AI and Cybersecurity: Opportunities and Challenges - AI-CS ...
Cybersecurity Opportunities Challenges APNIC
description
Transcript of Cybersecurity Opportunities Challenges APNIC
Issue Date:
Revision:
Cyber Security Opportunities and Challenges Adli Wahid Security Specialist, APNIC
5th APT Cyber Security Forum, 27-29 May 2014
27 May 2014
2
Agenda
• Overview of APNIC • Opportunities and challenges
– Source address validation (Best Current Practice (BCP) 38)
– Securing the Internet with Resource Certification – Effective incident response and handling (APNIC Whois
Database) – Awareness and education
• The way forward
2
Overview
3
APNIC’s Vision: “A global, open, stable, and secure Internet that serves the entire Asia Pacific community”
Serving APNIC Members
Supporting Internet development in the Asia Pacific region
Collaborating with the Internet community
4
APNIC’s Mission
• Function as the RIR for the Asia Pacific, in the service of the community of Members and others
• Provide Internet registry services to the highest possible standards of trust, neutrality, and accuracy
• Provide information, training, and supporting services to assist the community in building and managing the Internet
• Support critical Internet infrastructure to assist in creating and maintaining a robust Internet environment
• Provide leadership and advocacy in support of its vision and the community
• Facilitate regional Internet development as needed throughout the APNIC community
5
Strategic Engagement
6
• NOGs, NIR OPMs, I*, CERTs, ISOC Chapters, PACINET, PICISOC, PTC
Technical community
• APEC-TEL 47 and 48, ITU WTPF, APT, WSIS+10, ITU Connect Asia Pacific Summit, ITU Telecom World 2013, APEC TEL 49, NETmundial
Governmental
• National IGFs (Nethui, auIGF), APrIGF • Bali IGF - significant support given for
fundraising and logistics IGF
Opportunities and Challenges
7
Opportunities and Challenges
• Government institutions, CERTs, Law Enforcement Agencies (LEAs) and stakeholders have been collaborating all along
• What else needs to be done? • What are the opportunities and challenges?
BEST CURRENT PRACTICES
Internet Resources Management
Source Address Validation (BCP 38)
• Problem – Network providers allow traffic from IP addresses that they do not hold – As a result it is trivial to spoof IP addresses – This enables attacks such as the DDoS Reflection/Amplification
• Recipe for Amplification attacks – Network that allows source IP spoofing – Network services that respond to non-customer requests
• This is not new – BCP 38 has been around since 2000 (RFC 2827) – Also known as Network Ingress Filtering
• Is your provider allowing source address spoofing? – Source Address Validation Everywhere! (SAVE)
BCP 38 Ingress Packet Filtering
11
Internet ISP
96.0.21.0/24
96.0.20.0/24
96.0.22.0/24
ISP’s Customer Allocation Block: 96.0.0.0/19 BCP 38 Filter = Allow only source addresses from the customer’s 96.0.X.X/24
BCP 38 Applied Here
Credit: http://confluence.senki.org/pages/viewpage.action?pageId=1474569
Resource Certification with RPKI
• Resource Public Key Infrastructure – Security framework to verify the association between specific IP
address blocks or Autonomous System (AS) numbers and the holders of the resources
– Uses digital certificates and Public Key cryptography
• Essential because: – Improves security of inter-domain routing. Currently, it’s based on
mutual trust – Can prove authoritatively who uses an IP address block and what AS
has announced it
• Prevents mis-origination or “Route Hijacking” – When an entity participating in Internet routing announces a prefix
without authorization (either mistake or malicious intention)
12
13
ISP A ISP B
ISP E
My AS number is 1001
My prefix is 198.58.1.0/24
My AS number is 1001
My prefix is 198.58.1.0/24
Resource Certification Benefits
• Routing information corresponds to properly delegated address resources
• Resource certification gives resource holders proof that they hold certain resources
• Resource holders can attest to those resources when distributing them
• Resource certification is a highly robust means of preventing the injection of false information into the Internet’s routing system
14
Resource Certification with RPKI
• Role of APNIC – Acts as Certificate Authority, attests that the
certificate belong to the identified party – Issues RPKI certificates to APNIC Members
15
Whois Database – Improving Incident Response and Handling • Security incidents happen and timely response is
critical • The Incident Response Team (IRT) object requires
resource holders to provide contact information • There are opportunities to:
– Enhance incident response and handling capabilities – Provide additional information for escalation (i.e. National
CSIRT/CERT or relevant agency) – Report invalid contact information
16
17
inetnum: 202.55.176.0 - 202.55.191.255 netname: SKYCC descr: SKYCC, VoIP and ISP, Ulaanbaatar, Mongolia country: MN admin-c: SD635-AP tech-c: TB231-AP status: ALLOCATED PORTABLE remarks: ************************************************************* remarks: This object can only modify by APNIC hostmaster remarks: If you wish to modify this object details please remarks: send email to [email protected] with your organisation remarks: account in the subject line. remarks: ************************************************************* changed: [email protected] 20030708 mnt-by: APNIC-HM mnt-lower: MAINT-MN-SKYCC mnt-routes: MAINT-MN-SKYCC mnt-irt: IRT-SKYCC-MN changed: [email protected] 20081114 changed: [email protected] 20130611 source: APNIC irt: IRT-SKYCC-MN address: Sukhbaatar District-1, address: Chinggis Khan Avenue-9, address: Skytel Plaza building, address: Ulaanbaatar-13, e-mail: [email protected] abuse-mailbox: [email protected] admin-c: SD635-AP tech-c: TB231-AP auth: # Filtered mnt-by: MAINT-MN-SKYCC changed: [email protected] 20101210 source: APNIC
IRT contact
Awareness and Education
• Reaching out to operators (resource holders) and relevant stakeholders is important to create awareness and ability to apply best current practices
• Challenges: – Cost and availability of subject matter experts
• APNIC provides training at events across the region as well as online – training.apnic.net
• Topics include – BGP, IPv6, DNSSEC, Network Security and much more
18
Recent and Upcoming Events
• Bangladesh Network Operators Group 1 Workshop and Conference – 19 – 24 May 2014 in Dhaka, Bangladesh – 3-day Workshops, 1-day tutorial and 2-day
conference – 90 participants for 3 workshops
• Network Security • Routing/BGP • Virtualization
• Internet Investigation Training Day – 9 July 2014, New Zealand – 1-day tutorial on how the Internet works – Focused on LEA engagement – Collaboration with ICANN, APTLD, .nz DNC, New Zealand police
19
The Way Forward
• Infrastructure security issues are part of the bigger picture and must be addressed
• The full impact of security controls may only be realized if everyone implements them – Relevant stakeholders and operators must make things happen
• Awareness and education activities are at the core of all of the above
• Let’s work together!
20
You’re Invited! • APNIC 38: Brisbane, Australia, 9-19 Sep 2014
• APRICOT 2015: Fukuoka, Japan, 24 Feb-6 Mar 2015
21
THANK YOU www.facebook.com/APNIC
www.twitter.com/apnic
www.youtube.com/apnicmultimedia
www.flickr.com/apnic
www.weibo.com/APNICrir