Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks 2011.11.28 Jeong Min, Lee KISA.

Slides:



Advertisements
Similar presentations
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Advertisements

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.
Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.
The shadow war: What policymakers need to know about cybersecurity Eric Miller Vice President, Policy, Innovation, and Competitiveness Canadian Council.
Information Security Overview in the Israeli E-Government April 2010 Ministry of Finance – Accountant General E-government Division.
Cyber X-Force-SMS alert system for threats.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
(Geneva, Switzerland, September 2014)
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Lecture 15 Denial of Service Attacks
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Anomaly Detection and Mitigation. Outline DoS and DDoS Anomaly Detection and Mitigation Systems Cisco DDoS Anomaly Detection and Mitigation Solutions.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Norman SecureSurf Protect your users when surfing the Internet.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak
Sravanthi Vattikuti Sri Harsha Devabhaktuni
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
D2-02_09 Construction of Next-generation Security Infrastructure to Cope with Next Types of Cyber Attacks Takehiro Sueta Kyushu Electric Power Co., Inc.
1 Young-Sun La NIDA (National Internet Development Agency ).kr DNS Monitoring System Overview.
BotNet Detection Techniques By Shreyas Sali
Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.
Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.
TTA activity for countering BOTNET attack and tracing cyber attacks 14 July, 2008 Heung-youl Youm TTA, Korea DOCUMENT #:GSC13-GTSC6-07 FOR:Presentation.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
7.7 DDoS Attack Timeline 1 st Attack Date : ’ :00 ~ ’ :00, ’ :00 ~ ’ :00 Target : (US) White House + 4 web sites (US)
KT's IPv6 status and trial service Future Technology Lab Dongjin Kwak, Jaehwa Lee Meeting 2008 at NZ.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Fostering worldwide interoperabilityGeneva, July 2009 How to counter web-based attacks on the Internet in Korea Heung Youl YOUM Chairman of Korea.
--Harish Reddy Vemula Distributed Denial of Service.
An Overview of the Internet: The Internet: Then and Now How the Internet Works Major Features of the Internet.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION
IPv6 transition -. Legal ground Legal ground ‘The Act on Internet address resources’ Article 5 (Formulation ‘The Act on Internet address resources’
IPv6 session, APAN 27 th meeting Joonhyung Lim National Internet Development Agency of Korea ``
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2004.
NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.
7.7 DDoS Attack Timeline 1 st Attack Date : ’ :00 ~ ’ :00, ’ :00 ~ ’ :00 Target : (US) White House + 4 web sites (US)
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.
Hurdles in implementation of cyber security in India.
How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.
Cybersecurity: Expanding the Front Lines of Defense Dr. George K. Kostopoulos Professor Electrical and Computer Engineering Cybersecurity New York Institute.
Security in Cloud Computing Zac Douglass Chris Kahn.
EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.
CERT cooperation with ISP’s on Cybersecurity C ă t ă lin P ă trașcu CERT-RO 29 October 2015 RONOG 2 Meeting1.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Advanced Anti-Virus Techniques
Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
WINS Monthly Meeting 06/05/2003 WINS Monthly Meeting 06/05/2003.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)
Cyber Crime in China: Current Situation and Countermeasures He Xing Cyber Crime Investigation Division Ministry of Public Security, China.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Page 2 Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps 'Biggest cyber-attack in history' slows down internet worldwide after.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Lecture 8. Cyber Security, Ethics and Trust
Who should be responsible for risks to basic Internet infrastructure?
Presentation transcript:

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA

Capacity Development Workshop on Public Information Management Contents Korea Cyber Security Framework DDoS Response System –Security Monitoring Center –Detection Tools –DNS Sinkhole –Cyber Cure System for Infected PCs –DDoS Cyber Shelter DDoS Response Case : – 3.4 DDoS in 2011 Korea Cyber Security Framework DDoS Response System –Security Monitoring Center –Detection Tools –DNS Sinkhole –Cyber Cure System for Infected PCs –DDoS Cyber Shelter DDoS Response Case : – 3.4 DDoS in 2011

Capacity Development Workshop on Public Information Management Korea Cyber Security Framework

Capacity Development Workshop on Public Information Management Cyber Crisis Response Framework President National Center For Crisis Management National Center For Crisis Management Ministry of National Defense Ministry of National Defense Defense Security Command Military Area/each unit Korea Communications Commission Korea Communications Commission KrCERT/CC Critical Infrastructures in Private Sector Critical Infrastructures in Private Sector National Intelligence Service National Intelligence Service KNCERT/CC Critical Infrastructures in Government/Public Sector Critical Infrastructures in Government/Public Sector

Capacity Development Workshop on Public Information Management Security Cooperation Framework

Capacity Development Workshop on Public Information Management Distributed Denial of Service Attack

Capacity Development Workshop on Public Information Management DDoS Attack Response

Capacity Development Workshop on Public Information Management Security Monitoring Center

Capacity Development Workshop on Public Information Management

Capacity Development Workshop on Public Information Management DDoS Nation Wide Anti-DDoS System DDoS Detection system IX(Internet eXchange) Backbone Router A ISPB ISP Ix RuterIX Router Legitimate Traffic IDC, Internet Biz company, Internet Service Provides, etc IDC, Internet Biz company, Internet Service Provides, etc DDoS Attack Traffic Block or Detour Conn ected Block or Detour DDoS Attack Traffic Normal Traffic Conn ected

Capacity Development Workshop on Public Information Management Detection Tools: Malicious code analysis(Utilize HoneyNet)

Capacity Development Workshop on Public Information Management Web Hacking Malicious Code Detection (MC-Finder) Web Service Provider All Domains registered in Korea (1.8 million) 1. Update detection rule Malicious Code Finding System (MC-Finder) 2.Check hidden malicious URL in website 3. Request to block foreign malicious URL ISP Staff on duty KT T Broad SK Broadband 4. Request to remove malicious URL Malicioius URL (Dissemination, Route) KISA

Capacity Development Workshop on Public Information Management DNS Sinkhole : Block BotNet

Capacity Development Workshop on Public Information Management Cyber Cure System for Infected PCs 1.Collect infected PC IP Target website DDoS attack 2. Operate cyber cure System ISP 3. Popup window for notification 4. Dedicated vaccine Zombie PC Stop! Cure zombie PC Cyber cure system Download dedicated vaccine

Capacity Development Workshop on Public Information Management DDoS Cyber Shelter

Capacity Development Workshop on Public Information Management Case Study : Success Story of KR DDoS attack countermeasure by KISA

Capacity Development Workshop on Public Information Management Overview of 3.4 DDoS(1) ~ 3.15(about 10 days) Attack Target : 40 institutions –24 Government and Public institutions –9 Financial institutions –7 Portal & Shopping Mall

Capacity Development Workshop on Public Information Management March and July DDoS attacks are Similar ClassificationMar 4thJuly 7th # of Zombie PCs116,299115,044 # of Target websites4036 # of Blocked C&C Servers # of Destroyed HDDs7561,466

Capacity Development Workshop on Public Information Management March DDoS Method is more Intelligent and destructive than July 3.4 DDoS Attack attempted only attack of disturbing the system network with very high technology, so that this attack is deemed as the testing kind’s prior attack for checking Korea’s state of defense. –(Dmitri Alperovitch, vice president of McAfee, DongA Ilbo Interview dated on July 9, 2011)

Capacity Development Workshop on Public Information Management Depending on the response, the attack is continuing to change KISA Response Vaccine distribution via Effective defense against DDoS Attack Hard disk damage prevention guideline Change in Attack Method Block zombie PC’s access to Destroy HDD just after the infection HDD is destroyed even at safe mode booting

Capacity Development Workshop on Public Information Management Nationwide Cyber Security Alert System

Capacity Development Workshop on Public Information Management DDoS Nation Wide Anti-DDoS System DDoS Detection system IX(Internet eXchange) Backbone Router A ISPB ISP Ix RuterIX Router Legitimate Traffic IDC, Internet Biz company, Internet Service Provides, etc IDC, Internet Biz company, Internet Service Provides, etc DDoS Attack Traffic Block or Detour Conn ected Block or Detour DDoS Attack Traffic Normal Traffic Conn ected

Capacity Development Workshop on Public Information Management DDoS Cyber Shelter

Capacity Development Workshop on Public Information Management Cyber Cure System for Infected PCs 1.Collect infected PC IP Target website DDoS attack 2. Operate cyber cure System ISP 3. Popup window for notification 4. Dedicated vaccine Zombie PC Stop! Cure zombie PC Cyber cure system Download dedicated vaccine

Capacity Development Workshop on Public Information Management Q&A

Capacity Development Workshop on Public Information Management THANK YOU!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.