1 Cyber Security N SUSHIL KANNAN Jt. Asstt. 9 9 Complexity in Network
Director National Crime Records Bureau Duration : 60 Minutes Cyber Threat Evolution : 10 Cyber Threat Evolution Virus Breaking Web Going about : Sites Malicious Code (Melissa) Advanced Worm / 2 Going about Understanding Information Security Trojan (I LOVE YOU) Identity Theft (Phishing) Safeguarding methodologies Q & A Session Organised Crime Data Theft, DoS / DDoS 1995 2000 2003-04 2005-06 2007-08 1977 What is Cyberspace? : 3 What is Cyberspace? Cyberspace is a worldwide Cyber attacks being observed : network of computers and the equipment that 11 Cyber attacks being observed Web defacement connects them, which by its very design is free and Spam Spoofing Proxy Scan Denial of Service open to the public (the Internet) The problem has Distributed Denial of Service Malicious Codes gotten more prevalent with always-on, high-speed Virus Bots Data Theft and Data Manipulation internet access. Attackers are always out there Identity Theft Financial Frauds Social engineering looking for that type of computer Scams
What is Cyberspace? : Slide 12:
4 What is Cyberspace? As long as your computer 12 12 Incidents reported in 2008 is connected to the internet, that connection can go both ways. The attackers are mostly malicious Trends of Incidents : pranksters, looking to access personal and 13 Trends of Incidents Sophisticated attacks business machines or disrupt net service with virus Attackers are refining their methods and programs proliferated via email, usually just to consolidating assets to create global networks that prove they can. However, there are also more support coordinated criminal activity Rise of Cyber serious attackers out there whose goals could Spying and Targeted attacks Mapping of network, range from mining valuable data (your credit card probing for weakness/vulnerabilities Malware or bank information, design secrets, research propagation through Spam on the rise Storm worm, secrets, etc) to even disrupting critical systems like which is one of the most notorious malware the stock market, power grids, air-traffic controllers programs seen during 2007-08, circulates through programs, and the most dangerous-our nuclear spam weapons Trends of Incidents : Cyberspace as a Battleground? : 14 Trends of Incidents Phishing Increase in cases 5 Cyberspace as a Battleground? Each day, there of fast-flux phishing and rock-phish Domain name is an increase in the number of threats against our phishing and Registrar impersonation Crimeware nation's critical infrastructures. These threats come Targeting personal information for financial frauds in the form of computer intrusion (hacking), denial Information Stealing through social networking of service attacks, and virus deployment. sites Rise in Attack toolkits Toolkits like Mpack and Neospolit can launch exploits for browser and Slide 6: client-side vulnerabilities against users who visit a 6 Web Evolution malicious or compromised sites
Growing Concern : Global Attack Trend :
7 7 Growing Concern Computing Technology has 15 Global Attack Trend Source: Websense turned against us Exponential growth in security incidents Pentagon, US in 2007 Estonia in April Slide 16: 2007 Computer System of German Chancellory 16 16 Top Malicious Code Originating Countries and three Ministries Highly classified computer network in New Zealand & Australia Complex and Three faces of cyber crime : target oriented software Common computing 17 17 Three faces of cyber crime Organized Crime technologies and systems Constant probing and Terrorist Groups Nation States mapping of network systems Slide 18: Slide 8: 18 Security of information & information assets is 8 8 8 Infrastructure in India becoming a major area of concern With every new application, newer vulnerabilities crop up, posing protection of information and its critical elements, immense challenges to those who are mandated to including the systems and hardware that use, protect the IT assets Coupled with this host of legal store, or transmit that information. requirements and international business compliance requirements on data protection and Slide 25: privacy place a huge demand on IT/ITES/BPO 25 Shoulder surfing takes many forms. Some may service organizations We need to generate ‘Trust & not be obvious. Confidence’ Security of Information Assets Slide 26: Virus ProfilesNimda (note the garbage in the 26 Traditional Hacker Profile*: “juvenile, male, subject) : delinquent, computer genius” Modern Hacker 19 Virus ProfilesNimda (note the garbage in the Profile: “age 12-60, male or female, unknown subject) Sircam (note the “personal” text) Both background, with varying technological skill levels. emails have executable attachments with the virus May be internal or external to the organization” payload. The Dilemma of Security : Slide 20: 27 The Dilemma of Security The problem that we 20 Trojan Horse arrives via email or software like cannot get away from in computer security is that free games. Trojan Horse is activated when the we can only have good security if everyone software or attachment is executed. Trojan Horse understands what security means, and agrees with releases virus, monitors computer activity, installs the need for security. Security is a social problem, backdoor, or transmits information to hacker. because it has no meaning until a person defines Trojan horse attack what it means to them. The harsh reality is the following: In practice, most users have little or no Denial of Service Attacks : understanding of security. This is our biggest 21 Denial of Service Attacks In a denial of service security hole. attack, a hacker compromises a system and uses that system to attack the target computer, flooding Slide 28: it with more requests for services than the target 28 Hacker Remote System Computer as Subject of can handle. In a distributed denial of service attack, Crime Computer as Object of Crime Internet hundreds of computers (known as a zombies) are compromised, loaded with DOS attack software Biometrics Devices : and then remotely activated by the hacker. 29 Biometrics Devices
Spamming Attacks : Biometrics Devices :
22 Spamming Attacks Sending out e-mail 30 Biometrics Devices messages in bulk. It’s electronic “junk mail.” Spamming can leave the information system Biometrics Devices : vulnerable to overload. Less destructive, used 31 Biometrics Devices extensively for e-marketing purposes. Machine Overtake Mankind : What Does it Mean- “Security”? : 32 2010 1990 1985 1980 2005 2000 1995 2015 50 23 What Does it Mean- “Security”? “Security” is the 75 100 25 0 % Network Traffic Mankind Machines quality or state of being secure--to be free from Machines 8Bn 90Bn Machine Overtake Mankind danger. But what are the types of security we have 2009 to be concern with? Physical security - addresses the issues necessary to protect the physical items, Internet Security – Concluding Remark : objects or areas of an organization from 33 Internet Security – Concluding Remark “The unauthorized access and misuse. Personal only system which is truly secure is one which is security - addresses the protection of the individual switched off and unplugged, locked in a titanium or group of individuals who are authorized to lined safe, buried in a concrete bunker, and is access the organization and its operations. surrounded by nerve gas and very highly paid Operations security- protection of the details of a armed guards. Even then, I wouldn’t stake my life particular operation or series of activities. on it.” Professor Gene Spafford
What Does it Mean- “Security”? :
24 What Does it Mean- “Security”? Communications security - concerned with the protection of an organization’s communications media, technology, and content. Network security is the protection of networking components, connections, and contents. Information Security –
Radar System Design in Millimeter Wave Technology by Using Bicmos Devices PDF Radar Transceiver and Receiver Design in Millimeter Wave Technology by Using Bicmos Devices PDF