300 likes | 406 Views
by Farrukh Naghman Student ID: 42601800. Evaluating the Feasibility of a Pakistan Honeynet Node. Supervisor Milton Baar. Agenda. Aim Reviewing the Methodology Adopted Introduction Literature Review Analysing the Cyber Threat Evaluating the Feasibility of a Honeynet Node in Pakistan
E N D
by Farrukh Naghman Student ID: 42601800 Evaluating the Feasibility of a Pakistan Honeynet Node Supervisor Milton Baar
Agenda • Aim • Reviewing the Methodology Adopted • Introduction • Literature Review • Analysing the Cyber Threat • Evaluating the Feasibility of a Honeynet Node in Pakistan • Recommendations • Conclusion Evaluating The Feasibility of a Pakistan Honeynet Node
Aim To review and analyse literature of the honeynet project and to evaluate its use in setting up a Pakistan node Evaluating The Feasibility of a Pakistan Honeynet Node
Reviewing the Methodology Adopted For the comparative analysis, I selected • Pakistan as a model developing country, and • Australia as a model developed country. For both these countries, I • compared the statistics of Internet attacks, • identified and compared existing security measures. And lastly, I carried out the feasibility of implementing a honeynet node in Pakistan. Evaluating The Feasibility of a Pakistan Honeynet Node
In this section, I shall discuss facts about Internet, fundamentals of cyber crime and security, and the problem statement Introduction Evaluating The Feasibility of a Pakistan Honeynet Node
Facts about Internet • The Internet is now fully integrated into daily commercial and personal lives; over 30% of the world population uses the Internet • A by-product of the increased public awareness of Internet is an increase in cybercrime • John Walker Crime Trends Analysis estimated the cost of cyber crime in Australia to be $US1.2 billion per year Evaluating The Feasibility of a Pakistan Honeynet Node
Fundamentals of Cyber Crime and Security Cyber Crime is defined as: “Any violation which involves the use of computer either standalone or connected to a computer network either a small scale system or system with a global reach, that is, Internet against computers or computer systems and technology enabled crime” – House of Representative, Standing Committee on Communications, The Parliament of Commonwealth of Australia, June 2010 Evaluating The Feasibility of a Pakistan Honeynet Node
Fundamentals of Cyber Crime and Security - continued • Conventional cyber-security techniques include:- • Software firewall • Hardware firewall • Anti-malware • Characteristics are:- • Defensive by design • Non-proactive Evaluating The Feasibility of a Pakistan Honeynet Node
Fundamentals of Cyber Crime and Security - continued • Modern cyber-security techniques include:- • Intrusion detection system (IDS), which inspects network activity for suspicious patterns • Intrusion prevention system (IPS), which is a pre-emptive approach to identify potential threats • Honeypot, which is a trap for hackers • Honeynet is a network of honeypots • Characteristics are:- • Offensive by design • Proactive Evaluating The Feasibility of a Pakistan Honeynet Node
Problem Statement • A by-product of the increased public awareness of Internet is an increase in cybercrime. • In developed countries deployment of proactive cyber-security solutions is on the rise. • In developing countries, however, computer networks are still equipped with conventional solutions that are not proactive by design. • Cybercrimes have no boundaries so efforts to mitigate these crimes should also be similar across the world. What should be happening? What is actually happening? Evaluating The Feasibility of a Pakistan Honeynet Node
In this section, I shall enumerate the sources that I examined for the project describe the methods used to explore the sources Literature Review Evaluating The Feasibility of a Pakistan Honeynet Node
Sources Examined Australian Sources Pakistani Sources Federal Investigation Agency (FIA), Government of Pakistan National Response Centre for Cyber Crimes (NR3C), FIA Pakistan CERT Pakistan Honeynet Project Rewterz Pakistan Other sources from the Internet Express Tribune Daily Times, and Pro Pakistani • Cyber Security Operations Centre (CSOC), Defence Signals Directorate (DSD) • Australian Crime Commission • Australian Institute of Criminology • Australian Federal Police • Australian CERT • Australian Honeynet Project • SCAMwatch, The Australian Competition and Consumer Commission (ACCC) Evaluating The Feasibility of a Pakistan Honeynet Node
Methods Used to Explore the Sources • Finding academic and non-academic data from the sources of information • Communicating with Australian and Pakistani sources to collect information • Exploring blogs, forums and other websites related to cyber security Evaluating The Feasibility of a Pakistan Honeynet Node
In this section, I shall review Australian and Pakistan cyber threat, and discuss efforts done by Australia and Pakistan regarding cyber-security Analysing the Cyber Threat Evaluating The Feasibility of a Pakistan Honeynet Node
Australian Threat Review • The Australian Crime Commission (ACC) Conducted survey in Australia in 2008; 14 per cent reported computer security incidents amounting to a financial loss estimated up to $649 million. • The Australian Institute of Criminology (AIC) Evaluating The Feasibility of a Pakistan Honeynet Node
Australian Threat Review – continued • AusCERT – Australian CERT • SCAMwatch - by the Australian Competition and Consumer Commission (ACCC) Recorded following scams in the year 2012 • Scratchie cards • Carbon price scams • Phone scams Evaluating The Feasibility of a Pakistan Honeynet Node
Efforts by Australia • Australian government announced E-Security review on 2 July 2008. • Prime Minister of Australia Hon. Kevin Rudd MP in his first national security statement to the Parliament, on 4 December 2008, identified the cyber-security as one of the top most national priorities. • Australian Government Cyber Security Strategy was formulated • AG Cyber Security Strategy turned out to be the backbone of Australian Cyber Security Policy Evaluating The Feasibility of a Pakistan Honeynet Node
Efforts by Australia - continued • The Cyber Security Policy resulted in the establishment of:- • Australia’s National CERT1(CERT Australia) • Cyber Security Operations Centre (CSOC) • Australian Honeynet Project - a step towards securing Australian cyber space 1 Computer Emergency Response Team Evaluating The Feasibility of a Pakistan Honeynet Node
Pakistan Threat Review • Rewterz gives map of Pakistan based sources of malware • Cyber-warfare in the Southeast Asian region • Major players are India and Pakistan • Recently, involvement of Bangladeshi greyhats have been found • Most of the incidents include websites defacement • Recently few incidents also reported data-leaks Evaluating The Feasibility of a Pakistan Honeynet Node
Pakistan Threat Review - continued • Microsoft Security Intelligence Report • Pakistan placed among the countries with high malware detection in the third and fourth quarters of year 2011 • Microsoft places Pakistan among the five locations with the largest ‘Computers Cleaned per Mile’ (CCM) increases Microsoft Security Intelligence Report Volume 12 July through December, 2011 Evaluating The Feasibility of a Pakistan Honeynet Node
Efforts by Pakistan • Electronic Transaction Ordinance was passed by the Government of Pakistan in 2002 • Prevention of Electronic Crime Ordinance was passed by the government in 2009 • National Response Centre for Cyber Crimes (NR3C) was established under Federal Investigation Agency (FIA) to deal with cyber crimes • NR3C is operating with ten different wings Evaluating The Feasibility of a Pakistan Honeynet Node
Efforts by Pakistan - continued • Pakistan CERT was performing as national CERT till 2010 but has been inactive after the establishment of NR3C CERT. During the course of the project the websites content has not changed. Evaluating The Feasibility of a Pakistan Honeynet Node
Efforts by Pakistan - continued • Pakistan Honeynet is also an independent, non-profit organization but as the website reflects, this project appears to be inactive Evaluating The Feasibility of a Pakistan Honeynet Node
Honeynet analysis Existing facilities Benefits of existing facilities Final findings of the analysis Evaluating the Feasibility of a Honeynet Node in Pakistan Evaluating The Feasibility of a Pakistan Honeynet Node
Honeynet Analysis • Existing Facility, Modus Operandi and Capabilities • A National Honeypot by NR3C – FIA is a welcome step in the right direction but there is still many things to do • Official website of NR3C is being hosted from central server that is running from outside Pakistan; it requires strict policies to ensure Confidentiality, Integrity and Availability of resources • Pakistan honeynet project is a much needed step but it is not as active as compared to its competitive model, that is, Australian honeynet project Evaluating The Feasibility of a Pakistan Honeynet Node
Honeynet Analysis - continued • Pakistan honeynet project is being hosted from the Honeynet Project’s central server, located in United States of America • To confirm the location of the servers, I ran few simple Network Scanning checks Evaluating The Feasibility of a Pakistan Honeynet Node
Honeynet Analysis - continued • Benefits of existing facilities • Pakistan’s cyberspace has started getting equipped with modern and sophisticated techniques • Government and private sectors are concerned about the rising Internet fraud and other threats • In 2010 more than 312 cases were registered in different categories of cyber-crimes. Most of the crimes are related to the defacement of websites but few cases have been registered where data-leak was observed • There are signs of improved public awareness Evaluating The Feasibility of a Pakistan Honeynet Node
Final Findings • Pakistani establishment is operating without cyber-security law • Pakistani agencies are not in communication with the honeynet project • Pakistani CERT and honeynet projects are inactive • Pakistan agencies do not own independent honeynet node • The Australian honeynet project is also hosted from Pennsylvania, Wayne, US but AFP is running its private honeypot • Unlike Pakistani honeynet, Australian honeynet project shares information with Australian law enforcement agencies Evaluating The Feasibility of a Pakistan Honeynet Node
Pakistan needs to reinstate cyber security law Pakistan government should develop info sharing with the honeynet project NR3C should deploy honeypot independently NR3C must not operate honeypot without having requisite expertise Pakistan needs her national CERT to be active Government must have a check over private security solution providers Government must ensure improved general awareness Recommendations Evaluating The Feasibility of a Pakistan Honeynet Node
Cyber-Security is a must … Basic cyber security model … Implementing National Security … Thank You ! Summary of the project Concluding remarks Questions Today, Internet means social interaction Social interaction means implicit trust that anybody can exploit easily Cyber criminals are increasingly employing sophisticated techniques This is the responsibility of the government to harness the full range of resources to help protect government, business and individual Australians Conclusion Evaluating The Feasibility of a Pakistan Honeynet Node