National Network Security Capacity Building - TT · National Network Security Capacity Building ......
Transcript of National Network Security Capacity Building - TT · National Network Security Capacity Building ......
![Page 1: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/1.jpg)
National Network Security Capacity Building
Yuejin DU, Ph.D
Deputy CTO of CNCERT/CCDeputy Chair of APCERT
Regional Workshop on Frameworks for Cybersecurity & CIIP by ITU
2007.8.28.Hanoi.Vietnam
![Page 2: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/2.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Content
• Current Internet Security Situation• Network Security Capacity Model• Some Practices in China• Conclusion
![Page 3: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/3.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Current Internet Security Situation
• More ‘chances’ for attackers• ‘Underground economy’ prosperity• CIIP is facing severe threat• Governmental information systems have many
problems• Stealing data is becoming the main goal• Attackers becoming more powerful and ‘run roit’• More challenges for handling security threatsAny Evidence?
![Page 4: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/4.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Fraud website reports to CNCERT/CC –Phishing incident
0
100
200
300
400
500
600
700
2004 2005 2006 2007.1-6
Fraud website of 2008 Olympic Ticket System appeared even before the real one opened on May. 18th. 2007
![Page 5: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/5.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Total:28367,4728/Mon
Gov:1585,264/Mon
Web-defacements in China – 2007.1-6
![Page 6: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/6.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Computers (IP) in China Mainland controlled by hackers through Trojans – 2007.1-6
Total: 1,000,372!
![Page 7: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/7.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Botnet:The ‘nuclear weapon’ in the hands of the dark society
IPs controlled: 3,598,4312007.1-6
C&C Server: 14,3552007.1-6
![Page 8: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/8.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
U.S.33%
Other17%
Malaysia2%
Brazil2%
Korea10%
Chinese Taipei9%
HongKong,China8%
Japan5%France
4%
Germany3%
Canada4%
U.K.3%
Location of C&C Servers - 2006
Total Number: > 16,000
![Page 9: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/9.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Network Security Capacity Model –capabilities
• Capability of ‘yu’ (预) :take precautions– Prevention, Early warning, evaluation and detection in
a early stage• Capability of ‘zhi’ (知) :knowing what’s
happening– monitoring
• Capability of ‘kong’(控):controllability – Incidents or emergency response / crisis management
• Capability of ‘sheng’(生):recover and survive– Recover from incidents, survivability of the core
![Page 10: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/10.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Network Security Capacity Model-elements
• Infrastructure – Products, devices, infrastructure/platform– “Perfect job, need perfect tool”
• Resources– Knowledge and database on vulnerabilities, attacking
behaviors, information of infrastructure/ key systems and important users, methodology, procedure, etc.
– “No flour, No Bread”• Teams
– Professional security teams & cooperation framework
![Page 11: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/11.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Network Security Capacity Model-threats
• The Art of War : “Not only know yourself, but also know your enemy, that’s the rule of win”
• Capabilities of handling certain type of threats– Botnet, Spyware, Phishing, DDoS, Spam,– ……
• Keep studying new threats, finding out the most appropriate handling method and procedure toward them, evaluate capacity X and Y (adjust them if needed).
![Page 12: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/12.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Network Security Capacity Structure
elements (x)
RequiredCapabilities (y)
Threats (z)
Pre- X
Knowing
Controlling
Surviving
…
蠕虫
DDoSBotnet
Spyware
Teams/Orgs(professional)
Platforms(products)
Resources
![Page 13: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/13.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
• National CSIRT• Domestic Emergency
Response Cooperation Framework
• Early Warning Capability
• Basic Resources
Practice – CERT & Domestic IR Framework
• CNCERT/CC’s Activities:– Information Collecting– Incident Monitoring– Incident Handling– Data Analyzing– Resource Building– Researching– Training– Consulting– International
Cooperation
![Page 14: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/14.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Main roles of CNCERT/CC
• Critical information infrastructure– Coordination ; Technical support ;Watch and
warning ;Resource and capacity building; etc• Important application systems
– Technical support; Information sharing; etc.• POC• Awareness raising : end users; government
(Need to know new threats by ourselves)• Others
![Page 15: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/15.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Practice – International Cooperation
• APCERT• FIRST• APEC-TEL• Many other international organizations:
– TF-CSIRT– OAS– ENISA– EGC
![Page 16: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/16.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Practice - Platform
![Page 17: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/17.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
6.3-6.5PCT vulnerability misuseCNCERT/CC
![Page 18: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/18.jpg)
National Computer network Emergency Response technical Team/Coordination Center of China
Conclusion
• Network security threat is becoming more powerful and complicated than before. National network security capacity has to be adaptable to the new challenge.
• Cooperation is crucial. It’s the only way we can enhance our capability to a necessary level.
• We all are responsible, we all can contribute!
![Page 19: National Network Security Capacity Building - TT · National Network Security Capacity Building ... Network Security Capacity Model-threats ... – Researching](https://reader036.fdocuments.net/reader036/viewer/2022062909/5b81639d7f8b9a2b6f8c3c2f/html5/thumbnails/19.jpg)
Thanks
www.cert.org.cn