An Overview to
Information Security
and
Security Initiatives in India
Anil Sagar
Additional Director
Indian Computer Emergency Response Team (CERT-In)
Objectives
• Why we need security
• To understand Information Security
• To know Security Initiatives in India
Why Security?
• Polish Teen Faces Charges for
Allegedly Manipulating Train
System (January 11, 2008)
• Barclays Chairman Victim of
Identity Theft (January 10 & 11,
2008)
• Stolen Laptops Hold Nashville
Voter Data (337,000 voters)
(January 3, 2008)
Security: The Need
The consequences of
insufficient security
– Identity theft
– Compromised customer
confidence; loss of business
– Service interruption (e.g., e-mail)
– Loss of competitive advantage
– Equipment theft
– Embarrassing media coverage
– Substantial financial loss
– Legal penalties
What’s at stake?
When connecting to the Internet, three things
are put at risk:
– Data
– Resources
– Reputation
Facebook Widget Installing Spyware
Facebook Widget Installing Spyware
Facebook Widget Installing Spyware
Facebook Widget Installing Spyware
Facebook Widget Installing Spyware
Facebook Widget Installing Spyware
Information Security – CIA
• Confidentiality
– ensuring that information is accessible only to those
authorized to have access
• Integrity
– assurance of accuracy and reliability of information
– unauthorized modification of data is prevented
• Availability
– Information is being accessible and usable upon
demand by an authorized entity
• Non Repudiation
– Verification of the sender and the recipient were, in fact, the parties who
claimed to send or receive the message, respectively
Threats to Information Security
• Confidentiality
– Unauthorised Disclosure
• Integrity
– Unauthorised Alteration
• Availability
– Disruption
Threats
An event, the occurrence of which could have an
undesirable impact on the well-being of an asset.
[ISC2]
International Information Systems Security Certification Consortium
Any circumstances or event that has the potential to
cause harm to a system or network .That means,
that even the existence of a(n unknown) vulnerability
implies a threat by definition.
[CERT]
Vulnerability
• A feature or bug in a system or program
which enables an attacker to bypass
security measures.
• An aspect of a system or network that
leaves it open to attack.
• Absence or weakness of a risk-reducing
safeguard. It is a condition that has the
potential to allow a threat to occur with
greater frequency, greater impact or both.
Threats
Current trend of cyber threats
•
•
•
•
•
•
Targeted attacks
Stealing of data/modification
Identity theft (Phishing)
Spread of malicious code
Distributed Denial of service attacks
Website Defacements
Rapid Development of Cyber Threats
Information Security Management
INFORMATION SECURITY
Confidentiality
Integrity
People
Process
Technology
Availability
Authenticity
Security Policy
Regulatory Compliance
User Awareness Program
Access Control
Security Audit
Incident Response
Encryption, PKI
Firewall, IPS/IDS
Antivirus
What actions need to be taken
• User awareness
– Security portals for user awareness
– Ad campaigns
• Enterprise security
– CSIRTs
• Sectoral cooperation and coordination
– Sectoral CERTs
• National coordination
– CERT-In
• Global coordination
– APCERT, ASEAN, FIRST
Need for cooperation
•
•
•
•
•
•
•
•
Users
Organisations
CSIRTs, CERTs
ISPs
Domain registrars
DNS operators
IT vendors
Law enforcement agencies
Govt. Initiatives
• Formation of CERT-In (January, 2003)
• Nodal agency for
– Responding to security incidents
– Prevention of incidents by means of
generating user awareness
– Promotion of security best pratices
• Coordination at
– Sectoral level
– National level
– International level
CERT-In initiatives
• Directives issued to Govt. and public sector
organisations to
–
–
–
–
Implement ISO 27001 security standard
Perform regular security audits
Shifting of websites onto ‘.in’ name space
Hosting of websites within country
• Empanelment of IT Security auditors
• Creation of awareness by organising training
programs for CISOs, System administrators
• Issuance of security guidelines
CERT-In initiatives
• Collaboration with security vendors like Microsoft,
Redhat, Cisco, Symantec, McAfee, TrendMicro
etc.
• Security surveys and reports
• Created forum on Phishing and Spam
collaboration with CII & other stakeholders
in
• Issued “Securing Home Computers” and “Web
Server Security” Guidelines
• Informative Web Portals created in collaboration
with Microsoft & Redhat for general user
Information Sharing: Stakeholders
CERTs CSIRTs
Vendors
ISPs,
Key Networks
Law
Enforcement
Agencies
Home Users
CERT-In
International
CERTs
Media
---Government
Sector
-Critical Information
Infrastructure
-Corporate Sector
25
International Cooperation
•
•
•
•
•
•
FIRST
APCERT
CERT/CC
US-CERT
JPCERT
Korean CERT
DIT initiatives
• Generation of trained manpower on
Information security
– Master trainers in Information Security (60)
– Short-term/long-term courses in Information
Security
• Certification, Vulnerability Assessment,
training programs in the area of IT
– STQC
DIT initiatives
• R&D projects
–
–
–
–
–
–
Cryptography
Steganography
Network Behavior Analysis
Biometric Authentication
Mobile Security
Cyber Forensics
Indian Website Defaced in Year 2007
4000
No. of Defacements
3500
3387
3000
2500
2000
1693
1500
1000
418
500
209
146
9
1
.net
.info
.name
.biz
0
.com
.in
.org
Dom ains
Security Incidents handled by CERT-In during
2007
Latest attack vectors
• Compromise of popular websites and
subsequent distribution of malware visiting
the website
• Compromise of e-mail accounts and
distribution of malicious attachments to
contact list users
• Collection of user credentials through
keyloggers
Activities of CERT-In
Activities
2003
2004
2005
2006
2007
E-mail messages
received
-
625
1822
1948
3283
Incidents handled
-
23
254
552
1237
Security Alerts/
Incident Notes
4
20
30
48
44
Advisories
17
23
25
50
66
Vulnerability Notes
16
74
120
138
163
Security Guidelines
9
4
2
1
1
White papers
-
3
6
2
2
Trainings
1
7
6
7
6
Indian Website
Defacement tracked
1687
1529
4705
5211
5863
Open Proxy Servers
tracked
-
236
1156
1837
1805
Bot Infected System
tracked
-
-
-
-
25915
Communication channels
• CERT-In website
– About 1460 users visiting the site per day
– Significant increase of site visit during major events
• CERT-In Incident Response Help Desk
– Toll free nos.
• 1800-11-4949 (Voice)
• 1800-11-6969 (FAX)
• CERT-In mailing list
– About 1100 individuals from various national and
international security organizations
•
•
•
•
E-mail
CIOs Database
ISPs
Postal mail
33
Conclusion
Let us work together for a vision. Create
an society in which spam, viruses and
worms, the plagues of modern information
technology are eliminated.
Thank you
Incident Response HelpDesk
Phone: 1800 11 4949
FAX: 1800 11 6969
e-mail: [email protected]
http://www.cert-in.org.in