Prof. Richardus Eko Indrajit
indrajit@post.harvard.edu
KEAMANAN INFORMASI DAN INTERNET
Konsep – Prinsip – Strategi – Implementasi – Tata Kelola
Fenomena LAMA, Perilaku BARU
Anak pertama lahir
Anak gadis dimarahin orang tua
Suami bertengkar dengan istri
Komputer dan telpon rusak
Pegawai naik pangkat
Pergi ke toilet di tempat publik
Silaturahmi keluarga saat hari raya
Fungsi Strategis TI
FUNGSI HORISONTAL: transaksi
FUNGSI VERTIKAL
Prinsip Pemanfaatan Teknologi Informasi #1
TI sebagai penunjang kegiatan operasional atau transaksional
– Mengirimkan uang antar bank
– Memesan karcis pesawat
– Mengambil mata kuliah per semester
– Membeli pulsa telepon
– Mengak��an peralatan elektronik
Prinsip Pemanfaatan Teknologi Informasi #2
TI sebagai penunjang proses pengambilan keputusan
– Menyimpan dan mengorganisasikan data
– Mengolah dan merepresentasikan data
– Membuat laporan berkala maupun ad-‐hoc
– Menjalankan skenario dan simulasi kompleks
– Mengelola informasi dan pengetahuan
Prinsip Pemanfaatan Teknologi Informasi #3
TI sebagai penunjang ak�vitas komunikasi dan kolaborasi
– Mengirimkan dokumen dan berkas digital
– Melakukan pembicaraan lintas batas
– Menjalankan ak�vitas kooperasi virtual
– Mengunduh data dari beragam sumber
– Mengunggah informasi ke berbagai tempat
Kenyataan Tak Terabaikan
Dunia nyata dan dunia cyber telah saling berkonvergensi
saling melengkapi
Ak�vitas kegiatan sehari-‐hari terjadi di kedua dunia tersebut
Jumlah interaksi antar individu dan ins�tusi/organisasi
meningkat secara signifikan
Jenis teknologi semakin beragam dan manusiawi
è Potensi melakukan kegiatan intelijen berbasis digital semakin
1
Cyberspace.A reality community between PHYSICAL WORLD and
ABSTRACTION WORLD
1.4 billion of real human popula�on (internet users)
Informa�on Roles
Why informa�on?
– It consists of important data and facts (news, reports,
sta�s�cs, transac�on, logs, etc.)
– It can create percep�on to the public (market, poli�cs,
image, marke�ng, etc.)
– It represents valuable assets (money, documents,
password, secret code, etc.)
– It is a raw material of knowledge (strategy, plan,
What is Internet ?
A giant network of networks where people exchange
informa�on through various different digital-‐based ways:
Email Mailing List Website
Cha�ng Newsgroup Blogging
E-‐commerce E-‐marke�ng E-‐government
2
Cyberthreat.n The trend has increased in an exponential rate mode
n Motives are vary from recreational to criminal purposes
n Can caused significant economic losses and political suffers
n Difficult to mitigate
Interna�onal Issues
What Does FBI Say About Companies:
– 91% have detected employee abuse
– 70% indicate the Internet as a frequent a�ack point – 64% have suffered financial losses
– 40% have detected a�acks from outside – 36% have reported security incidents
Source: FBI Computer Crime and Security
Growing Vulnerabili�es
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Incidents and Vulnerabilities Reported to CERT/CC
0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
To
Vulnerabilities Security Incidents
“
“Through 2008, 90 percent of successful hacker attacks will exploit well-known software
vulnerabilities.””
Poten�al Threats
Unstructured Threats
w Insiders
w Recrea�onal Hackers
w Ins�tu�onal Hackers
Structured Threats
w Organized Crime
w Industrial Espionage
w Hack�vists
Na�onal Security Threats
w Terrorists
w Intelligence Agencies
3
Cybera�ack.Too many a�acks have been
performed within the cyberspace.
Most are triggered by the cases in the real world.
The eternal wars and ba�les have been in towns lately.
Estonia notorious case has opened the eyes of all people in the world.
Internet and Crimes
A�acks Sophis�ca�on
Cross site scripting
password guessing
self-replicating code password cracking
exploiting known vulnerabilities disabling audits
back doors
hijacking sessions sweepers
sniffers packet spoofing
GUI automated probes/scans
denial of service
www attacks
Tools “
“stealth”” / advanced
scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staged Auto
Vulnerabili�es Exploit Cycle
Advanced Intruders Discover New Vulnerability
Crude Exploit Tools Distributed
Novice Intruders Use Crude Exploit Tools
Automated
Scanning/Exploit Tools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Highest Exposure
Time # Of
File Management
URL Management
Directory Traversal Management
Mailing List Management
Live Camera Management
Surveillance Camera Management
Security Camera Management
Mul�ple Camera Management
Strategies for Protec�on
Protecting Information
Mandatory Requirements
Informa�on Security Disciplines
Physical security
Procedural security
Personnel security
Compromising emana�ons security
Opera�ng system security
Communica�ons security
a failure in any of these areas can undermine the
Best Prac�ce Standard Information
Security Policy Communication
& Operations Mgmt System
Development & Maint. Bus. Continuity
Planning
Compliance
Informa�on
Integrity Confiden�ality
Availability
These Two Guys …..
5
Cybercrime.n Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION
n Virtually involving inter national boundaries and multi resources
n Intentionally targeting to fulfill special objective(s)
n Convergence in nature with intelligence efforts.
Mo�ves of Ac�vi�es
1. Thrill Seekers
2. Organized Crime
3. Terrorist Groups
6
Cyberlaw.n Difficult to keep updated as technology trend moves
n Different stories between the rules and enforcement efforts
n Require various infrastructure, superstructure, and resources
n Can be easily “out-tracked” by law practitioners
The Crime Scenes
IT as a Tool
First Cyber Law in Indonesia.
Range of penalty:
Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
6 to 12 years in prison (jail)
starting from
25 March 2008
Main Challenge.
ILLEGAL
“… the distribution of
illegal materials within
the internet …”
ILLEGAL
“… the existence of
source with illegal materials that can be accessed through
Two Way Rela�onship
Cyber Space
Real World
“
Two Way Rela�onship
real interaction real transaction
real resources real people
flow of information flow of product/services
Two Way Rela�onship
Rule of Conduct Mechanism
Cyber Law
“
Classic Defini�on of War
WAR is here to stay…
““Can Cyber Law alone
become the weapon for modern defense
against 21st century
Cyber Warfare & Cyber
impact
Two Way Rela�onship
Cyber Space
impact
Two Way Rela�onship Incidents
Interna�onal Events Published
Books Materials
Interests
Two Way Rela�onship Journalism
Anonymous Interac�on
Provoca�on
The Paradox of Increasing Internet Value
internet
users transac�on value interac�on frequency communi�es spectrum usage objec�ves
+ + + + =
The Internet Value
threats
it means…
Internet Security Issues Domain through connec�ng a set of digital-‐ protocols
All technical components (hardware and so�ware) interact to each other within a complex dependent…
It is a part of business system as transac�ons and interac�ons are being conducted accordingly
Technical Trend Perspec�ve
malicious
code vulnerabili�es spam and spyware phishing and iden�fy the� �me to exploita�on
the phenomena…
the efforts…
Firewalls
An�spyware
An�Virus
So�ware Patches
Web and Email Security
Malware Blocking
Network Access Control
Intrusion Preven�on
Applica�on and Device Control
Business Trend Perspec�ve Regulatory Compliance
Governance Requirements
Management
Enforcement
the strategy…
IT Audit
Technology Compliance
Disaster Recovery Center
Security Management
Backup and Recovery
ISO Compliance
Storage and Backup Management Business Con�ngency Plan
Applica�on and Device Control
Archiving and Reten�on Management
Chief Security Officer
Social Trend Perspec�ve
the characteris�cs…
the choices… Everywhere
Borderless Geography
The Core Rela�onships
People (Social Aspects)
Technology (Technical Aspects)
Converging Trend
T
ECHNICALISSUES
B
USINESS ISSUESS
OCIALInternetworking Dependency
Since the strength of a chain
depends on the weakest link,
Things to Do
Work Philosophy
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Prof. Richardus Eko Indrajit
Chairman of ID-‐SIRTII and APTIKOM
indrajit@post.harvard.edu www.eko-‐indrajit.com