D2-02_09 Construction of Next-generation Security Infrastructure to Cope with Next Types of Cyber Attacks Takehiro Sueta Kyushu Electric Power Co., Inc.

Slides:

Advertisements

Similar presentations

SCADA Security, DNS Phishing

Advertisements

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Internet, Intranet and Extranets

1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

Web server security Dr Jim Briggs WEBP security1.

LittleOrange Internet Security an Endpoint Security Appliance.

Threats and Attacks Principles of Information Security, 2nd Edition

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

Computer Crime and Information Technology Security

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

D2-01_08 Approaches to Smart Grid Communications Networks in Japanese Electric Power Companies Naomasa Takahashi Kyushu Electric Power Co., Inc. Japan.

AtomPark Software is founded in The head office is located in Saint-Petersburg, Russia. Company is officially registered in the United States. AtomPark.

Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

 a crime committed on a computer network, esp. the Internet.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

TTA activity for countering BOTNET attack and tracing cyber attacks 14 July, 2008 Heung-youl Youm TTA, Korea DOCUMENT #:GSC13-GTSC6-07 FOR:Presentation.

Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.

Chapter 3.  The characteristics and purpose of: ◦ Intranets ◦ Internet ◦ Extranets.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

Computer project – computer virus 1D Christy Chan (9) Patricia Cheung (14)

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

The Changing World of Endpoint Protection

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

ACM 511 Introduction to Computer Networks. Computer Networks.

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

D2-01_08 Approaches to Smart Grid Communications Networks in Japanese Electric Power Companies Naomasa Takahashi Kyushu Electric Power Co., Inc. Japan.

Network security Product Group 2 McAfee Network Security Platform.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Hurdles in implementation of cyber security in India.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Sky Advanced Threat Prevention

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.

Safe’n’Sec IT security solutions for enterprises of any size.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Role Of Network IDS in Network Perimeter Defense.

MIS323 – Business Telecommunications Chapter 10 Security.

© 2006, iPolicy Networks, Inc. All rights reserved. Security Technology Correlation Proneet Biswas Sr. Security Architect iPolicy Networks

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

3.6 Fundamentals of cyber security

Building A Security Program From The Ground Up

Information Technology Controls

Information Protection

1.2.2 Security aspects • Show understanding of the security aspects of using the Internet and understand what methods are available to help minimise the.

Information Protection

Presentation transcript:

D2-02_09 Construction of Next-generation Security Infrastructure to Cope with Next Types of Cyber Attacks Takehiro Sueta Kyushu Electric Power Co., Inc. Japan CIGRE SC D2 Colloquium November 2013 Mysore - KARNATAKA – INDIA Haruki Terakura NEC Corporation Japan

p1 Table of Contents ■ Overview of Security Measures and Current Issues in Japan ■ Background and Purpose ■ Construction of Next-generation Security Infrastructure ■ Overview of Outbound Content Security System Functions ■ Operational Status and Evaluation of Outbound Content Security System ■ Summary and Future Issues ■ Special Report Q&A

p2 Overview of Security Measures and Current Issues in Japan ■ Transition of server attacks. Aims of Attacks Attackers Attack Methods Mischievous intent, Showing off technical skills Financial gain intent, Obstructive behavior Industrial spy activities, Confidential Information Individual action Small groups, Criminals Organized groups, Spies Hacking, Web falsification DoS attacks, Spam s, etc. Targeted attacks Attack methods are becoming more sophisticated. This makes it difficult to prevent damage from such attacks by using conventional security measures and therefore, construction of the next-generation security infrastructure is required.

p3 Background and Purpose Company Public Office Customer Inside the Company Servers External Network (Internet) Security functions PC Inbound communications Access to KEPCO’s website, reception, etc. Malware check on PC Blocked Illegal access such as an attack against servers However, since these security measures present the risk of allowing unknown malware not identified by virus definition files to infiltrate the company, security measures need to be strengthened. Pattern matching based on comparison with virus definition files ■ Security measures in Kyushu Electric Power Company (KEPCO)

p4 Construction of Next-generation Security Infrastructure Company Public Office Customer Inside the Company Servers External Network (Internet) Security functions PC Inbound communications Outbound communications Information processing equipment Access to KEPCO’s website, reception, etc. ■ KEPCO has introduced an outbound content security system. This system detects the activities of a PC infected with bot by constantly monitoring and analyzing of communication packets. Outbound Content Security System

p5 Overview of Outbound Content Security System Functions Time Communication detected PC infected with bot Communication with the command -issuing server Frequent communication probably by bot and transmission of internal information Frequent communication detected Detection by the outbound content security system Not detected Bot activities ■ A bot-infected PC invariably communicate with the command-issuing server before transmission of internal information. Breaches of confidential information can be prevented by identifying and investigating the PC that may be infected with bot at the point at which communication was first detected.

p6 Operational Status and Evaluation of Outbound Content Security System Detection of illegal communication External Network (Internet) GET / HTTP/1.1 USER-AGENT: mozilla/4.0 sbot2.0 eac8&r=e382d820391ddbcaddefa GET / HTTP/1.1 USER-AGENT: mozilla/4.0 sbot2.0 eac8&r=e382d820391ddbcaddefa Identification of PC and investigation Access to a registered command-issuing server Registered communication pattern as communication from bot System Administrator ■ KEPCO launched operation of the outbound content security system in August ■ So far, a number of incidents have been detected. Since the results of investigations of the PCs concerned showed that they were infected with malware, the malware was eliminated. The introduction of the outbound content security system has made it possible to discover malware infections from the content of communications, even if the malware is unknown.

p7 Summary and Future Issues ■ Summary The introduction of the outbound content security system has enabled the detection of malware infections even if the malware concerned is unknown and not identified by virus definition files. As a result, it is now possible to discover the fact of malware infection at an early stage and prevent breaches of confidential information. ■ Future Issues The outbound content security system overreacts to and detects even normal communications as communications carried out by malware, resulting in increased system operation workload. => We will determine optimum detection criteria to reduce incorrect detections caused by overreaction of the system.

p8 Special Report Q ＆ A ■ Will standardising communication protocols to support constant exchange of information and control commands between external consumers, their appliances and utilities, help prevent security incidents? => (Answer) No, we don’t think so. We think it will increase the possibility of security incidents. Because - Acquisition of technical skills related to standardising communication protocols is easier than for unique protocols. - Exploitation techniques will also become common knowledge. Q2-1 - Presently Attackers use common communication protocols such as HTTP and FTP to issue commands to or exploit confidential information from PCs they have successfully hacked. - In the future If communication protocols are standardized, the possibility of exploitation by attackers will increase as we see nowadays.