1. 1 Korea status and future plan on spam & hacking complaints August 30, 2001 Hostmaster@nic.or.kr Yong Wan Ju Korea Network Information Center

2. 2 Overview  Discussion Point  Related KRNIC Activities  Korea Government Activities  Points of Issue  Countermeasures  Any Questions ?  Reference Site

3. 3 Discussion Point  How to guide complaint mails on spam & Hacking as National Internet Registry ? APNIC KRNIC Members APNIC WhoisKRNIC Whois Int’l Internet Users Domestic Internet Users Supply Whois information Path of Whois query

4. 4 Related KRNIC Activities  Through cooperation with APNIC oActualized APNIC Whois database –Deleted wrong Whois information –Modified incorrect Whois information CategoryTerm Hacking SpamTotal Average (a day) Port Scan Server Attack Invalid Access Over flow Virus Attack etc.Sum A number of Complaint mail Before Update 2001. 04. 16 ~ 2001. 04. 29 (Two weeks) 56818257107984211,4334251,858132.71 After Update 2001. 07. 18 ~ 2001. 07. 31 (Two weeks) 442703936813139812151,19685.43 Decrease rate12611218711710845221066235.6%

5. 5  Through cooperation with KRNIC Member ISPs oHeld a conference on KRNIC Whois DB actualization oDesignated the staff of each ISP in charge of spam & hacking complaint mails Related KRNIC Activities

6. 6 Korea Government Activities(1)  KISA (Korea Information Security Agency) oResponse hacking and virus incidents oResearch information security related laws and regulations oDevelop system and network security technology oProvide information security education program MIC CERTCC-KR KISA Cyber118 CyberPrivacy Hacking and Virus International Hacking and Virus Domestic Spam

7. 7 Korea Government Activities(2)  CERTCC-KR (Korea Computer Emergency Response Team Coordination Center) oNational Incident Response Coordination Center oTo coordinate the handling of computer security incidents oTo help prevent computer security incidents oTo provide a single trusted point of contact for international computer security incidents  Cyber118 oDomestic Incident Response Coordination Center oInformation Desk  Cyberprivacy oPersonal Data Protection Center

8. 8 Points of Issue  Difficulty of Whois information actualization  Cognition deficiency of hierarchical Whois DB operation  Deficiency of Uniform actions at ISP & governmental level  Non healthy usage culture of Internet users  Deficiency of security consciousness of each system operators

9. 9 Countermeasures - Overview Establish Ideal Internet culture Technical Side Network & System Operator Supply correct Whois Information Legal Side Government ISP Cultural Side Internet Users 1 2

10. 10 Countermeasures - 1  KRNIC oWith APNIC –Discuss insertion of “responsible person object on spam & hacking complaints” on APNIC Whois DB oWith KRNIC Member ISPs –Actualize KRNIC Whois information on ISPs’ assignments periodically under the cooperation with ISPs –Designate responsible person on spam & hacking complaints of each KRNIC member ISP –Guide how to use Whois DB to Internet users oWith Korea Government –Inform present status on spam & hacking complaints and request to make relevant regulations

11. 11 Countermeasures - 2  Legal Side oGovernment : set up Spamming & Hacking regulations oISPs : set forth relevant “article of treaty” for Internet usage  Technical Side oISPs : implement detection system against Spam & Hacking and take technically relevant actions oUsers : enhance security system on inbound & outbound  Cultural Side oAPNIC : inform related resolution procedure in A·P region oKRNIC : inform related resolution procedure in Korea oISPs : Guide good consciousness on Internet usage oUsers : enhance good consciousness on Internet usage

12. 12 Any Questions ?

13. 13 Reference Site  http://www.mic.go.kr http://www.mic.go.kr ohttp://www.kcc.go.kr  http://www.kisa.or.kr ohttp://www.certcc.or.krhttp://www.certcc.or.kr ohttp://www.cyber118.or.krhttp://www.cyber118.or.kr ohttp://www.cyberprivacy.or.krhttp://www.cyberprivacy.or.kr  http://www.krnic.or.kr ohttp://ipwhois.nic.or.krhttp://ipwhois.nic.or.kr  http://www.apnic.net