ROADMAP FOR CSC & BASIC CITIZEN SERVICES
CHALLENGES, VISION & LESSONS
Puneet Ahuja
http://www.wired.com/magazine/2011/01/ff_hackerville_romania/
"As per the information reported to and tracked by Indian Computer Response Team (CERT-In), a total number of 308, 371 and 78 government websites were hacked during the years 2011, 2012 and 2013 (up to June) respectively
MTNL claims that only the webpage and server logs-files created by the server of the activities performed by it-were damaged, but cyber experts do not rule out the possibility of hackers having obtained subscribers' addresses, phone numbers and other data
GOVT SITES HACKED
http://articles.economictimes.indiatimes.com/2014-02-05/news/47049131_1_huawei-and-zte-bsnl-network-telecom-networks
PAN card records
Financial Profile
Bank Records
Critical personal data
Land records
INVALUABLE CITIZEN INFORMATION
KNOW THE UNKNOWN
WHAT ARE WE UP AGAINST?
Attacks for national interest
Attacks for a cause
Attacks for profit
State sponsored and motivated by national interest
Groups or individual security experts with a common
interest
Individuals or gangs motivated by
monetary rewards
Theft
RevenueReputation
Sony Stolen Records
100M
Sony Direct Costs
$171M
THE COST OF AN ATTACK PONEMON INSTITUTE | AVERAGE BREACH COSTS $214 PER RECORD STOLEN
23 day network closure
Lost customers Security
improvements
Sony Lawsuits
$1-2B
of ALL threats are at the Web application layer.
70%
73%
Inconvenient Statistics
Perimeter
Network
Port
80
Web Threats
App Server
Database
Ponemon Institute
Gartner
of organizations have been hacked in the past two years through insecure Web apps.
SECURITY TRENDS
Attacker
Threats
Target
Notoriety Profitability .gov /.com .me / .you
Sop
hist
icat
ion
(Mat
urity
) Type of Attack
Botnets
Trojans
Virus Worms
DOS
APT
Malware
New Devices
ERP
Internet Information Services
New Applications
Campus Data Center
CloudMobility
Access Apps Networks Mgmt Mobility Campus Data center Cloud Products
START WITH ASECURITY FOUNDATION
Easy access• Context-based access control for virtually any device,
any user, any timeWho, what, where, when, how
Attack protection• Consistent and advanced protection across physical,
virtual, on- and off-premisesBeyond the IP address
Value• Better economics through leveragable foundation;
Improved efficiencies through centralized control
Easy access
SECURITY FOUNDATION
Attack prevention
Access Apps Networks Mgmt Mobility Campus Data center Cloud Products
Campus Data Center
CloudMobility
Access Apps Networks Mgmt Mobility Campus Data center Cloud Products
Data center security
Supporting app and network deployments…
• Flexible deployment models
• Scale easily, incrementally
• Policy sharing across virtual and physical
…while protecting from targeted attacks
• Intrusion Deception stops the attack, with no false positives
• DDoS behavioral analysis stops attacks earlier
• Security information and event management from a single pane of glass
Data Center
Access
Protect
FOUNDATION
Virtual firewall
High performance
firewall
Analytics Threat intelligence
Management
Web App protection
DDoS and AppDoS prevention
!!!
DECEIVE
DECEIVED
Juniper Detection by Deception
App ServerClient
Server Configuration
Network Perimeter
DatabaseFirewall
Query String Parameters
Tar Traps
Hidden Input Fields
JUNOS WEBAPP SECURE – ( JWAS) ATTACKER TRIPS A TAR TRAP
Mary13Attacker=
Track.
The Unusual Case of Will(iam) West
Our industry needs to move beyond IP reputation databases
FINGERPRINT OF AN ATTACKER
Browser version
Fonts
Browser add-ons
Timezone
IP Address
attributes used to create the fingerprint.
200+
False Positives
availability of fingerprints~ Real Time
nearly zero
NEXT GENERATION DATACENTER SECURITY: SPOTLIGHT SECURE ATTACKER DATABASE
Juniper’s Spotlight Secure, a global attacker intelligence service, is a one-of-a-kind, cloud-based security solution that identifies specific attackers and delivers that intelligence to Junos security products
WebAppSecure
SRX Series Services Gateways
DDoSSecure
WebApp Secure
SRX Series Services Gateways
DDoS Secure
Spotlight Attacker Database
Spotlight Attacker Database
Fingerprints are Useless Until Shared
Is This An
Attacker?
?
Joe196
JWAS Customer A
JWAS Customer B
SPOTLIGHT LOOKUP
Global Name
Local Name
JWAS Device
Bob112 Mary13 4X12J8
Is This An
Attacker?
?
Joe196
JWAS Customer A
JWAS Customer B
SPOTLIGHT MATCH
Global Name
Local Name
JWAS Device
Bob112 Mary13 4X12J8
DDoS SECURE – How does it work
• Packet validated against pre-defined RFC filters
• Malformed and mis-sequenced packets dropped
• Individual IP addresses assigned CHARM value
• Value assigned based on IP behaviours
Low CHARM Value
Medium CHARM Value
High CHARM Value
Mechanistic Traffic
First Time Traffic
Humanistic, Trusted Traffic
• Low-and-slow and volumetric
•Signature free: stops new attacks
•No tuning or thresholds
DDoS Secure
• Intrusion Deception stops hacking
•Near-zero false positives
•No tuning or Web App changes
WebApp Secure
• Leading high-end firewall
•Proven datacenter scale
•Integration with WebApp Secure
Application Firewall
DATACENTER SECURITY: STOPPING THE UNKNOWN
Spotlight Secure
• Global attacker fingerprint system
• Actionable – beyond IP address
•WELCOME TO THE
FUTURE OF SECURITY
Top Related