Rudi Lumanto

Peran ID-SIRTII di pengamanan infrastruktur internet Indonesia

Seminar Gov CERT

17 Sep 2012

Hotel Sahid

Content

Cyber Space and Threats

1 Kenapa perlu pengamanan ?

2

3

4

Peran ID-SIRTII

Peran ID-SIRTII di pengamanan infrastruktur internet Indonesia

4 Security Awareness &

Social Engineering

Kenapa Perlu Pengamanan ?

Untuk melindungi aset , baik pribadi,

perusahaan ataupun negara

Hardware, software dan INFORMASI (data, ability

and Reputation)

Untuk mendapatkan keunggulan kompetitif

Berapa banyak orang masih mau menggunakan

sebuah sistem online sebuah Bank, jika diketahui

bahwa sistem tersebut pernah di hacked pada masa

lalu ?

Untuk mematuhi persyaratan regulasi

Semakin besarnya dunia cyber dan ancaman

Persyaratan regulasi

Undang Undang :

UU 36/1999 Telekomunikasi :

- Penyelenggara wajib melakukan pengamanan dan perlindungan

pada jaringannya

UU 11/2008 Informasi dan Transaksi Elektronik

- Setiap Penyelenggara Sistem Elektronik harus menyelenggarakan

Sistem Elektronik secara andal dan aman serta bertanggung jawab

terhadap beroperasinya Sistem Elektronik sebagaimana mestinya

- Pemerintah menlindungi kepentingan umum dari segala jenis

gangguan sebagai akibat penyalah gunaan Informasi Elektronik yang

mengganggu ketertiban umum, sesuai ketentuan Peraturan

Perundang-undangan

Persyaratan regulasi Peraturan Pemerintah :

PP 52/2000 :

- Jarigan, sarana dan prasarana telekomunikasi harus dilengkapi

dengan sarana pengamanan dan perlindungan

Peraturan Menteri (PM) & Keputusan Menteri (KM) :

PM 26/PER/M.KOMINFO/5/2007 PM 16/PER/M.KOMINFO/10/2010

tentang Pengamanan Pemanfaatan Jaringan Telekomunikasi Berbasis

IP :

- Penyelenggara wajib melakukan rekaman transaksi koneksi (log file)

- NAP wajib mengaktifkan dan menyediakan fasilitas monitor jaringan

- Warnet dan hotspot wajib mendata setiap pengguna jasa internet

PM 17/PER/M.KOMINFO/10/2010 tentang Struktur Organisasi Kominfo

- Direktorat Telekomunikasi dibidang penyelenggaraan Telekomunikasi

- Direktorat Keamanan Informasi dibidang Keamanan Informasi

- Peningkatan jumlah SDM

keamanan informasi

- Peningkatan jumlah SDM yang

sadar akan keamanan informasi

Perubahan mindset defence in depth

(2)

CYBER

THREATS

(5)

CYBER

CRIME

PRINSIP CYBER SIX

(1)

CYBER

SPACE

(3)

CYBER

ATTACKS

(4)

CYBER

SECURITY

(6)

CYBER

LAW

CYBER SPACE NOW

2.26 Billion

Internet Users 107 Trillion email send

within year

2010, or 293

billion emails

/day

799 million

Facebook

users

68,5 million

tweets

per day

THE BIGGEST MARKET IN THE WORLD

Google search

access / month :

15 mil access (1999)

2,7 Billion (2006)

10 Billion (2010)

CYBER SPACE LIFE STYLE

CARA HIDUP YANG BERBEDA

CARA KOMUNIKASI YANG BERBEDA

CARA BELAJAR YANG BERBEDA

DIGITAL NATIVE

How may times Indonesian User use this ?

Google user number in Indonesia ?

Peran ICT dan Transaksi Elektronik

HOW MUCH VALUE ? BCG report 2012

"The economic impact of the Internet demonstrates that no oneindividual,

business or government can afford to ignore the ability of the Internet to deliver

more value and wealth to more consumers and citizens more broadly than any

economic development since the Industrial Revolution,"

More than two-thirds of Americans said they would go without coffee and 21 percent

would give up sex for a year to stay online.

How much consumers said that they would have to be paid to live without Internet

access ?

U.S. users said theyd need to be paid about $2,500 to give up the Internet for a year.

Turkey users $323

South Africa users $1,215

Brazil users $1,287

France users $4,453

Internet economy will contribute a total of $4.2 trillion to the G-20s total GDP in 2016.

If it were a national economy, it would rank in the worlds top five, behind only the

U.S., China, India, and Japan, and ahead of Germany !!

Indonesian Cyber Space

The number of Internet users in Indonesia is expected to triple by 2015, (or around

146 Million) fueling growth for media companies and phone carriers, (BCG in 2010)

YEAR INTERNET USER

2006 20 Million

2007 25 Million

2008 31 Million

2009 40.4 Million

2010 48,7 Million

Source : IDC, PT Telkom, Nokia Siemens Network.

48 percent of Internet users in Indonesia used a mobile phone to access the Internet,

whereas another 13 percent used other handheld multimedia devices, the highest

dependence on mobile Internet access in Southeast Asia. (Nielsens report 2011)

Internet in Indonesia sat in the second row after television. 89 percent of users

connected to social networking, 72 percent web browsing and 61 percent read the

news. (Yahoo Net Index survey in July 2011)

YEAR INTERNET USER

2000 2 Million

2006 20 Million

2007 25 Million

2008 31 Million

2009 40.4 Million

2010 48,7 Million

2011 55 Million

Source : IDC, PT Telkom, Nokia Siemens Network.

Dalam 10 tahuan, terjadi peningkatan 2600 % !!!

Indonesia Cyber Space

Indonesia Cyber Profile

The number of Internet users in Indonesia is expected to triple by 2015, (or

around 146 Million) fueling growth for media companies and phone carriers,

(BCG in 2010)

48 percent of Internet users in Indonesia used a mobile phone to access the

Internet, whereas another 13 percent used other handheld multimedia devices,

the highest dependence on mobile Internet access in Southeast Asia.

(Nielsens report 2011)

Internet in Indonesia sat in the second row after television. 89 percent of users

connected to social networking, 72 percent web browsing and 61 percent read

the news. (Yahoo Net Index survey in July 2011)

Users Profile

Online Transactions Value

The value of trade transactions conducted via the Internet or online this year is estimated to reach U.S. $ 4.1 billion, growing at about 20.5% of the value of online transactions in the last year.

Indonesian People communicate differently today, people do transaction and trade differently today, and it drives today's threats

and crime !!

Cyber Threats

Bad guys tend to go where the masses go."

Change of Economy

Change of IT

Change of Threats

Company expands globally

E-payment

Server in the cloud

Mobile devices

Gadget

Purpose diversification

Malware, botnet

Zero day attack

APT

2011 Security Threats Report

Symantec blocked a total of over 5.5 billion malware

attacks in 2011, an 81% increase over 2010.

Web based attacks increased by 36% with over 4,500 new

attacks each day.

403 million new variants of malware were created in 2011, a

41% increase of 2010.

39% of malware attacks via email used a link to a web

page.

Mobile vulnerabilities continued to rise, with 315 discovered

in 2011.

Advanced Persistent Threat

usually refers to a group, such as a foreign

government, with both the capability and the

intent to persistently and effectively target a

specific entity

a long-term pattern of sophisticated hacking

attacks aimed at governments, companies, and

political activists, and by extension, also to refer

to the groups behind these attacks.

http://en.wikipedia.org/wiki/Hacking_attackhttp://en.wikipedia.org/wiki/Hacking_attack

Hacking attack dengan botnet berbasis PC

Hacker

2. Infected

Web Server

user

1. infecting

3. Accessing web site

4. Transferring botnet 5. Zombie PC

6. Monitoring and

controlling zombie PC

Penanggulanggan

1. Instal antivirus di pc user

2. Monitoring open port

3. Monitoring traffik

Hacking attack dengan botnet berbasis

smartphone

Hacker

2. Infected

Web Server

user

1. infecting

3. Accessing web site

4. Transferring botnet

5. Zombie smarphone

6. Monitoring and

controlling zombie PC

Target

user

7. Sms attack

Peran ID-SIRTII

Organizationally

ID-SIRTII/CC, ID-CERT, ACADEMIC CERT, GOV-

CERT etc

Systematically & Technologically

Core and Supporting Activities

Monitoring, Discover, Determine and Defend

Socially

Meningkatkan kemampuan dan kesadaran ttg

security

Menjaga dari social engineering

Meningkatkan kegiatan dan kolaborasi internasional

Kegiatan ID-SIRTII

Monitor Internet Traffic

Manage Log Files

Response and Handle Incidents

Establish External and International Collaborations

Run Laboratory for Simulation Practices

Provide Training to Constituency and Stakeholders

Assist Institutions in Managing Security

Educate Public for Security Awareness

Deliver Required Log Files

Analyse Incidents

Report on Incident Handling

Management Process and

Research Vital

Statistics

Supporting Activities

Core Process

Constituencies

Customers

Konstituen

ISPs

NAPs

IXs

Law Enforcement

National Security

Communities

International CSIRTs/CERTs

Government of Indonesia

sponsor ID-SIRTII

The CERTs Topology ID-SIRTII (CC) as National CSIRT

Sector CERT Internal CERT Vendors CERT Community CERT

Bank CERT

Airport CERT

University CERT

GOV CERT

Military CERT

SOE CERT

SME CERT

Telkom CERT

SGU CERT

Police CERT

KPK CERT

CIMB CERT

KPU CERT

Pertamina CERT

Hospital CERT Kominfo CERT

Cisco CERT

Microsoft CERT

Oracle CERT

SUN CERT

IBM CERT

SAP CERT

Yahoo CERT

Google CERT

A CERT

B CERT

C CERT

D CERT

Lemsaneg CERT

PANDI CERT

Security FIRST

Central Bank

CERT

Other CERTs Other CERTs Other CERTs

MONITORING

Deploying a monitoring system by installing some sensors in main traffic route. Topologically the sensors which are located in ISP, NAP and IX are connected to monitoring room in ID SIRTI.

Covering 80% of total internet traffic within the country

Monitoring Process Stage

Discover : to detect the anomaly

of traffic Determine : to analyse if the

anomaly traffic have a potentiality to be an incident

Defend : preventive action in

term of early warning system

Response and handle Incidents

Incident Report

We committed to keep our constituency informed of

potential vulnerabilities, and where possible, will

inform this community of such vulnerabilities before

they are actively exploited.

Incident Handling

Assisting +20 Cyber Crime case with INP as an expert

witness and +50 technical support and incident

analysis/handling.

Conducting Malware Analysis Program Process Explorer

RegShot

TCP View

IDA-Base OllyDbg

WireShark

Malzilla

Firebug

Process Monitor

Enhancing Threat Information Coordination

Enrich the Active List of

RSS Feed

Developing Forensics

Laboratory

Improving Security Technical Training Internal Training

In-House Training

Public Training

We conduct +50 various security training in 2011 i.e. Secure Coding

and Secure Programming, Cyber Crime and Digital Forensic for LEA

Annual National Cyber Exercise (since 2009)

Amazing Drill Test

Managing CSIRT boot camp

Cyber Jawara Competition

Improving Security Awareness

The Amazing Trace strives to deliver 3 key

objectives

Conduct an international exercise of incident

response handling arrangement

Test the communication of contact points

Evaluate the sufficiency of processes and

procedures

Test the technical capabilities

Drill the cross border coordination in

addressing information security incidents

1

2

3

4 5 6

Enable better coordination of CSIRT teams in

addressing cyber incidents

Strengthen coordination in tracking and taking

down attacker (s) 3

1

2

Increasing Collaboration with other

CSIRTs

Member of FIRST, APCERT, OIC-CERT, ANSAC

Member of steering committee of APCERT

Last FIRST-TC in Bali, 29-31 March 2012 Thanks to all FIRST members for your participation

Thank you www.idsirtii.or.id