1 / 26

System and Policy in Korea on cyber attacks

System and Policy in Korea on cyber attacks. 2011.11.28 Jeong Min, Lee KISA. Contents. Korea Cyber Security Framework DDoS Response System Security Monitoring Center Detection Tools DNS Sinkhole Cyber Cure System for Infected PCs DDoS Cyber Shelter DDoS Response Case :

swain
Download Presentation

System and Policy in Korea on cyber attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. System and Policy in Koreaon cyber attacks 2011.11.28 Jeong Min, Lee KISA

  2. Contents • Korea Cyber Security Framework • DDoS Response System • Security Monitoring Center • Detection Tools • DNS Sinkhole • Cyber Cure System for Infected PCs • DDoSCyber Shelter • DDoS Response Case : • 3.4 DDoS in 2011

  3. Korea Cyber Security Framework

  4. Cyber Crisis Response Framework President National Center For Crisis Management Ministry of National Defense Korea Communications Commission National Intelligence Service Defense Security Command KrCERT/CC KNCERT/CC Military Area/each unit Critical Infrastructures in Private Sector Critical Infrastructures in Government/Public Sector

  5. Security Cooperation Framework

  6. Distributed Denial of Service Attack

  7. DDoS Attack Response

  8. Security Monitoring Center

  9. DDoS Nation Wide Anti-DDoS System A ISP B ISP IxRuter IX Router IX(Internet eXchange) Connected Connected DDoS Detection system DDoS Detection system Block or Detour Block or Detour Backbone Router DDoS Attack Traffic DDoS Attack Traffic Normal Traffic Normal Traffic IDC, Internet Biz company, Internet Service Provides, etc IDC, Internet Biz company, Internet Service Provides, etc DDoS Attack Traffic Legitimate Traffic

  10. Detection Tools: Malicious code analysis(Utilize HoneyNet)

  11. Web Hacking Malicious Code Detection (MC-Finder) KISA ISP Web Service Provider SKBroadband MaliciousCode Finding System (MC-Finder) 1. Update detection rule • Check hidden malicious URL in website All Domains registered in Korea (1.8 million) KT T Broad MalicioiusURL (Dissemination, Route) 3.Request to block foreign malicious URL 4.Request to remove malicious URL Staff on duty

  12. DNS Sinkhole : Block BotNet

  13. Cyber Cure System for Infected PCs Target website Cyber cure system Stop! Cure zombie PC DDoS attack 2.Operate cyber cure System 1.Collect infected PC IP Zombie PC ISP Download dedicated vaccine 3.Popup window for notification 4. Dedicated vaccine ISP ISP

  14. DDoSCyber Shelter

  15. Case Study :Success Story of KR DDoSattack countermeasure by KISA

  16. Overview of 3.4 DDoS(1) • 2011.3.4~ 3.15(about 10 days) • Attack Target : 40 institutions • 24 Government and Public institutions • 9 Financial institutions • 7 Portal & Shopping Mall

  17. March and July DDoS attacks are Similar

  18. March DDoS Method is more Intelligent and destructive than July • 3.4 DDoS Attack attempted only attack of disturbing the system network with very high technology, so that this attack is deemed as the testing kind’s prior attack for checking Korea’s state of defense.
 • (Dmitri Alperovitch, vice president of McAfee, DongAIlbo Interview dated on July 9, 2011)

  19. Depending on the response, the attack is continuing to change

  20. Nationwide Cyber Security Alert System

  21. DDoS Nation Wide Anti-DDoS System A ISP B ISP IxRuter IX Router IX(Internet eXchange) Connected Connected DDoS Detection system DDoS Detection system Block or Detour Block or Detour Backbone Router DDoS Attack Traffic DDoS Attack Traffic Normal Traffic Normal Traffic IDC, Internet Biz company, Internet Service Provides, etc IDC, Internet Biz company, Internet Service Provides, etc DDoS Attack Traffic Legitimate Traffic

  22. DDoSCyber Shelter

  23. Cyber Cure System for Infected PCs Target website Cyber cure system Stop! Cure zombie PC DDoS attack 2.Operate cyber cure System 1.Collect infected PC IP Zombie PC ISP Download dedicated vaccine 3.Popup window for notification 4. Dedicated vaccine ISP ISP

  24. Q&A jmlee@kisa.or.kr

  25. THANK YOU!

More Related