peran id-sirtii di pengamanan id-sirtii... · cara belajar yang berbeda ... incident handling...
TRANSCRIPT
-
Rudi Lumanto
Peran ID-SIRTII di pengamanan infrastruktur internet Indonesia
Seminar Gov CERT
17 Sep 2012
Hotel Sahid
-
Content
Cyber Space and Threats
1 Kenapa perlu pengamanan ?
2
3
4
Peran ID-SIRTII
Peran ID-SIRTII di pengamanan infrastruktur internet Indonesia
4 Security Awareness &
Social Engineering
-
Kenapa Perlu Pengamanan ?
Untuk melindungi aset , baik pribadi,
perusahaan ataupun negara
Hardware, software dan INFORMASI (data, ability
and Reputation)
Untuk mendapatkan keunggulan kompetitif
Berapa banyak orang masih mau menggunakan
sebuah sistem online sebuah Bank, jika diketahui
bahwa sistem tersebut pernah di hacked pada masa
lalu ?
Untuk mematuhi persyaratan regulasi
Semakin besarnya dunia cyber dan ancaman
-
Persyaratan regulasi
Undang Undang :
UU 36/1999 Telekomunikasi :
- Penyelenggara wajib melakukan pengamanan dan perlindungan
pada jaringannya
UU 11/2008 Informasi dan Transaksi Elektronik
- Setiap Penyelenggara Sistem Elektronik harus menyelenggarakan
Sistem Elektronik secara andal dan aman serta bertanggung jawab
terhadap beroperasinya Sistem Elektronik sebagaimana mestinya
- Pemerintah menlindungi kepentingan umum dari segala jenis
gangguan sebagai akibat penyalah gunaan Informasi Elektronik yang
mengganggu ketertiban umum, sesuai ketentuan Peraturan
Perundang-undangan
-
Persyaratan regulasi Peraturan Pemerintah :
PP 52/2000 :
- Jarigan, sarana dan prasarana telekomunikasi harus dilengkapi
dengan sarana pengamanan dan perlindungan
Peraturan Menteri (PM) & Keputusan Menteri (KM) :
PM 26/PER/M.KOMINFO/5/2007 PM 16/PER/M.KOMINFO/10/2010
tentang Pengamanan Pemanfaatan Jaringan Telekomunikasi Berbasis
IP :
- Penyelenggara wajib melakukan rekaman transaksi koneksi (log file)
- NAP wajib mengaktifkan dan menyediakan fasilitas monitor jaringan
- Warnet dan hotspot wajib mendata setiap pengguna jasa internet
PM 17/PER/M.KOMINFO/10/2010 tentang Struktur Organisasi Kominfo
- Direktorat Telekomunikasi dibidang penyelenggaraan Telekomunikasi
- Direktorat Keamanan Informasi dibidang Keamanan Informasi
-
- Peningkatan jumlah SDM
keamanan informasi
- Peningkatan jumlah SDM yang
sadar akan keamanan informasi
Perubahan mindset defence in depth
-
(2)
CYBER
THREATS
(5)
CYBER
CRIME
PRINSIP CYBER SIX
(1)
CYBER
SPACE
(3)
CYBER
ATTACKS
(4)
CYBER
SECURITY
(6)
CYBER
LAW
-
CYBER SPACE NOW
2.26 Billion
Internet Users 107 Trillion email send
within year
2010, or 293
billion emails
/day
799 million
Facebook
users
68,5 million
tweets
per day
THE BIGGEST MARKET IN THE WORLD
Google search
access / month :
15 mil access (1999)
2,7 Billion (2006)
10 Billion (2010)
-
CYBER SPACE LIFE STYLE
CARA HIDUP YANG BERBEDA
CARA KOMUNIKASI YANG BERBEDA
CARA BELAJAR YANG BERBEDA
DIGITAL NATIVE
-
How may times Indonesian User use this ?
Google user number in Indonesia ?
Peran ICT dan Transaksi Elektronik
-
HOW MUCH VALUE ? BCG report 2012
"The economic impact of the Internet demonstrates that no oneindividual,
business or government can afford to ignore the ability of the Internet to deliver
more value and wealth to more consumers and citizens more broadly than any
economic development since the Industrial Revolution,"
More than two-thirds of Americans said they would go without coffee and 21 percent
would give up sex for a year to stay online.
How much consumers said that they would have to be paid to live without Internet
access ?
U.S. users said theyd need to be paid about $2,500 to give up the Internet for a year.
Turkey users $323
South Africa users $1,215
Brazil users $1,287
France users $4,453
Internet economy will contribute a total of $4.2 trillion to the G-20s total GDP in 2016.
If it were a national economy, it would rank in the worlds top five, behind only the
U.S., China, India, and Japan, and ahead of Germany !!
-
Indonesian Cyber Space
The number of Internet users in Indonesia is expected to triple by 2015, (or around
146 Million) fueling growth for media companies and phone carriers, (BCG in 2010)
YEAR INTERNET USER
2006 20 Million
2007 25 Million
2008 31 Million
2009 40.4 Million
2010 48,7 Million
Source : IDC, PT Telkom, Nokia Siemens Network.
48 percent of Internet users in Indonesia used a mobile phone to access the Internet,
whereas another 13 percent used other handheld multimedia devices, the highest
dependence on mobile Internet access in Southeast Asia. (Nielsens report 2011)
Internet in Indonesia sat in the second row after television. 89 percent of users
connected to social networking, 72 percent web browsing and 61 percent read the
news. (Yahoo Net Index survey in July 2011)
-
YEAR INTERNET USER
2000 2 Million
2006 20 Million
2007 25 Million
2008 31 Million
2009 40.4 Million
2010 48,7 Million
2011 55 Million
Source : IDC, PT Telkom, Nokia Siemens Network.
Dalam 10 tahuan, terjadi peningkatan 2600 % !!!
Indonesia Cyber Space
-
Indonesia Cyber Profile
The number of Internet users in Indonesia is expected to triple by 2015, (or
around 146 Million) fueling growth for media companies and phone carriers,
(BCG in 2010)
48 percent of Internet users in Indonesia used a mobile phone to access the
Internet, whereas another 13 percent used other handheld multimedia devices,
the highest dependence on mobile Internet access in Southeast Asia.
(Nielsens report 2011)
Internet in Indonesia sat in the second row after television. 89 percent of users
connected to social networking, 72 percent web browsing and 61 percent read
the news. (Yahoo Net Index survey in July 2011)
-
Users Profile
-
Online Transactions Value
The value of trade transactions conducted via the Internet or online this year is estimated to reach U.S. $ 4.1 billion, growing at about 20.5% of the value of online transactions in the last year.
Indonesian People communicate differently today, people do transaction and trade differently today, and it drives today's threats
and crime !!
-
Cyber Threats
Bad guys tend to go where the masses go."
Change of Economy
Change of IT
Change of Threats
Company expands globally
E-payment
Server in the cloud
Mobile devices
Gadget
Purpose diversification
Malware, botnet
Zero day attack
APT
-
2011 Security Threats Report
Symantec blocked a total of over 5.5 billion malware
attacks in 2011, an 81% increase over 2010.
Web based attacks increased by 36% with over 4,500 new
attacks each day.
403 million new variants of malware were created in 2011, a
41% increase of 2010.
39% of malware attacks via email used a link to a web
page.
Mobile vulnerabilities continued to rise, with 315 discovered
in 2011.
-
Advanced Persistent Threat
usually refers to a group, such as a foreign
government, with both the capability and the
intent to persistently and effectively target a
specific entity
a long-term pattern of sophisticated hacking
attacks aimed at governments, companies, and
political activists, and by extension, also to refer
to the groups behind these attacks.
http://en.wikipedia.org/wiki/Hacking_attackhttp://en.wikipedia.org/wiki/Hacking_attack
-
Hacking attack dengan botnet berbasis PC
Hacker
2. Infected
Web Server
user
1. infecting
3. Accessing web site
4. Transferring botnet 5. Zombie PC
6. Monitoring and
controlling zombie PC
Penanggulanggan
1. Instal antivirus di pc user
2. Monitoring open port
3. Monitoring traffik
-
Hacking attack dengan botnet berbasis
smartphone
Hacker
2. Infected
Web Server
user
1. infecting
3. Accessing web site
4. Transferring botnet
5. Zombie smarphone
6. Monitoring and
controlling zombie PC
Target
user
7. Sms attack
-
Peran ID-SIRTII
Organizationally
ID-SIRTII/CC, ID-CERT, ACADEMIC CERT, GOV-
CERT etc
Systematically & Technologically
Core and Supporting Activities
Monitoring, Discover, Determine and Defend
Socially
Meningkatkan kemampuan dan kesadaran ttg
security
Menjaga dari social engineering
Meningkatkan kegiatan dan kolaborasi internasional
-
Kegiatan ID-SIRTII
Monitor Internet Traffic
Manage Log Files
Response and Handle Incidents
Establish External and International Collaborations
Run Laboratory for Simulation Practices
Provide Training to Constituency and Stakeholders
Assist Institutions in Managing Security
Educate Public for Security Awareness
Deliver Required Log Files
Analyse Incidents
Report on Incident Handling
Management Process and
Research Vital
Statistics
Supporting Activities
Core Process
Constituencies
Customers
-
Konstituen
ISPs
NAPs
IXs
Law Enforcement
National Security
Communities
International CSIRTs/CERTs
Government of Indonesia
sponsor ID-SIRTII
-
The CERTs Topology ID-SIRTII (CC) as National CSIRT
Sector CERT Internal CERT Vendors CERT Community CERT
Bank CERT
Airport CERT
University CERT
GOV CERT
Military CERT
SOE CERT
SME CERT
Telkom CERT
SGU CERT
Police CERT
KPK CERT
CIMB CERT
KPU CERT
Pertamina CERT
Hospital CERT Kominfo CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
B CERT
C CERT
D CERT
Lemsaneg CERT
PANDI CERT
Security FIRST
Central Bank
CERT
Other CERTs Other CERTs Other CERTs
-
MONITORING
Deploying a monitoring system by installing some sensors in main traffic route. Topologically the sensors which are located in ISP, NAP and IX are connected to monitoring room in ID SIRTI.
Covering 80% of total internet traffic within the country
-
Monitoring Process Stage
Discover : to detect the anomaly
of traffic Determine : to analyse if the
anomaly traffic have a potentiality to be an incident
Defend : preventive action in
term of early warning system
-
Response and handle Incidents
Incident Report
We committed to keep our constituency informed of
potential vulnerabilities, and where possible, will
inform this community of such vulnerabilities before
they are actively exploited.
Incident Handling
Assisting +20 Cyber Crime case with INP as an expert
witness and +50 technical support and incident
analysis/handling.
-
Conducting Malware Analysis Program Process Explorer
RegShot
TCP View
IDA-Base OllyDbg
WireShark
Malzilla
Firebug
Process Monitor
-
Enhancing Threat Information Coordination
Enrich the Active List of
RSS Feed
-
Developing Forensics
Laboratory
-
Improving Security Technical Training Internal Training
In-House Training
Public Training
-
We conduct +50 various security training in 2011 i.e. Secure Coding
and Secure Programming, Cyber Crime and Digital Forensic for LEA
Annual National Cyber Exercise (since 2009)
Amazing Drill Test
Managing CSIRT boot camp
Cyber Jawara Competition
Improving Security Awareness
-
The Amazing Trace strives to deliver 3 key
objectives
Conduct an international exercise of incident
response handling arrangement
Test the communication of contact points
Evaluate the sufficiency of processes and
procedures
Test the technical capabilities
Drill the cross border coordination in
addressing information security incidents
1
2
3
4 5 6
Enable better coordination of CSIRT teams in
addressing cyber incidents
Strengthen coordination in tracking and taking
down attacker (s) 3
1
2
-
Increasing Collaboration with other
CSIRTs
Member of FIRST, APCERT, OIC-CERT, ANSAC
Member of steering committee of APCERT
-
Last FIRST-TC in Bali, 29-31 March 2012 Thanks to all FIRST members for your participation
-
Thank you www.idsirtii.or.id