Intro-to-CyberSecurity-Adli-Wahid-APNIC-at-AfSIG-2017-by-NITPAA
advertisement
Introduction to Cyber Security #AFSIG2017 27 APRIL 2017 Let’s Connect! • Adli Wahid o LinkedIn o Twitter: @adliwahid o Blog: https://blog.apnic.net o Email: adli@apnic.net • Current Work • Security Specialist @ APNIC • Board Member – Forum of Incident Response & Security Teams • Cyber Crime Expert Group (INTERPOL) ADLI! What Is Cyber Security? Cyber & Security • Cyber Space o Computer Networks & The Internet o Cyber Space + Underlying Infrastructure o Systems + Data & Information o Services & Users • Enabling Learning, Collaboration, Economic Growth & More! • Security o Protection o Safety o Stability o Free-from-Worry Data & Information Security • Data & Information • Think of transactions & decisions • Emails • Database operations • Medical Device • The CIA • Confidentiality • Integrity • Availability • How do we enable CIA, technologically? • Identity Theft Network Security • IP addresses & AS Numbers • Domain Names • Global Interconnectivity! • Think about • • • • Exposure Access Control Availability Authentication https://en.wikipedia.org/wiki/ARPANET#/media/File:Arpanet_map_1973.jpg Computer / Systems Security • Processing • Storage • Data & Information • Data Centers, Hosting & Cloud Providers • What about Laptops, Mobile Devices & IoTs • Think about • Disruption • Vulnerabilities & Misconfiguration • Physical Security Organisations & Cyber Security • Understand Threats & Vulnerabilities • Risk Management o Increase “Attack Surface” o Protection of Assets o Mobility of Data & Information • Controls to manage risks o Network Controls o OS & System Hardening o Security Policies o Detection & Response • Cyber Security Strategy http://www.worldbackupday.com/en/ History of Cyber Security JICA CERT Training – Jakarta (2016) Recommended Reading • Phreaking o https://en.wikipedia.org/wiki/Phreaking • Viruses o https://antivirus.comodo.com/blog/computer-safety/short-history-computer-viruses/ • 1998 - Morris Worm o https://en.wikipedia.org/wiki/Morris_worm • 1989 - Cuckoo’s Egg -Tracking a Spy Through the Maze of Computer Espionage, Clifford Stoll o https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg • History of DDoS Attack o https://antivirus.comodo.com/blog/computer-safety/short-history-computer-viruses/ • Web Defacement Archives • Attrition .org (no longer active) • Zone-H: http://www.zone-h.org/archive Issues in Cyber Security Sri Lanka CERT Cyber Security Awareness Week (2016) Security Preparedness, Response & CERTs/CSIRTs • Security incidents can cause disruption, destruction & affect reputation • Need to be prepared & have a response plan • Computer Emergency Response Teams / Computer Incident Response Teams (CSIRTs) are dedicated resources for responding to security incidents • Co-ordination at the National Level • Internally with other agencies & enterprise CSIRTs • International organisations • Check out APCERT.org & FIRST.org Cyber Crimes & Cyber Enabled Crimes • Unauthorised Access & Modification of Data • Financial Motivation • Cyber Crime & Cyber-Enable Crime o Malware & Ransomware o Distributed Denial of Service Attack o Fraud o Infrastructure to operate criminal activities • Implications o Laws / Acts / Regulations o Investigation Capabilities o Global Cooperation & Information Sharing • Check out Brian Krebs Blog (Krebs on Security) Surveillance & Privacy • Digital Footprints o Organisations, Network Providers, Governments, Businesses o Marketing (Ads) o Exploiting vulnerabilities in Protocols, software & hardware • Data & information stored o Trust , Insider Attack o Security Assurance • Technology to protect privacy, anonymity, safety o Encryption o TOR “Cyber War” • Critical Infrastructure connected to the Internet o Power Grid o Water Supplies o Internet & Communication Facilities o Banking Systems • Strategic Advantage • Critical Information Infrastructure Protection (CIIP or CNII) o Program to protect Critical Infrastructure Cyber Security Ecosystem Network Operators Law Enforcement Vendors Organizations Individual Users Policy Makers Researchers CERTS/ISACs /CSIRTs 16 Books! Intro To Cyber Security (APNIC Academy) • APNIC Academy • https://academy.apnic.net • Introduction to Cyber Security o Collaboration with JICA o Certificate of attendance upon course completion • Self-Paced E-learning o 5 Modules o Free! 18 Thank You! Adli Wahid o LinkedIn o Twitter: @adliwahid o Blog: https://blog.apnic.net o Email: adli@apnic.net Cyber Security Forum – Bhutan (2016)