1 / 23

Cyber Security : Indian perspective

Cyber Security : Indian perspective. Internet Infrastructure in INDIA. 2. 2. Innovation fostering the Growth of NGNs. Smart devices Television Computers PDA Mobile Phone ( Single device to provide an end-to-end, seamlessly secure access) Application Simplicity

snana
Download Presentation

Cyber Security : Indian perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security : Indian perspective

  2. Internet Infrastructure in INDIA 2 2

  3. Innovation fostering the Growth of NGNs • Smart devices • Television • Computers • PDA • Mobile Phone (Single device to provide an end-to-end, seamlessly secure access) • Application Simplicity • Preference of single, simple and secure interface to access applications or content • Ubiquitous interface - web browser • Flexible Infrastructure Because of these areas of evolution, today’s NGNs are defined more by the services they support than by traditional demarcation of Physical Infrastructure.

  4. The Emergence of NGNs • The communication network operating two years ago are father’s telecommunication Network. • NGNs are teenager’s Network. • No longer consumer and business accept the limitation of single-use device or network. • Both individuals and Business want the ability to communicate, work and be entertained over any device, any time, anywhere. • The demand of these services coupled with innovation in technology is advancing traditional telecommunication far outside its original purpose.

  5. Challenges for Network Operator • Business challenges include new Pricing Structure, new relationship and new competitors. • Technical challenges include migrating and integrating with new advances in technologies from fibre optics, installation of Wi-Fi support. • Developing a comprehensive Security Policy and architecture in support of NGN services.

  6. NGN Architecture Identify Layer Compromises of end users owned by a telecom or a third-party service provider accessing services using devices like PC, PDA or mobile phone, to connect to the Internet Partly Trusted Untrusted Internet Third-Party Application Service Layer Hosts service applications and provides a framework for the creation of customer-focused services provided by either operator or a third-party service provider Web Tier Service Provider Application Service Delivery Platform Network Layer Performs service execution, service management, network management and media control functions Connects with the backbone network Service Delivery Platform (Service Provider ) Common Framework Backbone Network

  7. Cyber Threat Evolution Malicious Code (Melissa) Identity Theft (Phishing) Virus Advanced Worm / Trojan (I LOVE YOU) Organised Crime Data Theft, DoS / DDoS Breaking Web Sites 1977 1995 2000 2005-06 2007-08 2003-04

  8. Cyber attacks being observed Web defacement Spam Spoofing Proxy Scan Denial of Service Distributed Denial of Service Malicious Codes Virus Bots Data Theft and Data Manipulation Identity Theft Financial Frauds Social engineering Scams

  9. Security Incidents reported during 2008

  10. Global Attack Trend Source: Websense

  11. Top originating countries – Malicious code

  12. Three faces of cyber crime • Organised Crime • Terrorist Groups • Nation States

  13. Security of Information Assets • Security of information & information assets is becoming a major area of concern • With every new application, newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets • Coupled with this host of legal requirements and international business compliance requirements on data protection and privacy place a huge demand on IT/ITES/BPO service organizations • We need to generate ‘Trust & Confidence’

  14. Challenges before the Industry

  15. Model Followed Internationally • Internationally, the general approach has been to have legal drivers supported by suitable verification mechanism. • For example, in USA Legal drivers have been • SOX • HIPPA • GLBA • FISMA etc. • In Europe, the legal driver has been the “Data Protection Act” supported by ISO27001 ISMS.

  16. Information Security Management INFORMATION SECURITY Availability Confidentiality Integrity Authenticity Security Policy People Regulatory Compliance User Awareness Program Access Control Process Security Audit Incident Response Encryption, PKI Firewall, IPS/IDS Technology Antivirus

  17. Status of security and quality compliance in India • Quality and Security • Large number of companies in India have aligned their internal process and practices to international standards such as • ISO 9000 • CMM • Six Sigma • Total Quality Management • Some Indian companies have won special recognition for excellence in quality out of 18 Deming Prize winners for Total Quality Management in the last five years, six are Indian companies.

  18. ISO 27001/BS7799 Information Security Management • Government has mandated implementation of ISO27001 ISMS by all critical sectors • ISMS 27001 has mainly three components • Technology • Process • Incident reporting and monitoring • 296 certificates issued in India out of 7735 certificates issued worldwide • Majority of certificates issued in India belong to IT/ITES/BPO sector

  19. Information Technology – Security Techniques Information Security Management System World China Italy Japan Spain India USA ISO 9000 951486 210773 115309 73176 65112 46091 36192 (175 counties) 27001 7732 146 148 276 93 296 94

  20. Distributed Honeypot Deployment

  21. PC & End User Security: Auto Security Patch Update Windows Security Patch Auto Update Microsoft Download Ctr. Internet ActiveX DL Server No. of Download ActiveX: 18 Million Sec. Patch ActiveX Site

  22. PC & End User Security Incident Response Help Desk Internet PSTN • Make a call using 1800 – 11 - 4949 • Send fax using 1800 – 11 - 6969 • Communicate through email at incident@cert-in.org.in • Number of security incidents handled during 2008 (till Oct): 1425 • Vulnerability Assessment Service

More Related