TXT

Information-technology

By Gladys Graham,2014-05-27 14:58
9 views 0
Information-technology

     本文由ahveebeez贡献

     ppt文档可能在WAP端浏览体验不佳。建议您优先选择TXT?或下载源文件到本机查看。

     Trends in Information Security and Countermeasures in Japan AVAR 2005 November 18, 2005

     Yasuko Kanno, Researcher, IT Security Center InformationInformation-Technology Promotion Agency , Japan (IPA)

     Copyright 2005 独立行政法人 情報処理推進機構

     AVAR 2005 Cyber Security Crimes, Symptoms and the Countermeasures

     Todays Agenda

     1. Introducing IPA and IPA Security Center 2. Trend in information security in Japan

     a) Transition of cyber crimes b) Current status of computer virus c) Threat caused by vulnerabilities

     3. Countermeasures for secure cyber society

     a) Transition of Countermeasures with some legal aspect b) Vulnerability information handling - Information security early warning partnership c) Information Security Governance d) Awareness, Training and Education

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Introducing IPA

     IPA: Information-technology Promotion Agency, Japan InformationIPA was established originally as a Specially-Approved Corporation, based on the Law on Promotion of Information Processing (enacted May 22, 1970, Law No. 90). By amendments enacted on December 11, 2002(Law No. 144), IPA was reorganized to an Incorporated Administrative Agency dated January 5, 2004. Promoting the overall information policy that is responsible for the national information strategy from the field of software .

     ?Software Development Software Development to Promote the Utilization of IT Infrastructure Building for Open-Source Software Next-Generation Software Development Project IT SME Venture Support Project Credit Guarantee Facilities etc. ? Software Engineering Center

     Strengthening International Competitiveness of Software Industry

     Partnerships with International Institutions

     ?Information Security Measures

     IPA Security Center

     Measures Against Vulnerability, Viruses and Unauthorized Computer Access IT Security Evaluation and Certification, Cryptography technology, Research and Study

     ? Developing IT Human Resources

     IT Skill Standards Information Technology Engineers Examination Exploratory Software Project Supporting the Development of Local IT Human Resources

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Activity of IPA Security Center

     IPA/ISEC (Information-technology SEcurity Center)

     Mission: IT Security Enhancement in Japan Establishment: January, 1997 Employees:

Approx. 80 6 Groups

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005

    Trends in Information Security and Countermeasures in Japan

     2. Trend in information security in Japan

     a) Transition of cyber crimes b) Current status of computer virus c) Threat caused

    by vulnerabilities

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005

    Trends in Information Security and Countermeasures in Japan

     Dissemination of IT and E-commerce development

     Dissemination of IT

     High-Speed Internet environment: costs and users Costs dropped to 1/3

     ? 円?

     Transitions in B to B?EC Market Size ?

     (Trillion yen)

     10000 8000

     (Trillion yen)

     7,800Yen

     15 million users 17 times users 2,500Yen

     6000 4000 2000 0

     850,000 users

     2001

     2002

     2003

     2004

     E-Commerce in Japan in 2004

     H16.4 2004.4

     Source: METI

     B to B approx.102.7 trillion yen ?33? increase from the previous year, E-commerce Rate: 14.7?? B to C approx. 5.6 trillion yen ? 28? increase, from the previous year, E-commerce Rate: 2.1?? C to C?internet auction? approx. 7,800

    billion yen

     H13.3 2001.3

     Source: METI

     http://www.meti.go.jp/policy/it_policy/statistics/outlook/ie_outlook.htm

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005

    Trends in Information Security and Countermeasures in Japan

     Transition of numbers : Cyber crime related arrest

     Breach of Unauthorized computer access law Crime targeted Computer and

    electromagnetic-record Network Abuse Crime

     2000

     2001

     2002

     2003

     2004

     Source: NPA (National Police

    Agency)http://www.npa.go.jp/cyber/statics/h16/h16_22.html

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Cyber crime related arrest in 2004

     Network Abuse Crime: 1,884 arrested case. Ca.91% of all the arrested cases Many cases are fraud on the internet auction. One example; Exhibit PC for sale on the internet auction site, swindle totally \37million from 162 bidder. (Jan, 2004) Breach of Unauthorized computer access law : 142 cases. Ca.7% One example; Using other person

    s ID, password, exhibit fictitious goods for sale, swindle totally \9million from 76 bidder. (Feb, 2004) Crime targeted Computer and electromagnetic-record : 55 cases. Ca.3% One example; Commited Unauthorized access into internet auction site, illegally transfer \5.1 million from other persons account to his bank account under a false

    name. (Feb, 2004. Breach of unauthorized computer access law also.)

     Note: Under the network abuse crime, following crime are also included > Breach of the copyright law : 174 arrested case, 2times more than that of 2003 > Child prostitute, pornography : 455 arrested case, 1,4times more than that of 2003 Source: NPA (National Police Agency) http://www.npa.go.jp/cyber/statics/h16/h16_22.html

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Transition of numbers:

     Cyber crime related consulting service provided by NPA

     Others Unauthorized access, virus Defamation, slander Spam

     Spread of harmful information

     Internet auction Fraud

     2000

     2001

     2002

     2003

     2004

     Source: NPA (National Police Agency)

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Transition of Cyber Crimes

     Tech Freaks to Propaganda to Fraud on Attackers Objectives Net Damages

     Loss of Data Systems Compromise

     Viruses Worms Trojan Horses

     Fun

     Fame In the Dark Side Political Messaging Becoming Someone Else Stealing Goods & Money

     Real Damages

     Systems Down Network Crash Web Compromise Business Halt ID Theft Monetary Damages Personalized Attack

     BOTs Phishing ID Frauds

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Personalized attack to a internet banking user

     Swindle from a internet banking account using Spyware (July 2005)

     A claim mail was sent to an owner of internet shopping site. The mail claimed that the goods was broken and request to replace it. When the owner opened the attached photo file to confirm the broken goods, there was no photos seen. At the very moment he opened the file a keylogger was installed in his PC. The keylogger collected data, sent the criminal ID and password of the owners internet banking account. Using

    this the criminal swindled ca. \5million yen form the owners account. (There are

    several similar cases) the criminal

     Claim Mail

     Internet shopping site owner

     A man was arrested on Nov 2005

     Attached file: a spyware, not a photo

     The goods bought on your site was broken. Please replace it. Confirm the broken goods with the photo attached in this mail !

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     为了帮助保护您的隐私?PowerPoint 禁止自动下载此外部图片。若要下载并显示此图片?

    请单击消息栏中的 “选项”?然后单击 “启用外部内容 ”。

     Transition in Numbers of Virus Reports by year

     The number of virus reports in the year of 2005 is further exceeded than that of 2004.

     (Source:

    http://www.ipa.go.jp/security/english/virus/press/200508/virus200508-e.html)

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Transition in Numbers of Virus Reports by month

     (Source:

    http://www.ipa.go.jp/security/english/virus/press/200508/virus200508-e.html)

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Trend of Worst 7 Virus During Apr.04 Sep. 05

     http://www.ipa.go.jp/security/english/virus/press/200509/virus2005-3Q.html

     W32/Mytob which possesses bots functionality has been increasing. Now numbers reported for it is rightly after following the W32/Netskys.

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     The Trends of Computer Viruses

     1. Viruses proliferate rapidly through massive mailings

     W32/Netsky spread rapidly using a mass-mailing method and abusing vulnerabilities. This virus grew to the highest (worst) numbers reported for it in the successive 20 months following March 2004. (Recently gradually decreasing)

     2. Increasing threat of bots

     W32/Mytob which posses bots functionality has been increasing. Now numbers reported for it is rightly after following the W32/Netskys.

     3. Virus increases which steals user's private information

     Try to steal users private information by installing a backdoor, key logger, using phishing method, via P to P network (W32/Antinny abuse Winny network)

     4. Many viruses abuse both mail functions and vulnerability. 5.The tactics of viruses to fool users have become more crafty.

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     The worst 10 Viruses Reported in Year 2004 and 2003

     Name of Virus W32/Netsky W32/Bagle W32/Mydoom W32/Klez W32/Lovgate W32/Swen W32/Bugbear W32/Mimail W32/Zafi VBS/Redlof Other Viruses Total 2004 15,895 4,838 4,388 3,498 2,569 1,776 1,727 1,629 1,557 1,162 13,112 52,151 2003 4,538 165 1,673 1,602 883 803 7,761 17,425 Abuse Mail Function Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Abuse Vulnerabilities Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

     Source: IPA Computer Virus Annual Reports for 2004

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     From vulnerability reports received by IPA: Software vulnerability by type

     Majority in client applications

     No.1 : Web browser No.2 : Mail client software No.3 : Web application builder

     12% 3% 3% 3% 4% 6% ( 5%) 14% ( 14%) 8% ( 11%) 24% ( 31%)

     W eb B rouser M ai C lent Softw re l i W eb A pplcati B uider i on l G ropuw are A nti V i Softw are rus System A dm i Softw are n O perati System ng SSL-V PN Softw are R eference System N am e D i rectory Server O thers

     10% ( 9%)

     13% ( 9%)

     Since initial acceptance of reporting :Jul, 2004 to Sep, 2005( 2005(under 77 reports) )

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Vulnerability reports :Threat caused by software vulnerabilities

     No.1 Threat :Execution of Voluntary Scripts : 24% No.2 Threat : Spoofing: 13% No.3 Threat : Leakage of Authentication Information: 12%

     Execution of Voluntary Scripts --24%

     1% 1%

     Spoofing --13%

     1%

     3% 3% 5%

     1%

     1%

     Leakage of Authentication Information --12% Disabled Services --10%

     24%

     Leakage of Information --9% Application Ends in Anomaly State --8%

     8%

     Access to Voluntary Files --8% Execution of Voluntary Codes --5% Depletion of Source --3%

     8% 13%

     Unavailable to Confirm Certificate --3% Leakage of Information Setup --1% Session High-Jacking --1% Alteration of Prices, etc. --1%

     9% 10% 12%

     Unauthorized Communication Relay --1% Execution of Voluntary Commands --1%

     Since initial acceptance of reporting :Jul, 2004 to Sep, 2005( 2005(under 77 reports) )

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Vulnerability reports : Web application vulnerability by type

     No.1 : Cross Site Scripting is the most serious issue No.2 : SQL Injection No.3 : Unchecked path parameter

     1% 1% 2% 2% 3% 3% 4% 4% 6% (2%) 42% ( 46%) 2% 1% 1% 1% 1% 1% 1% C ross S i S cri ng te pti S Q L I ecti nj on U nchecked P ath P aram eter I proper D N S S erver M anagem ent m H T T P R esponse S plt i U ni ntended Fie D i osure l scl Al terabl P ri or other V al e ce ues D efect i S essi M anagem ent n on Di rectory T raversal Evadabl A ccess C ontrol e O pen P roxy I properl changeabl securi setti m y e ty ngs R el of thi party em ais ay rd l I nsecure use of H T T P S C ross S i R equest Forgery te I proper defaul apssw ord m t S S I I ecti nj on U nappropri Error H andlng ate i

     8% (10%) 16% (8%)

     Since initial acceptance of reporting :Jul, 2004 to Sep, 2005( 2005(under 357 reports) )

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Vulnerability reports :Threat caused by web application vulnerabilities

     No.1 Threat : Leakage of cookie information: 26% No.2 Threat : Falsification or destruction of data: 20% No.3 Threat : Presentation of forged information on legitimate site: 15%

     Leakage of cookie information: 26% Falsification or destruction of data: 20% 2.0% 2.0% 3.0% 4.0% 6.0% 2.0% 26.0% 1.0% 1.0% Presentation of forged information on legitimate site: 15% Leakage of file in web server: 10% Leakage of personal information: 8% Insertion of false DNS information: 6% Replacement of web cashe with false information: 4% Lowering of uers' security levels: 3% 8.0% Steppingstone:

    2% Unauthorized utilization of mail system: 2% Spoofing : 2% Leakage of server implementation information: 1% Others: 1%

     10.0% 15.0%

     20.0%

     Since initial acceptance of reporting :Jul 2004 to Sep 2005( 2005(under 357 reports) )

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Trends from unauthorized accesses report/ intrusion, phishing, fraud, malicious programs.

     Unauthorized access abusing web application vulnerability

     1. Web server hijacking Use as phishing site (Phishing sites which spoofs Japanese banks appears) 2. Unauthorized access to web server and installed virus, as the result, user download virus just browse the site. Temporary close the site (May, 2005)

     3. Password cracking to the SSH port, intrusion to the web server Many spywares, malicious programs and monetary damage

     1. Spyware was installed, IDs and passwords for internet-banking stolen, the money was transferred to the other account. 2. Spyware was installed when an image was downloaded from an adult site. Then the email address was stolen, and the demand emails for the payment are continually sent.

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Some legal aspect over identity information leakage

     Law for the Protection of Personal Information, prescribing the

     duties for the proper handling of personal information) was enacted (April, 2005?. ? Recent days various incident reported on the TV and newspaper:

     March 2004: Leakage of ca. 300 thousand pieces of client information from a large mail-order house. The company apologized for causing such a big leakage case and temporarily stopped their business activities through TV, etc. The sales loss from this voluntarily restraint was estimated to be about \3 billion. February 2004: Leakage of ca. 4.6 million pieces of client information from a large internet provider; it sent out \500 vouchers to all of those clients to express an apology. The cost of these vouchers sum up to about \4 billion.

     Causes of identity information leakage: some are identity theft, some are mistakes or negligence. The result can end up possible bankruptcy of the company.

     The status of Information Security measures affects the reliability of companies

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     3. Countermeasures for secure cyber society

     a) Transition of Countermeasures with some legal aspect b) Vulnerability information handling - Information security early warning partnership c) Information Security Governance d) Awareness, Training and Education

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Transitions of countermeasures

     Transitions in Attackers Objectives

     1990s?Script kiddie, Fame In the Dark Side, Fun 2000??Attacks Abusing

    Vulnerability, Damage in Large-scale 2004??Shifted to Economical and Political

    Purpose. Fraud, Especially, monetary damages are outstanding recently.

     Law for the Protection of Personal Information: enacted April 2005 Transitions

in purposes of information security countermeasures 2-3 years ago? Protect your own

    information

     ?Protection from Virus and Unauthorized accesses)

     Present?Compliance with the law Corporate Social Responsibility?CSR?, BCP

     (The necessity for information security measures is being mentioned from the aspect of the proper risk management of companies. Various aspects: technical, organizational management, compliance, BCP„„)

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Shift in IT Society and Transition of Legal Responses

     Laws for Controlling Cyber Crimes: Law for Prohibiting Unauthorized Computer Access, Penal Law, etc. Law Sustaining Smooth e-Business Transaction: Law for e-Signature Authentication, Law for e-Documentation Privacy Protection : Law for Protecting Personal Information Law for Copyright Protection Restrictive Measures against Unwanted Mails

     Exclusive System 専用システム

     Large/Versatile Machine 大型?汎用機

     Restrictive Measures against Unwanted Mails (Law for designated trading) e-contract law for consumers Liability law for providers Law protecting personal information Law for e-documentation Amendments for the Act Against Unauthorized Competition (confidentiality in business) Official Personal Certification System

     Ubiquitous ユビキタス

     C/S C/S

     PC ?インターネット PCs/the Internet

     Roles of Information Security Directionality in Information Security Program Organization

     Protection of Eletromagnetic Records (Amendment of Criminal Law: 1987)

     Law for e-Signature Certification e-Certification/notary System Law for Inhibiting Unauthorized Computer Access Law for IT Documentation 社会?経

    済? Collection (2000) 国民生活の Lifelines for Socially/ Copyright Law ライフラ

    イン Economical National Lives (Automatic Public Transmission: 1997) Business Dealings 商取引 Economic Infrastructure Safe Economic Activities 安全な経済活動

    済インフラ

     Safe social Life 安心な社会生活

     Individual

     SMEs

     Source material by METI Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Scales of IT Users ??ユーザの規模 National Security Scientific Technology

    家安全保障 Computation 科学技術計算

     Protection of Confidential 軍事機密の保護 Military Information

     大企業

     Large Enterprises

     Efficiency in Business 業務効率化 Advantageous in 競争優位 Competition

     Secured/ ネットワーク 安全?高信頼 Ensuring the AvailabilityNetwork Highly Confidential セキュリティ 企業システム Security in Operation の稼動 of Enterprise

    Systems の可用性確保

     Ensuring the Availability 重要インフラ of Critical Infrastructure の可用性確

    

     企業の Enterprise

     電子政府 E-Government セキュリティ Security

     金融、運輸、エネルギー等

     Finances, Logistics, Energies, etc. Government

     政府

     1950 Yr. 1950

     Yr. 2000 2000

     Changes in Information Security and METIs Response

     Threat 1990 Floppy infection type virus Spread of password decoding tool 2000 E-mail attached virus Easy acquisition of attacking tools on the Internet 2003 Vulnerability to viruses and worms 2004 Spyware Phishing 2005 Bot

     Information scams for economic gain Attack through systematic, distributed and multiple methods

     Phenomenon

     Crime for pleasure Restricted infection Intrusion into specific sites Extensive infection through the Internet Homepage manipulation DoS attack

     Analysis 1st stage

     ?Spread of PCs ?Criminal display of ability for pleasure ?Restricted damage

     Policy of METI

     Causes are confirmed after damage. Restriction of damage.

     Report system of virus and illegal access

     By circulating damage reports, expansion of damage is prevented.

     2nd stage

     Real time recognition ?Spread of the Internet and analysis of ?Large scale

    damage ?Progress of attack causes. information sharing Restriction of damage. Recognition of uses in advance. Suppressio n and restriction of damage.

     Fixed point observation on the Internet

     Real time detection of disorder on the Internet

     Rapid and large scale infection and serious damage with spread of the Internet

     3rd stage

     ?Exposure of software vulnerability ?Sophisticated viruses and worms

     Establishment of early warning system

     With secure circulation of vulnerability information among experts, countermeasures are supplied rapidly to users.

     4th stage

     Teamwork with ISPs. ?Economic motive Suppression (pretense, fraud) and ?Progress of systematic restriction of and distributed attacks damage ?Advanced

    and with overall multiple attacks measures.

     Enhancement of early warning system

     Anti-Bot measures, Phishing measures conference

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Virus and Unauthorized Access Reports

     ? Virus & Unauthorized Access Countermeasures Group

     IPA was designated as the formal organization to receive reports on computer viruses and unauthorized access from throughout Japan by "The Computer Virus Prevention Guidelines" and "The Unauthorized Computer Access Prevention Guidelines".

     Shift in Number for Virus Reports by Year

     60,000

     50,000

     Netsky virus variants emerged over and over. Virus variants which exploit security holes emerged as well. Viruses (MSBlaster, Welchia) exploiting security holes emerged and spread rapidly.

     2 4 ,2 6 1

     5 2 ,1 5 1

     Assessing the damage caused by computer viruses and unauthorized access Consulting services virus@ipa.go.jp

     40,000

     30,000

     20,000

     Viruses (Klez) exploiting security holes spread rapidly. Viruses using Japanese into subject (Fbound) emerged.

     3 ,6 4 5

     2 0 ,3 5 2 1 7 ,4 2 5

     1 1 ,1 0 9

     10,000 4 ,8 8 0 14 0 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 57 253 897 1 ,1 2 7 2 ,3 9 1 668 755 2 ,0 3 5

     Monthly press release of information about reports and countermeasures http://www.ipa.go.jp/security/index-e.html

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

     Unauthorized Access Status Captured by the Internet Monitoring system (TALOT2)

     Transition of unwanted (one-sided) access numbers per port (April to September, 2005) pril

     50000 45000 40000 35000 30000 25000 20000 15000 10000 5000 0 Other 1025(TCP) 4899(TCP) 137(UDP) Ping(ICMP) 1433(TCP) 1027(UDP) 1026(UDP) 139(TCP) 445(TCP) 135(TCP)

     4/ 1 4/ 11 4/ 21

     5/ 1 5/ 11 5/ 21 5/ 31 6/ 10

     6/ 20 6/ 30 7/ 10 7/ 20 7/ 30

     8/ 9 8/ 19 8/ 29

     Copyright 2005 Information-technology Promotion Agency, Japan (IPA) AVAR 2005Trends in Information Security and Countermeasures in Japan

Report this document

For any questions or suggestions please email
cust-service@docsford.com