Peran ID-SIRTII di pengamanan infrastruktur internet Indonesia
Rudi Lumanto Seminar Gov CERT 17 Sep 2012 Hotel Sahid
Peran ID-SIRTII di pengamanan infrastruktur internet Indonesia
Content 1
Kenapa perlu pengamanan ?
2
Cyber Space and Threats
3 4 4
Peran ID-SIRTII Security Awareness & Social Engineering
Kenapa Perlu Pengamanan ? Untuk melindungi aset , baik pribadi, perusahaan ataupun negara Hardware, software dan INFORMASI (data, ability and Reputation)
Untuk mendapatkan keunggulan kompetitif Berapa banyak orang masih mau menggunakan sebuah sistem online sebuah Bank, jika diketahui bahwa sistem tersebut pernah di hacked pada masa lalu ?
Untuk mematuhi persyaratan regulasi Semakin besarnya dunia cyber dan ancaman
Persyaratan regulasi Undang Undang : UU 36/1999 Telekomunikasi : - Penyelenggara wajib melakukan pengamanan dan perlindungan pada jaringannya UU 11/2008 Informasi dan Transaksi Elektronik - Setiap Penyelenggara Sistem Elektronik harus menyelenggarakan Sistem Elektronik secara andal dan aman serta bertanggung jawab terhadap beroperasinya Sistem Elektronik sebagaimana mestinya - Pemerintah menlindungi kepentingan umum dari segala jenis gangguan sebagai akibat penyalah gunaan Informasi Elektronik yang mengganggu ketertiban umum, sesuai ketentuan Peraturan Perundang-undangan
Persyaratan regulasi Peraturan Pemerintah : PP 52/2000 : - Jarigan, sarana dan prasarana telekomunikasi harus dilengkapi dengan sarana pengamanan dan perlindungan
Peraturan Menteri (PM) & Keputusan Menteri (KM) : PM 26/PER/M.KOMINFO/5/2007 PM 16/PER/M.KOMINFO/10/2010 tentang Pengamanan Pemanfaatan Jaringan Telekomunikasi Berbasis IP : - Penyelenggara wajib melakukan rekaman transaksi koneksi (log file) - NAP wajib mengaktifkan dan menyediakan fasilitas monitor jaringan - Warnet dan hotspot wajib mendata setiap pengguna jasa internet PM 17/PER/M.KOMINFO/10/2010 tentang Struktur Organisasi Kominfo - Direktorat Telekomunikasi dibidang penyelenggaraan Telekomunikasi - Direktorat Keamanan Informasi dibidang Keamanan Informasi
- Peningkatan jumlah SDM keamanan informasi - Peningkatan jumlah SDM yang sadar akan keamanan informasi Perubahan mindset defence in depth
PRINSIP CYBER SIX (1) CYBER SPACE
(4) CYBER SECURITY
(2) CYBER THREATS
(5) CYBER CRIME
(3) CYBER ATTACKS
(6) CYBER LAW
CYBER SPACE NOW Google search access / month : 15 mil access (1999) 2,7 Billion (2006) 10 Billion (2010)
107 Trillion email send within year 2010, or 293 billion emails /day
2.26 Billion Internet Users 799 million Facebook users
THE BIGGEST MARKET IN THE WORLD
68,5 million tweets per day
CYBER SPACE LIFE STYLE CARA KOMUNIKASI YANG BERBEDA
CARA BELAJAR YANG BERBEDA
CARA HIDUP YANG BERBEDA
DIGITAL NATIVE
Peran ICT dan Transaksi Elektronik
Google user number in Indonesia ? How may times Indonesian User use this ?
HOW MUCH VALUE ? BCG report 2012
"The economic impact of the Internet demonstrates that no one—individual, business or government — can afford to ignore the ability of the Internet to deliver more value and wealth to more consumers and citizens more broadly than any economic development since the Industrial Revolution," Internet economy will contribute a total of $4.2 trillion to the G-20’s total GDP in 2016. “If it were a national economy, it would rank in the world’s top five, behind only the U.S., China, India, and Japan, and ahead of Germany !! More than two-thirds of Americans said they would go without coffee and 21 percent would give up sex for a year to stay online. How much consumers said that they would have to be paid to live without Internet access ? U.S. users said they’d need to be paid about $2,500 to give up the Internet for a year. Turkey users $323 South Africa users $1,215 Brazil users $1,287 France users $4,453
Indonesian Cyber Space YEAR
INTERNET USER
2006
20 Million
2007
25 Million
2008
31 Million
2009
40.4 Million
2010
48,7 Million Source : IDC, PT Telkom, Nokia Siemens Network.
The number of Internet users in Indonesia is expected to triple by 2015, (or around 146 Million) fueling growth for media companies and phone carriers, (BCG in 2010) 48 percent of Internet users in Indonesia used a mobile phone to access the Internet, whereas another 13 percent used other handheld multimedia devices, the highest dependence on mobile Internet access in Southeast Asia. (Nielsen’s report 2011) Internet in Indonesia sat in the second row after television. 89 percent of users connected to social networking, 72 percent web browsing and 61 percent read the news. (Yahoo Net Index survey in July 2011)
Indonesia Cyber Space YEAR
INTERNET USER
2000
2 Million
2006
20 Million
2007
25 Million
2008
31 Million
2009
40.4 Million
2010
48,7 Million
2011
55 Million Source : IDC, PT Telkom, Nokia Siemens Network.
Dalam 10 tahuan, terjadi peningkatan 2600 % !!!
Indonesia Cyber Profile
The number of Internet users in Indonesia is expected to triple by 2015, (or around 146 Million) fueling growth for media companies and phone carriers, (BCG in 2010)
48 percent of Internet users in Indonesia used a mobile phone to access the Internet, whereas another 13 percent used other handheld multimedia devices, the highest dependence on mobile Internet access in Southeast Asia. (Nielsen’s report 2011) Internet in Indonesia sat in the second row after television. 89 percent of users connected to social networking, 72 percent web browsing and 61 percent read the news. (Yahoo Net Index survey in July 2011)
Users Profile
Online Transactions Value The value of trade transactions conducted via the Internet or online this year is estimated to reach U.S. $ 4.1 billion, growing at about 20.5% of the value of online transactions in the last year.
Indonesian People communicate differently today, people do transaction and trade differently today, and it drives today's threats and crime !!
Cyber Threats “Bad guys tend to go where the masses go." Change of Threats Change of IT Change of Economy Company expands globally E-payment
Server in the cloud Mobile devices Gadget
Purpose diversification Malware, botnet Zero day attack APT
2011 Security Threats Report • Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010. • •Web based attacks increased by 36% with over 4,500 new attacks each day.
• 403 million new variants of malware were created in 2011, a 41% increase of 2010. • 39% of malware attacks via email used a link to a web page. •Mobile vulnerabilities continued to rise, with 315 discovered in 2011.
Advanced Persistent Threat usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity a long-term pattern of sophisticated hacking attacks aimed at governments, companies, and political activists, and by extension, also to refer to the groups behind these attacks.
Hacking attack dengan botnet berbasis PC 3. Accessing web site 5. Zombie PC 4. Transferring botnet 2. Infected Web Server
user
1. infecting 6. Monitoring and controlling zombie PC
Hacker
Penanggulanggan 1. Instal antivirus di pc user 2. Monitoring open port 3. Monitoring traffik
Hacking attack dengan botnet berbasis smartphone user 3. Accessing web site
4. Transferring botnet 5. Zombie smarphone 2. Infected Web Server 1. infecting
7. Sms attack 6. Monitoring and controlling zombie PC
Hacker
Target user
Peran ID-SIRTII Organizationally ID-SIRTII/CC, ID-CERT, ACADEMIC CERT, GOVCERT etc
Systematically & Technologically Core and Supporting Activities Monitoring, Discover, Determine and Defend
Socially Meningkatkan kemampuan dan kesadaran ttg security Menjaga dari social engineering Meningkatkan kegiatan dan kolaborasi internasional
Kegiatan ID-SIRTII Core Process Monitor Internet Traffic
Analyse Incidents Response and Handle Incidents Deliver Required Log Files
Manage Log Files
Report on Incident Handling Management Process and Research Vital Statistics
Constituencies
Supporting Activities
Educate Public for Security Awareness Assist Institutions in Managing Security Provide Training to Constituency and Stakeholders Run Laboratory for Simulation Practices Establish External and International Collaborations
Customers
Konstituen
ISPs NAPs
Law Enforcement
IXs sponsor Government of Indonesia
ID-SIRTII
National International Security CSIRTs/CERTs Communities
The CERTs Topology ID-SIRTII (CC) as National CSIRT
Sector CERT
Internal CERT
Vendors CERT
Community CERT
Bank CERT
Telkom CERT
Cisco CERT
A CERT
Airport CERT
SGU CERT
Microsoft CERT
B CERT
University CERT
Police CERT
Oracle CERT
C CERT
GOV CERT
KPK CERT
SUN CERT
D CERT
Military CERT
CIMB CERT
IBM CERT
Lemsaneg CERT
SOE CERT
KPU CERT
SAP CERT
PANDI CERT
SME CERT
Pertamina CERT
Yahoo CERT
Security FIRST
Hospital CERT
Kominfo CERT
Google CERT
Central Bank CERT
Other CERTs
Other CERTs
Other CERTs
MONITORING Deploying a monitoring system by installing some sensors in main traffic route. Topologically the sensors which are located in ISP, NAP and IX are connected to monitoring room in ID SIRTI.
Covering 80% of total internet traffic within the country …
Monitoring Process Stage Discover : to detect the anomaly of traffic Determine : to analyse if the anomaly traffic have a potentiality to be an incident Defend : preventive action in term of early warning system
Response and handle Incidents Incident Report We committed to keep our constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited. Incident Handling Assisting +20 Cyber Crime case with INP as an expert witness and +50 technical support and incident analysis/handling.
Conducting Malware Analysis Program Process Explorer
IDA-Base
OllyDbg
TCP View
RegShot
WireShark
Malzilla
Process Monitor
Firebug
Enhancing Threat Information Coordination
Enrich the Active List of
RSS Feed
Developing Forensics Laboratory
Improving Security Technical Training Internal Training
In-House Training
Public Training
Improving Security Awareness We conduct +50 various security training in 2011 i.e. Secure Coding and Secure Programming, Cyber Crime and Digital Forensic for LEA Annual National Cyber Exercise (since 2009) Amazing Drill Test Managing CSIRT boot camp Cyber Jawara Competition
The Amazing Trace strives to deliver 3 key objectives… 1
Enable better coordination of CSIRT teams in addressing cyber incidents
1 2 3 4 5 6
3
2
Conduct an international exercise of incident response handling arrangement • Test the communication of contact points • Evaluate the sufficiency of processes and procedures • Test the technical capabilities • Drill the cross border coordination in addressing information security incidents
Strengthen coordination in tracking and taking down attacker (s)
Increasing Collaboration with other CSIRTs Member of FIRST, APCERT, OIC-CERT, ANSAC
Member of steering committee of APCERT
Last FIRST-TC in Bali, 29-31 March 2012 “Thanks to all FIRST members for your participation…”
Thank you www.idsirtii.or.id
