spoofing
GUI automated probes/scans denial of service
www attacks
Tools
“
“stealth”” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staged Auto
Vulnerabili�es Exploit Cycle
Advanced Intruders Discover New Vulnerability
Crude Exploit Tools Distributed
Novice Intruders Use Crude Exploit Tools
Automated
Scanning/Exploit Tools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Highest Exposure
Time # Of
4
Cybersecurity.
Educa�on, value, and ethics are the best defense approaches.
; Lead by ITU for interna�onal domain, while some standards are introduced by different ins�tu�on (ISO, ITGI, ISACA, etc.)
; “Your security is my security”
Strategies for Protec�on
Protecting Information
Mandatory Requirements
;
“
Cri�cal infrastructures are those physical and cyber-‐
based systems essen�al to the minimum opera�ons of
the economy and government. These systems are so
vital, that their incapacity or destruc�on would have a
debilita�ng impact on the defense or economic
security of the na�on.
”
;
Agriculture & Food, Banking & Finance, Chemical,
Defense Industrial Base, Drinking Water and
Informa�on Security Disciplines
;
Physical security
;
Procedural security
;
Personnel security
;
Compromising emana�ons security
;
Opera�ng system security
;
Communica�ons security
a failure in any of these areas can undermine the
Best Prac�ce Standard
InformationSecurity Policy Communication
& Operations Mgmt System
Development & Maint. Bus. Continuity
Planning
Compliance
Informa�on
Integrity Confiden�ality
Availability
5
Cybercrime.
n Globally defined as INTERCEPTION,
INTERRUPTION, MODIFICATION, and FABRICATION
n Virtually involving inter national
boundaries and multi resources
n Intentionally targeting to fulfill
special objective(s)
n Convergence in nature with
intelligence efforts.
Mo�ves of Ac�vi�es
6
Cyberlaw.
n Difficult to keep updated as
technology trend moves
n Different stories between the
rules and enforcement efforts
n Require various infrastructure,
superstructure, and resources
n Can be easily “out-tracked” by
law practitioners
The Crime Scenes
IT as a Tool
First Cyber Law in Indonesia.
Range of penalty:
; Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) ; 6 to 12 years in prison (jail)
starting from
25 March 2008
Main Challenge.
ILLEGAL
“… the distribution of illegal materials within the internet …”
ILLEGAL
ID-‐SIRTII Mission and Objec�ves.
“
“To expedite the economic growth of the country through providing the society with secure internet environment within the nation””
1. Monitoring internet traffic for incident handling purposes.
2. Managing log files to support law enforcement.
3. Educating public for security awareness.
4. Assisting institutions in managing security.
5. Providing training to constituency and stakeholders.
6. Running laboratory for simulation practices.
Cons�tuents and Stakeholders.
ID-SIRTII ISPs
NAPs
IXs
Law Enforcement
National Security Communities
International CSIRTs/CERTs
Government of Indonesia
Coordina�on Structure.
ID-SIRTII (CC)
as National CSIRT
Sector CERT Internal CERT Vendor CERT Commercial CERT
Bank CERT
Airport CERT
University CERT
GOV CERT
Military CERT
SOE CERT
SME CERT
Telkom CERT
BI CERT
Police CERT
KPK CERT
Lippo CERT
KPU CERT
Pertamina CERT
Hospital CERT UGM CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
Major Tasks.
INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS
Reactive Services Proactive Services Security Quality
Management Services
1. Monitoring traffic Alerts and Warnings Announcements
Technology Watch
Intrusion Detection Services
x
2. Managing log files Artifact Handling x x
3. Educating public x x Awareness Building
4. Assisting institutions Security-Related Information
Dissemnination
Vulnerability Handling
Intrusion Detection Services
Security Audit and Assessment
Configuration and Maintenenace of Security Tools, Applications,
and Infrastructure
Security Consulting
5. Provide training x X Education Training
6. Running laboratory x x Risk Analysis
BCP and DRP
Incidents Defini�on and Samples.
web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
““one or more intrusion events that you suspect are involved in a possible violation of your security policies””
““an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel””
““any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat””
““an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the
Priori�es on Handling Incidents.
TYPE OF INCIDENT AND ITS PRIORITY
Public Safety and National Defense
(Very Priority)
Economic Welfare
(High Priority)
Political Matters
(Medium Priority)
Social and Culture Threats
(Low Priority)
1. Interception Many to One One to Many Many to Many Automated Tool (KM-Based Website)
2. Interruption Many to One One to Many Many to Many Automated Tool (KM-Based Website)
3. Modification Many to One One to Many Many to Many Automated Tool (KM-Based Website)
Core Chain of Processes.
Response and Handle Incidents
Establish External and International Collaborations Run Laboratory for Simulation Practices Provide Training to Constituency and Stakeholders
Assist Institutions in Managing Security Educate Public for Security Awareness
Deliver Process and
Research Vital Statistics
Legal Framework.
Undang-Undang No.36/1999
regarding National Telecommunication Industry
Peraturan Pemerintah No.52/2000
regarding Telecommunication Practices
Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006
regarding Security on IP-Based Telecommunication Network Management
Peraturan Menteri No.26/PER/M.KOMINFO/2007
regarding Indonesian Security Incident Response Team on Internet Infrastructure
Challenges to ID-‐SIRTII Ac�vi�es.
;
Preven�on
– “Securing” internet-‐based transac�ons
– Reducing the possibili�es of successful a�acks
– Working together with ISP to inhibit the distribu�on of illegal
materials
;
Reac�on
– Preserving digital evidence for law enforcement purposes – Providing technical advisory for further mi�ga�on process
;
Quality Management
– Increasing public awareness level
Work Philosophy.
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Holis�c Framework.
SECURE INTERNET INFRASTRUCTURE
ENVIRONMENT
People Process Technology
Log File
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
Two Way Rela�onship
Cyber
Space
Real
World
“
Two Way Rela�onship
relate relate
Cyber
Space
Real
World
real interaction real transaction
real resources real people
flow of information flow of product/services
Two Way Rela�onship
Cyber
Space
Real
World
Ethics Law
Rule of Conduct Mechanism
Cyber Law
“
Classic Defini�on of War
WAR is here to stay…
““Can Cyber Law alone
become the weapon for modern defense
against 21st century
Cyber Warfare & Cyber
impact
Two Way Rela�onship
Cyber
Space
impactTwo Way Rela�onship
Incidents
Interna�onal Events Published
Books Materials
Interests
Two Way Rela�onship
Journalism
Anonymous Interac�on
Provoca�on
The Paradox of Increasing Internet Value
internet
users transac�on value interac�on frequency communi�es spectrum usage objec�ves
+
+
+
+
=
The Internet Value
threats
it means…
Internet Security Issues Domain
through connec�ng a set of digital-‐ protocols ; All technical components (hardware and so�ware) interact to each other within a complex dependent…
Technical Trend Perspec�ve
malicious
code vulnerabili�es spam and spyware phishing and iden�fy the� �me to exploita�on
the phenomena…
the efforts…
Firewalls
An�spyware
An�Virus
So�ware Patches
Web and Email Security
Malware Blocking
Network Access Control
Intrusion Preven�on
Applica�on and Device Control
Business Trend Perspec�ve
Regulatory Compliance
Governance Requirements
Management
Enforcement
the strategy…
IT Audit
Technology Compliance
Disaster Recovery Center
Security Management
Backup and Recovery
ISO Compliance
Storage and Backup Management Business Con�ngency Plan
Applica�on and Device Control
Archiving and Reten�on Management
Chief Security Officer
Social Trend Perspec�ve
the characteris�cs…
the choices… Everywhere
Borderless Geography
The Core Rela�onships
People
(Social Aspects)
Technology
(Technical Aspects)
Context/Content
Applica�ons
Converging Trend
T
ECHNICAL
ISSUES
B
USINESS
ISSUES
Internetworking Dependency
Since the
strength
of a chain
depends on the
weakest
link,
Things to Do
1. Iden�fy your valuable assets 2. Define your security perimeter
3. Recognize all related par�es involved
4. Conduct risk analysis and mi�ga�on strategy 5. Ensure standard security system intact
6. Ins�tu�onalize the procedures and mechanism 7. Share the experiences among others
8. Con�nue improving security quality
Key ac�vi�es: use the THEORY OF CONSTRAINTS ! (Find the weakest link, and help them to
What should we do?
;
Monitoring the dynamic environment happening in real world
and cyber world?
;
Building effec�ve procedures and mechanism among
ins�tu�ons responsible for these two worlds?
;
Forming interna�onal framework for collabora�on and
coopera�on to combat cyber crimes?
;
Finding the most fast and effec�ve methodology to educate
society on cyber security?
;
Developing and adop�ng mul�-‐lateral cyber law conven�on?
Lessons Learned
;
As the value of internet increase, so does the risk of having it
in our life.
;
Hackers and crackers help each others, why shouldn
’
t we
collaborate?
Prof. Richardus Eko Indrajit
Chairman of ID-‐SIRTII and APTIKOM
indrajit@post.harvard.edu www.eko-‐indrajit.com