Presentation is loading. Please wait.

Presentation is loading. Please wait.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks 2011.11.28 Jeong Min, Lee KISA.

Published byChristal Johnson Modified over 9 years ago

Similar presentations

Presentation on theme: "Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks 2011.11.28 Jeong Min, Lee KISA."— Presentation transcript:

1 Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks 2011.11.28 Jeong Min, Lee KISA

2 Capacity Development Workshop on Public Information Management Contents Korea Cyber Security Framework DDoS Response System –Security Monitoring Center –Detection Tools –DNS Sinkhole –Cyber Cure System for Infected PCs –DDoS Cyber Shelter DDoS Response Case : – 3.4 DDoS in 2011 Korea Cyber Security Framework DDoS Response System –Security Monitoring Center –Detection Tools –DNS Sinkhole –Cyber Cure System for Infected PCs –DDoS Cyber Shelter DDoS Response Case : – 3.4 DDoS in 2011

3 Capacity Development Workshop on Public Information Management Korea Cyber Security Framework

4 Capacity Development Workshop on Public Information Management Cyber Crisis Response Framework President National Center For Crisis Management National Center For Crisis Management Ministry of National Defense Ministry of National Defense Defense Security Command Military Area/each unit Korea Communications Commission Korea Communications Commission KrCERT/CC Critical Infrastructures in Private Sector Critical Infrastructures in Private Sector National Intelligence Service National Intelligence Service KNCERT/CC Critical Infrastructures in Government/Public Sector Critical Infrastructures in Government/Public Sector

5 Capacity Development Workshop on Public Information Management Security Cooperation Framework

6 Capacity Development Workshop on Public Information Management Distributed Denial of Service Attack

7 Capacity Development Workshop on Public Information Management DDoS Attack Response

8 Capacity Development Workshop on Public Information Management Security Monitoring Center

9 Capacity Development Workshop on Public Information Management

10 Capacity Development Workshop on Public Information Management DDoS Nation Wide Anti-DDoS System DDoS Detection system IX(Internet eXchange) Backbone Router A ISPB ISP Ix RuterIX Router Legitimate Traffic IDC, Internet Biz company, Internet Service Provides, etc IDC, Internet Biz company, Internet Service Provides, etc DDoS Attack Traffic Block or Detour Conn ected Block or Detour DDoS Attack Traffic Normal Traffic Conn ected

11 Capacity Development Workshop on Public Information Management Detection Tools: Malicious code analysis(Utilize HoneyNet)

12 Capacity Development Workshop on Public Information Management Web Hacking Malicious Code Detection (MC-Finder) Web Service Provider All Domains registered in Korea (1.8 million) 1. Update detection rule Malicious Code Finding System (MC-Finder) 2.Check hidden malicious URL in website 3. Request to block foreign malicious URL ISP Staff on duty KT T Broad SK Broadband 4. Request to remove malicious URL Malicioius URL (Dissemination, Route) KISA

13 Capacity Development Workshop on Public Information Management DNS Sinkhole : Block BotNet

14 Capacity Development Workshop on Public Information Management Cyber Cure System for Infected PCs 1.Collect infected PC IP Target website DDoS attack 2. Operate cyber cure System ISP 3. Popup window for notification 4. Dedicated vaccine Zombie PC Stop! Cure zombie PC Cyber cure system Download dedicated vaccine

15 Capacity Development Workshop on Public Information Management DDoS Cyber Shelter

16 Capacity Development Workshop on Public Information Management Case Study : Success Story of KR DDoS attack countermeasure by KISA

17 Capacity Development Workshop on Public Information Management Overview of 3.4 DDoS(1) 2011.3.4~ 3.15(about 10 days) Attack Target : 40 institutions –24 Government and Public institutions –9 Financial institutions –7 Portal & Shopping Mall

18 Capacity Development Workshop on Public Information Management March and July DDoS attacks are Similar ClassificationMar 4thJuly 7th # of Zombie PCs116,299115,044 # of Target websites4036 # of Blocked C&C Servers748538 # of Destroyed HDDs7561,466

19 Capacity Development Workshop on Public Information Management March DDoS Method is more Intelligent and destructive than July 3.4 DDoS Attack attempted only attack of disturbing the system network with very high technology, so that this attack is deemed as the testing kind’s prior attack for checking Korea’s state of defense. –(Dmitri Alperovitch, vice president of McAfee, DongA Ilbo Interview dated on July 9, 2011)

20 Capacity Development Workshop on Public Information Management Depending on the response, the attack is continuing to change KISA Response Vaccine distribution via www.boho.or.kr www.boho.or.kr Effective defense against DDoS Attack Hard disk damage prevention guideline Change in Attack Method Block zombie PC’s access to www.boho.or.krwww.boho.or.kr Destroy HDD just after the infection HDD is destroyed even at safe mode booting

21 Capacity Development Workshop on Public Information Management Nationwide Cyber Security Alert System

22 Capacity Development Workshop on Public Information Management DDoS Nation Wide Anti-DDoS System DDoS Detection system IX(Internet eXchange) Backbone Router A ISPB ISP Ix RuterIX Router Legitimate Traffic IDC, Internet Biz company, Internet Service Provides, etc IDC, Internet Biz company, Internet Service Provides, etc DDoS Attack Traffic Block or Detour Conn ected Block or Detour DDoS Attack Traffic Normal Traffic Conn ected

23 Capacity Development Workshop on Public Information Management DDoS Cyber Shelter

24 Capacity Development Workshop on Public Information Management Cyber Cure System for Infected PCs 1.Collect infected PC IP Target website DDoS attack 2. Operate cyber cure System ISP 3. Popup window for notification 4. Dedicated vaccine Zombie PC Stop! Cure zombie PC Cyber cure system Download dedicated vaccine

25 Capacity Development Workshop on Public Information Management Q&A jmlee@kisa.or.kr

26 Capacity Development Workshop on Public Information Management THANK YOU!

Download ppt "Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks 2011.11.28 Jeong Min, Lee KISA."

Similar presentations

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.
Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.

Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.
The shadow war: What policymakers need to know about cybersecurity Eric Miller Vice President, Policy, Innovation, and Competitiveness Canadian Council.

The shadow war: What policymakers need to know about cybersecurity Eric Miller Vice President, Policy, Innovation, and Competitiveness Canadian Council.
Information Security Overview in the Israeli E-Government April 2010 Ministry of Finance – Accountant General E-government Division.

Information Security Overview in the Israeli E-Government April 2010 Ministry of Finance – Accountant General E-government Division.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
------ An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Anomaly Detection and Mitigation. Outline DoS and DDoS Anomaly Detection and Mitigation Systems Cisco DDoS Anomaly Detection and Mitigation Solutions.

Anomaly Detection and Mitigation. Outline DoS and DDoS Anomaly Detection and Mitigation Systems Cisco DDoS Anomaly Detection and Mitigation Solutions.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

Similar presentations

Ads by Google