rl-internet protection and safety

INTERNET PROTECTION & SAFETY

Rudi LumantoID-SIRTII/CC

APJII Open Policy Meeting 30/5/2016 - Swiss Belhotel , Batam

1

CONTENTS

• About ID-SIRTII/CC

• Understanding Threat Landscape

• Protecting National Network

2 Rudi Lumanto - APJII-OPM May 2016

ABOUT ID-SIRTII/CC

www.idsirtii.or.id3 Rudi Lumanto - APJII-OPM May 2016

ABOUT ID-SIRTII/CC


ID-SIRTII/CC PROFILE

RnD

Chair

DataCenterand

Applica1on

Monitoringand

Opera1on

ExternalCollabora1on

Educa1onand

Socializa1on


CYBER SIX OF INTERNET

A"ack

Vulnerability

Threat

Cyberspace

Cyberthreat

Cybera.ackCyberSecurity

CyberCrime

CyberLaw

Cyberespionage

CyberDefence

CyberWar

SosmedOpini

SosmedSecurity

SosmedWar

Cyber Six Principle


Threat❖ Anything that can disrupt the operation, functioning, integrity or

availability of information system

❖ Stand alone threats

❖ Threat arise without any connection to other system, ex: virus, password cracker

❖ Human threat

❖ Connection/Network threats

❖ Threat arise because of connection to other system


Malware threats

40 thousands to 140 thousands of infected machines in just two month (7-9/2013)

Top Countries infected worldwide (2015-1-6)


Threat EvolutionAttack Sophistication vs Intruder Technical Knowledge


Seven year old

11minutestohackwifi


University student❖ Harvard University student who

emailed a bomb threat around campus

❖ he was using anonymous web browser Tor to hide his identity

❖ he also reportedly used a service called Guerrilla Mail that creates temporary and anonymous email addresses for free.


Threat location


from threat to attack


From threat to attack

HANYA MASALAH WAKTU

ANCAMAN SERANGANLubang Penghubung

Vulnerabilities14 Rudi Lumanto - APJII-OPM May 2016

Vulnerability❖ Weakness in the design, configuration or implementation and

management of a computer system that renders it susceptible to a threat

❖ ISO 27005 definition

❖ A weakness of an asset or group of assets that can be exploited by one or more threats

❖ IETF RFC 2828 definition

❖ A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy


Vulnerability❖ What is the current threat environment?

❖ Organizations are realizing that traditional vulnerability-based risk management strategies are failing due to the massive number of zero-day vulnerabilities in an ever evolving and expanding technology industry.

❖ CVE and OSVDB presented their vulnerability statistics

❖ percentage (5%) of vulnerabilities in any piece of software. They only know about a very small .This means that we are running systems with 95% zero-day vulnerabilities.


Total protection ?

Theonlytrulysecuresystemisonethatispoweredoff,castinablockofconcreteandsealedinalead-linedroomwitharmedguards-andeventhenIhavemydoubts(EugeneH.Spafford)


Indonesia 2015


INTERNET PROTECTIONany countermeasure taken to protect asset from threats and attacks

Assets is anything that have a value in the organization. Ex: data and information, user or people, infrastructure or media (hardware/software)

19Rudi Lumanto - APJII-OPM May 2016

OBJECT OF PROTECTION


COUNTERMEASURE

Meningkatkan kesadaran akan ancaman (security mindset)

Memperbaiki perlindungan terhadap aset nasional

Membangun daya resiliensi dan Strateginya


Comprehensive Security Management Process : Plan-Protect-Respond

Risk Management Disaster Recovery


SCOPE OF PROTECTION

Cyber Security

Global Scope Economic value

Cyber Crime

Cyber Defense

Strategic Scope State Sovereignty value

Cyber War

Kemenko polhukam Kemenhan

Kemenkominfo Kepolisian

Both have same function, like brakes in the car cyber space will slow down or go fast.

But different object of protection


PROTECTING ZONE

CapacityBuilding

Policy&LegalFramework

Organiza;onalstructure

Technical&opera;onalmeasures

Interna;onalcoopera;on Building

Safe&SecureCyber

Environment

State sovereignty zone

Economic zone


PROTECTING LEVEL

Law/Regula*on

StrategicLevelorganiza*on

Tac*callevelorganiza*on

Opera*onallevelorganiza*on

DomainClassifica*on(Cri*calInfrastructure)

INTE

RN

ATIO

NA

L C

OO

PE

RAT

ION

CA

PAC

ITY

BU

ILD

ING

ME

AS

UR

E A

ND

CO

NTR

OL

Melakukan monitoring, analisa, report : NATIONAL CERT, SECTORAL CERTs, SOC, National Cyber Capacity Building Committee, Security Awareness Promotion Committee etc

Menyusun dan menjalankan strategi, program dan rencana aksi : National Cyber Defense Coordination Team, Cyber Intelligent

Merumuskan kebijakan dan strategi, prioritas dan kordinasi nasional: National Cyber Defense Council, Cyber Security Office etc


Capacity Building through Empowering people

§ APCERTDrillTest§ OICCERTDrillTest§ ACIDDrillTrace

Interna'onalDrillTest:

§ CyberJawara§ CyberSeaGames

Compe''on:

Na'onalDrillTest:§ Id-SIRTII/CCDrillTest§ AmazingTrace



HostCyberSEAGames2015

ItisASEANcyber-securityteamcompe66on.ItpitsteamsfromalloverASEANMemberStates(AMS)tocompeteinaseriesCapturetheFlagcompe66ons.



§  SecurityAssessment§  DataProtec2on§  Monitoring&Incident

Handling§  NetworkForensic§  DataProtec2on§  PerimeterSecurity§  WirelessSecurity§  WorkshopDataCenter

SecuritywithOSSoCware

PublicTrainingTopics:

TrainingPar1cipant:

§  DigitalForensic§  DNSSecurity§  AndroidMalwareAnalyzing§  SecureProgramming§  Server&WebSecurity§  NetworkRou2ngMul2plaHorm

OSPF*


rl-internet protection and safety

Documents