성남산업진흥재단-KAIST 산학협력단협력사업 · (1-2) KAIST 기술DB 운영 • KAIST 논문, 특허, 연구자정보등을쉽게검색할수있는KAIST 기술DB 구축
Creating Trust in Critical Network Infrastructures: Korean Case Study Chaeho Lim Professor, KAIST...
36
Creating Trust in Critical Network Creating Trust in Critical Network Infrastructures: Infrastructures: Korean Case Study Korean Case Study Chaeho Lim Professor, KAIST [email protected]
-
Upload
anis-bradford -
Category
Documents
-
view
215 -
download
0
Transcript of Creating Trust in Critical Network Infrastructures: Korean Case Study Chaeho Lim Professor, KAIST...
Creating Trust in Critical Network Creating Trust in Critical Network Infrastructures:Infrastructures:
Korean Case StudyKorean Case Study
Chaeho Lim
Professor, KAIST
Table of ContentsTable of Contents
Introduction Korean Environment Telecommunication and Networks Services Types and impact of threats to Critical Network
Infrastructures Key Initiatives to Protect Critical Network
Infrastructures Conclusion and possible areas for further
studies
IntroductionIntroduction
The Major Security Threats in Korea, 2001• Over 10 times traffic than the normal• How was the critical infrastructure ?
Korean EnvironmentKorean Environment
Korea’s Geographical Structure The Korean Economy
Telecommunication and Telecommunication and Networks ServicesNetworks Services
Facilities-Based Telecommunication Services• Domestic Telecommunication Services
• International Telecommunication Service
• Wireless Telecommunication Service Non-facilities-based telecommunication service
providers • Specially Designated Telecommunication Services
• Value-added Telecommunication Services
• Internet Connection Services
Telecommunication and Telecommunication and Networks ServicesNetworks Services
Internet Infrastructures in Korea• Internet eXchange (IX)
• Internet Backbone Network • Access Networks
Wired Services• Dialup Modem/ISDN, Cable Modem, XDSL,
Wireless Service• Internet via Cellular, B-WILL, Satellite
Types and Impact of Threats Types and Impact of Threats to to
Critical Network Critical Network InfrastructuresInfrastructures
The Worm Attacks in 2001 Internet Attacks Statistics Computer Virus Attacks
The Worm Attacks in The Worm Attacks in 2001 2001
The Worms in 2001• Ramen, Li0n, Carko, Sadmin/IIS, Cheese, Red, CodeRed, C
odeBlue, Nimda
• Cheese Worm, Found in Korea only Found in Real Time Scan Detector
• We found Indication & Warning is very important International Cooperation is very important System should be vulnerable
The Worm Attacks in The Worm Attacks in 20012001
Worm Model
...
Attacker
...
...
......
...
...
Feedback
The Worm Attacks in The Worm Attacks in 20012001
Abor Networks, “A Snapshot of Global Internet Worm Activity”, Nov 2001
Internet Attacks Internet Attacks StatisticsStatistics
Recent Attacks Statistics• Reported to CERTCC-KR/KISA • Increased very rapidly
Recent Attacks in Korea
0500
10001500200025003000
1996
1997
1998
1999
2000
2001
Year
Cou
nts AC,KR
CO.KROR.KRRE.KR{geo}.KROthers
Internet Attacks Internet Attacks StatisticsStatistics
International Attacks • D2D : From Korea to Korea, D2F : From Korea to Foreign • F2D : From Foreign to Korea • F2D2F : From Foreign to Korea to Foreign
• N/A : Not Available International Attacks
285
175
289
408
4351
D2DD2FF2DF2D2FN/A
Internet Attacks Internet Attacks StatisticsStatistics
What Countries ?Country Name Counts Country Name Counts
France 707 Japan 615
Australia 600 Brazil 310
Germany 220 United Kingdom 107
Malaysia 76 Thailand 61
USA 51 Poland 30
Netherland 24 Canada 21
Austria 7 Spain 5
Slobenia 3 Chile 1
Italy 1 Hongkong 1
Internet Attacks Internet Attacks StatisticsStatistics
Real Time Scan Detector(RTDS), Jan ’01 – Mar ‘02
Internet Attacks Internet Attacks StatisticsStatistics
Countries in RTDS
EDU ORG/GOV RE COMISP/NETPPP user Unknown Total*
KOREA 420 80 15 517 589 79 1700U.S. 47 7 142 408 3 607CHINA 9 2 1 32 66 3 113TAIWAN 11 2 33 63 109ITALIA 1 6 75 82JAPAN 3 5 28 35 71CANADA 6 1 15 38 1 61GERMAN 1 16 37 1 55HongKong 2 1 24 22 49U.K. 3 1 9 31 44
Internet Attacks Internet Attacks StatisticsStatistics
Attack Type
Attyack Types
299
150
323
17
1571
1
57
64
2853
4
ImpersonationSW BugBuffer OverflowConfiguration ErrorMalicious CodesProtocol ErrorDoSEmail AttackScan ProbeSocial Engineering
Internet Attacks Internet Attacks StatisticsStatistics
Damage Types
Damage Types Scan Probe
Compromised
Disclosure
Data Removal
Unauth Access
Homepage Deface
SystemInterruptionSystem Bug
Computer Virus AttacksComputer Virus Attacks
Win3224%
I-Worm66% Trojan
5%
Win955%
Computer Virus AttacksComputer Virus Attacks
0
10
20
30
40
50
60
Macro
Trojan
File
Boot
Worm
Script
Boot/File
Else
May 1999 J an 2000 J an 2001 J an 2002
What Kinds of Virus were reported?
Computer Virus AttacksComputer Virus Attacks
1992 1993 … 1996 … 1998 1999 2000 2001
HijackingAutomatic
Scan Attack
DoS
E-mail Propagationof Malicious Code
Trojan HorseWide Spread
DistributedAttack Tool
IP Spoofing
Sniffer
Advanced Scan tools
Windows Attack Trojan(BO)
2000 1999 1998 ... 1995 … 1987
Mellisa
Windows Attack Trojan(BO)
CSIRT Issues
Anti-Virus Issues
Mellisa
Common Issues
DDoS Agent
Macro Virus
(c)Brain
Stone
Michelangelo
Internet Worm Widespread
Key Initiatives to Protect Key Initiatives to Protect Critical Network Critical Network InfrastructuresInfrastructures
The General Approaches for Incident Response The Structure of Security in Korea The Act of Critical Communication & Telecomm
Protection Regional Level Cooperation Other Activities
The General Approaches The General Approaches for Incident Responsefor Incident Response
Protected Information
resourcedetect respon
dattack
contain, recover, harden
Indications & warnings
prevent
new laws
deter
Investigate, notify, sue, prosecute, in-kind attack, war
The Structure of Security in The Structure of Security in KoreaKorea
The National Intelligence Security and Public• National security ;
National Intelligence Service, NIS Ministry of National Defense, NMD National Security Research Institute, NSRI(Under ETRI)
• The Public ; Ministry of Information and Communication, MIC Korea Information of Security Agency, KISA ETRI CONsortium of CERT
• Law Enforcement Supreme Public Prosecutor’s Office, SPPO National Police Agency, NPA
The Act of Critical Information The Act of Critical Information & Telecommunication & Telecommunication
ProtectionProtection What is the Critical Communication & Telecomm?
• Modern Information Society all ITs are interconnected through the communication networks
• Recently computer intrusion and virus attack could be attacked to critical system
• Especially if social infrastructure system could be attacked?• Serious Damages Occurred !!
The Guidance to Critical Infrastructure-The Importance of the mission’s sociality-The dependence of Information & Communication Infra-The Interdependence of other Information & Comm Infra -The Damage Level of the Compromise and Interruption -The Easy of the Compromise and Recovery
The Act of Critical Information The Act of Critical Information & Telecommunication & Telecommunication
ProtectionProtection What is Critical Information and
Telecommunication?• Electronic Government & General Administration • National Defense • Medial Service • Financial Service • Gas and Energy• Transportation • Telecommunication
NationalDfense
Energy
Transportation
Financial
E-Gov
TelecomMediacal
The Act of Critical Information The Act of Critical Information & Telecommunication & Telecommunication
ProtectionProtection What CITP Sites are Decided?
• MOFAT : 1• MOGAHA : 2
General Administration Network, Local Authority Network
• MIC : 17 Comm Infra Net 11, Internet 4, postal Financial 1
• MOHA : 3(Citizen Security)
The Act of Critical Information The Act of Critical Information & Telecommunication & Telecommunication
ProtectionProtection How to decide CIT Site
1. Select the Potential CIT Sites by the President of Major Government
2. Evaluate the Possibility of CIT site3. Check the report of the evaluation of CIT
by the Major Government4. Discussion of the Result of the Check
inside of the committee of the CITP5. Announcement
The Act of Critical Information The Act of Critical Information & Telecommunication & Telecommunication
ProtectionProtection ISAC & Special Information Security Company
• Information Sharing and Analysis Center Provide the Early Indication & Warning, solution to their sub
scribers Financial and telecommunication ISAC was being settled
• Special Information Security Company Provide the analysis and evaluation of CIT Sites 7 Companies were Decided in Nov 2001 Hackerslab, Inzen, A3SC, S-Cube, Secure Soft, SecureI.co
m, MacroTech
The Act of Critical Information The Act of Critical Information & Telecommunication & Telecommunication
ProtectionProtection The Analysis of Vulnerability of CIT Site
• GMITS
• ISO/IEC 17799
• IAM
• VAF
• OCTAVE
• IPAK
• CSE
• NIST(SP 800-30)
The Act of Critical Information The Act of Critical Information & Telecommunication & Telecommunication
ProtectionProtection KISA’s Model
110110
210210
220220
요구사항분석요구사항분석
자산 분석자산 분석
위협 분석위협 분석
Status AnalysisStatus Analysis Vulnerability AnalysisVulnerability Analysis RiskRiskAnalysis Analysis
111자료 요청
112면담
113요구명세 작성
120120 범위 선정범위 선정121업무현황 파악
122핵심업무 선정
123평가 계획 수립
211자산 분류
212자산 평가
221위협 식별
222위협 평가
230230 취약성 분석취약성 분석231취약성 식별
232취약성 평가
310310 위험 평가위험 평가311
위험 산정
312위험 평가
410410 보호대책 권고안보호대책 권고안
411대책 권고안 작성
ControlControlReportReport
Regional Level Regional Level CooperationCooperation
We found :• Almost attacks are from foreign sites• Almost attacks are done suddenly and deeply• The first indication is most important for identify and warnin
g the serious attacks APSIRC in Feb 2001
• Almost countries come• Decides the cooperation between counties
• http://www.apng.org/apsirc• http://www.jpcert.or.jp/apsirc
Other ActivitiesOther Activities
The Evaluation the ISMS• Information Security Management • Like BS7799
The Evaluation the IDC Security Requirement• Number of IDC : 48• The Number of Performs : 30
Promotion of Security Related Manpower• The 5 Information Security Center• Support Security Related Clubs of Underground : 40
Promotion of the Security Related Industry • Support the Development • Assist the Related Lab
Conclusion and possible Conclusion and possible areas areas
for further studiesfor further studies Integrated National Information Security System, under co
nstruction Establishing common criteria for evaluating security produ
cts
Integrated National Information Integrated National Information Security System, under constructionSecurity System, under construction Cyber Intelligence for Local/Regional
• It’s important to gather the indication information• If a country can analyze the attack signature, it’s rather to s
hare it regional • It’s to study and cooperate the information to share
ftp://ftp.cert.dfn.de/pub/docs/csir/ National Cyber Command Center
• Gathering information • Analyze the attack and Assessment • Warning it nation wide
Establishing common criteria for Establishing common criteria for evaluating security productsevaluating security products
attacker Target Level of Damage Classification
Individual
(Hacker)
PC Individual privacy, property loss
D
Organization
(Terrorist,
Crime Org)
Enterprise Network,
Financial network,
Power infra.
Medical info Network,
National geography,
Information system, etc
Damage on enterprise, Public losses (damage on the public)
National commerce loss,
Damage public organization
(loss to national economy
C
B
Country National defense network,
Foreign affair network,
Public peace network
Damage on the important national facility
A
Final RemarksFinal Remarks
Regional or Global Information Sharing• What Information?• What Jobs ?
