Information Security Overview in the Israeli E-Government April 2010 Ministry of Finance – Accountant General E-government Division.

Slides:

Advertisements

Similar presentations

Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.

Advertisements

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

Computer Crimes and Security Professor Matt Thatcher.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Crime and Security in the Networked Economy Part 4.

Breaking Trust On The Internet

Economic and Social Impact of Digital Security Eng. Qusai AlShatti Deputy Director for Information Technology.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

1 July 08, 2010 Information Security Officer Meeting.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

(Geneva, Switzerland, September 2014)

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Norman SecureSurf Protect your users when surfing the Internet.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Computer Crime and Information Technology Security

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

 The purpose of this report is to inform people that the spyware and virus threat is growing and what people can do to stop the spread of spyware and.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

Cyber Warfare Case Study: Estonia

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

Lecture 1 Page 1 CS 236 Online Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them?

Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and antivirus.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.

U.S. Small Business Administration Answers | Resources | Support For Your Small Business Cybersecurity Awareness Cybersecurity Awareness Signs You’ve Been.

Training on “Albanian and Italian experience in investigation and prosecution of Cybercrime” General Prosecutor Office, Tirana 10 June 2014 VQA Ivano GABRIELLI.

What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.

AVAR 2004, Japan, Tokyo Today’s Threats and the Evolution of the Computer Underground Today’s Threats and the Evolution of the Computer Underground Eugene.

Computer crimes.

CONTROLLING INFORMATION SYSTEMS

IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.

E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions.

Whats it all about?.  C omputer crime refers to any crime that involves a computer and a network. The computer may have been used in the commission of.

Issues for Computer Users, Electronic Devices, Computer and Safety.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Information Security Officer Meeting

Hotspot Shield Protect Your Online Identity

Forensics Week 12.

Cyber Security Culture

Protect Your Ecommerce Site From Hacking and Fraud

Forensic and Investigative Accounting

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Information Security Overview in the Israeli E-Government April 2010 Ministry of Finance – Accountant General E-government Division

General Threat The E-Government Division holds the main connection between the internet and the government offices. The internet, as a whole, lacks enforcement and is a source for a wide range of attacks. Dangerous / Not Focused Attack on numerous websites. Machine/Human based attack. Learning curve. Dangerous / Focused Attack on the Government offices. Human-based attack. Learning curve. Not Dangerous / Not Focused Attack on a one/many websites. Machine/Human based attack. No Learning curve. Not Dangerous / Focused Attack on the Government offices. Human-based attack. No Learning curve.

General Threat  Threats:  Defacement of Government Sites.  Theft/Corruption of Government Data.  Theft of services or money from the Government (E-Commerce)  Identity fraud / theft (E-Forms, PKI Infrastructure)  Forgery of bid results (Online bidding service)  Denial of Service attacks.

Attack Scenarios  Information Warfare / Cyber Terror Scenarios:  Taking control of computers belonging to ministers / computers holding valuable data.  Shutting down / Defacing the Israeli Spokesmenship Internet systems during periods of crisis.  Shutting down critical infrastructure connected to the Internet.  Profit / Self Gain Scenarios:  Taking control of computers holding financial / sensitive data by interested parties (Black market, Mafia, Criminal elements).  Hampering data in financial systems.  Recognition Scenarios:  Publishing “confidential” information from the government for recognition.  Defacement of government sites for recognition.

Zeus Infection in the Israeli Government  During 2009, the Security Intelligence Team managed to identify “curious” traffic between the government offices and the Internet.  This traffic was associated with the Trojan horse known as Zeus.  Zeus is considered to be the most spread Trojan today, and is not fully identifiable by Antivirus software.

Zeus Infection in the Israeli Government  Usage of Traffic Monitoring: .Bin  One dot in domain .cn  Usage of starvation in order to stop spreading  In the course of about 2 month, the government was clean from Zeus.

“Cyber Jihad”  “Cyber Jihad” is a sub section of Hacktivism, composed of several Muslim hacker groups (most notable are “Team-Evil”).  Generally it encompasses all the Information Warfare activities conducted by Muslim groups against specific centers of attention.

Bank of Israel Defacement  On the 25 th of April, 2008, the official site for the Bank of Israel has been defaced.  The site was held in a private Israeli ISP.  The site was ran by the Bank of Israel Spokesperson and not by the Bank of Israel IT.  The E-Government Security Department CERT and Security Intelligence teams researched the breach.  The Attackers have known the exploit in the site for half a year before the beginning of the attack.

Bank of Israel Defacement - Findings  The attackers have uploaded HTML pages containing the Defacement.  On the 25 th of April, the attackers decided to activate the Defacement.  On the 27 th of April, the site was moved to the E-Government infrastructure.  On the 30 th of April, a coordinated attack containing 250,000 different application attacks started on the Bank of Israel site.

Attacks during Operation “Cast Lead”  Increase of.il sites defacements during the operation.  589 Defacements of.co.il sites.  66 Defacements of.org.il sites.  4 Defacements of.gov.il sites.  2 Defacements of.net.il sites.  Ordinary monthly average.  300 Defacements of.co.il sites.  5 Defacements of.org.il sites.  0 Defacements of.net.il sites (2-3 per year).

Information Security Operations during “Cast Lead”  At the beginning of the operation the SOC (Security Operations Center) was directed to a “loose trigger” policy.  The SOC blocked between IPs per shift.  The SOC was reinforced and every shift included between 3-5 SOC operators.  Blocking country-wide IP ranges.

DDoS Attacks against the E-Government Infrastructure during “Cast Lead”  During the Operation there were 4 DDoS attempts at the E- Government Infrastructure.  The attacks were categorized as SYN-Flood attacks, with each attack surpassing it’s predecessor.  At it’s peak, the attacks were generating 15,000,000 connections per second.  In each of the attacks, the E-Government infrastructure was down for a period between 5-20 minutes.  The immediate solution was to activate “Guard” systems in our ISPs.  The Information Security Team managed to pinpoint the tool that was used in the attack and write specific IDS rules for it.  The long term solution includes activating “Guard” systems outside of Israel and improving the ability of the SOC operators to recognize this sort of attack.

Thank you Ministry of Finance – Accountant General E-Government Division