2. Security Quotes
The only system which is truly secure is one which is switched off
and unplugged, locked in a titanium safe, buried in a concrete
bunker, and is surrounded by nerve gas and very highly paid
armed guards. Even then, I wouldn’t stake my life on it.
(By Professor Gene Spafford)
In security matters,
there is nothing like absolute security”
“We are only trying to build comfort levels, because security costs
money and lack of it costs much more”
“Comfort level is a manifestation of efforts as well as a realization of
their effectiveness & limitations’
3. Cyber world – Current Scenario
Advances in information and communications technologies have
revolutionised government scientific , educational and commercial
infrastructures.
The IT infrastructure has become integral part of the critical infrastructure
which supports national capabilities such as power grids, emergency
communication systems, financial systems , defence systems and air traffic
control networks. The operational stability and security of critical
information infrastructure is vital for economic security of the country.
It also enables large scale processes through out the economy by facilitating
complex interactions among individuals, organisations and systems across
global networks for trade and economic requirements.
4. Technology trends
Increasing complexity of IT systems and networks will mount security
challenges for both providers and consumers.
The evolving nature of the telecommunications infrastructure, as the
traditional phone systems and IT networks converge into a more
unified architecture.
The expanding wireless connectivity to individual computers and
networks making it increasingly difficult to determine the physical and
logical boundaries of networks.
The increasing interconnectivity and accessibility (and consequently
risk) to computer based systems that are critical to country’s economy.
5. 01 Dec 2007
Security trends and challenges beyond 2008
Sophistication of
Hacker
Tools
1990
1980
Packet Forging/ Spoofing
Password Guessing
Self Replicating Code
Password
Cracking
Exploiting Known
Vulnerabilities
Disabling
Audits
Back Doors
Hijacking
Sessions
Sweepers
Sniffers
Stealth Diagnostics
Technical
Knowledge
Required
High
Low
2006
Information Security – General trends
6. Mischievous activities in cyber space have expanded from novice geeks to
organized criminal gangs that are going Hi-tech
Recent studies reveal three major findings:
Growing threat to national security - web espionage becomes
increasingly advanced. Well-funded and well-organized operations
aimed at not only financial, but also political or technical gain
Increasing threat to online services – affecting individuals
and industry because of growth of sophistication of attack
techniques
Emergence of a sophisticated market for software flaws –
that can be used to carry out espionage and attacks on Govt. and
Critical information infrastructure. Findings indicate a blurred line
between legal and illegal sales of software vulnerabilities
Global Cyber security Trends – The next wave
7. There are signs that intelligence agencies around the world are constantly
probing others’ networks and developing new ways to gather intelligence
Internet has become an weapon for political, military and economic espionage
Organized cyber attacks have been witnessed
Pentagon, US in
Estonia in April 2007
Computer systems of German Chancellery and three Ministries
E-mail accounts at National Informatics Centre, India
Highly classified Govt. computer networks in New Zealand & Australia
The software used to carry out these attacks indicate that they were clearly designed & tested with much
greater resources than usual individual hackers.
Most Govt. agencies and companies around the world use common computing technologies & systems that
are frequently penetrated by criminal hackers and malware.
Traditional protective measures are not enough to protect against attacks such as those on Estonia, as the
complexity and coordination in using the botnets was totally new. National networks with less
sophistication in monitoring and defense capabilities could face serious problems to National security.
Threats to National security
8. Given the exponential growth in social networking sites, social engineering may
shortly become the easiest & quickest way to commit ID theft
Online services are becoming prime targets for cyber criminals
Cyber criminals continue to refine their means of deceit as well as their victims In
summary, the global threats affecting users are:
New & sophisticated forms of attacks.
Attacks targeting new technologies, such as VoIP (vishing – phishing via VoIP &
phreaking – hacking tel networks to make free long distance calls) and peer-to-peer
services.
Attacks targeting online social networks.
Attacks targeting online services, particularly online banking services.
Threats to Online services
9. Cyber crime – Most common forms
Hacking – Unauthorised attempts to bypass the security
mechanism of an information system or network.
Data theft ( using flash/pen drives, digital cameras).
Virus or worms, Malware or Trojan horses.
Identity Theft
E- mail spoofing
Botnets and Zombies
Scareware
10. Survival
“It is not the strongest of the species that survive,
nor the most intelligent, but the one most
responsive to change.
Charles Darwin
Q &A