ROADMAP FOR CSC & BASIC CITIZEN SERVICES

CHALLENGES, VISION & LESSONS

Puneet Ahuja

puneeta@juniper.net

http://www.wired.com/magazine/2011/01/ff_hackerville_romania/

"As per the information reported to and tracked by Indian Computer Response Team (CERT-In), a total number of 308, 371 and 78 government websites were hacked during the years 2011, 2012 and 2013 (up to June) respectively

MTNL claims that only the webpage and server logs-files created by the server of the activities performed by it-were damaged, but cyber experts do not rule out the possibility of hackers having obtained subscribers' addresses, phone numbers and other data

GOVT SITES HACKED

http://articles.economictimes.indiatimes.com/2014-02-05/news/47049131_1_huawei-and-zte-bsnl-network-telecom-networks

PAN card records

Financial Profile

Bank Records

Critical personal data

Land records

INVALUABLE CITIZEN INFORMATION

KNOW THE UNKNOWN

WHAT ARE WE UP AGAINST?

Attacks for national interest

Attacks for a cause

Attacks for profit

State sponsored and motivated by national interest

Groups or individual security experts with a common

interest

Individuals or gangs motivated by

monetary rewards

Theft

RevenueReputation

Sony Stolen Records

100M

Sony Direct Costs

$171M

THE COST OF AN ATTACK PONEMON INSTITUTE | AVERAGE BREACH COSTS $214 PER RECORD STOLEN

23 day network closure

Lost customers Security

improvements

Sony Lawsuits

$1-2B

of ALL threats are at the Web application layer.

70%

73%

Inconvenient Statistics

Perimeter

Network

Port

80

Web Threats

App Server

Database

Ponemon Institute

Gartner

of organizations have been hacked in the past two years through insecure Web apps.

SECURITY TRENDS

Attacker

Threats

Target

Notoriety Profitability .gov /.com .me / .you

Sop

hist

icat

ion

(Mat

urity

) Type of Attack

Botnets

Trojans

Virus Worms

DOS

APT

Malware

New Devices

ERP

Internet Information Services

New Applications

Campus Data Center

CloudMobility

Access Apps Networks Mgmt Mobility Campus Data center Cloud Products

START WITH ASECURITY FOUNDATION

Easy access• Context-based access control for virtually any device,

any user, any timeWho, what, where, when, how

Attack protection• Consistent and advanced protection across physical,

virtual, on- and off-premisesBeyond the IP address

Value• Better economics through leveragable foundation;

Improved efficiencies through centralized control

Easy access

SECURITY FOUNDATION

Attack prevention

Access Apps Networks Mgmt Mobility Campus Data center Cloud Products

Campus Data Center

CloudMobility

Access Apps Networks Mgmt Mobility Campus Data center Cloud Products

Data center security

Supporting app and network deployments…

• Flexible deployment models

• Scale easily, incrementally

• Policy sharing across virtual and physical

…while protecting from targeted attacks

• Intrusion Deception stops the attack, with no false positives

• DDoS behavioral analysis stops attacks earlier

• Security information and event management from a single pane of glass

Data Center

Access

Protect

FOUNDATION

Virtual firewall

High performance

firewall

Analytics Threat intelligence

Management

Web App protection

DDoS and AppDoS prevention

!!!

DECEIVE

DECEIVED

Juniper Detection by Deception

App ServerClient

Server Configuration

Network Perimeter

DatabaseFirewall

Query String Parameters

Tar Traps

Hidden Input Fields

JUNOS WEBAPP SECURE – ( JWAS) ATTACKER TRIPS A TAR TRAP

Mary13Attacker=

Track.

The Unusual Case of Will(iam) West

Our industry needs to move beyond IP reputation databases

FINGERPRINT OF AN ATTACKER

Browser version

Fonts

Browser add-ons

Timezone

IP Address

attributes used to create the fingerprint.

200+

False Positives

availability of fingerprints~ Real Time

nearly zero

NEXT GENERATION DATACENTER SECURITY: SPOTLIGHT SECURE ATTACKER DATABASE

Juniper’s Spotlight Secure, a global attacker intelligence service, is a one-of-a-kind, cloud-based security solution that identifies specific attackers and delivers that intelligence to Junos security products

WebAppSecure

SRX Series Services Gateways

DDoSSecure

WebApp Secure

SRX Series Services Gateways

DDoS Secure

Spotlight Attacker Database

Spotlight Attacker Database

Fingerprints are Useless Until Shared

Is This An

Attacker?

?

Joe196

JWAS Customer A

JWAS Customer B

SPOTLIGHT LOOKUP

Global Name

Local Name

JWAS Device

Bob112 Mary13 4X12J8

Is This An

Attacker?

?

Joe196

JWAS Customer A

JWAS Customer B

SPOTLIGHT MATCH

Global Name

Local Name

JWAS Device

Bob112 Mary13 4X12J8

DDoS SECURE – How does it work

• Packet validated against pre-defined RFC filters

• Malformed and mis-sequenced packets dropped

• Individual IP addresses assigned CHARM value

• Value assigned based on IP behaviours

Low CHARM Value

Medium CHARM Value

High CHARM Value

Mechanistic Traffic

First Time Traffic

Humanistic, Trusted Traffic

• Low-and-slow and volumetric

•Signature free: stops new attacks

•No tuning or thresholds

DDoS Secure

• Intrusion Deception stops hacking

•Near-zero false positives

•No tuning or Web App changes

WebApp Secure

• Leading high-end firewall

•Proven datacenter scale

•Integration with WebApp Secure

Application Firewall

DATACENTER SECURITY: STOPPING THE UNKNOWN

Spotlight Secure

• Global attacker fingerprint system

• Actionable – beyond IP address

•WELCOME TO THE

FUTURE OF SECURITY