1 / 24

Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany

Analysis of the BotNet Ecosystem Possible impact on Mobile Network Operators (MNO) and a proposal for Communication Service Provider (CSP) to address the security threat CTTE 2011 · 16-18 May, 2011, Berlin, Germany. Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany.

sophie
Download Presentation

Jan Kok Nokia Siemens Networks GmbH & Co. KG Munich Germany

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Analysis of the BotNetEcosystemPossible impact on Mobile Network Operators (MNO) and a proposal for Communication Service Provider (CSP) to address the security threatCTTE 2011 · 16-18 May, 2011, Berlin, Germany Jan Kok Nokia Siemens Networks GmbH & Co. KG MunichGermany Bernhard Kurz Nokia Siemens Networks GmbH & Co. KG Munich Germany Speaker: 101064551 林大慶

  2. Outline Botnet原理與潛在威脅。 Botnet的利益關係與影響。 Solution的架構。 /24

  3. Botnet原理以及潛在的威脅 • Principles of a Botnet • Botnet Statistics • How to create and maintain a Botnet /24

  4. Botnet原理以及潛在的威脅 Principles of a Botnet /24

  5. Botnet原理以及潛在的威脅 • Botnet Statistics /24

  6. Botnet原理以及潛在的威脅 • Botnet Statistics /24

  7. Botnet原理以及潛在的威脅 • How to create and maintain a Botnet • Toolkit-Zeus • Dec. 2009, USD 700 /24

  8. Botnet的利益關係與影響 A. Botnet Ecosystem B. Why is a MNO more affected than a FNO? C. Trends about Mobile Malware D. Predicting the Market Window E. Financial Impact F. Loss of Integrity G. Loss of Profit due to increased Claims /24

  9. Picture 4: Botnet Ecosystem - Roles, Interaction and Money Flow Source: Nokia Siemens Networks Botnet的利益關係與影響 A. Botnet Ecosystem /24

  10. Botnet的利益關係與影響 • B. Why is a MNO more affected than a FNO? • SIM存有用戶特定的資料 • App會存取用戶特定的資料,如社交網路 • 利用行動裝置可以取得用戶的位置information • 使用者不認為自己有責任保護自己的行動裝置 • 行動裝置有多個接面與外界連接 • 能用的頻譜有限,MNO要更嚴格管理他的流量 /24

  11. Botnet的利益關係與影響 C. Trends about Mobile Malware /24

  12. Botnet的利益關係與影響 D. Predicting the Market Window /24

  13. Botnet的利益關係與影響 • E. Financial Impact • 用戶提出索賠,營業利潤減少 • 用戶流失,收益減少 • (A MNO in Germany with an installed base of 39 million subscribers and an annual revenue of EUR 8 billion in 2009) • Network performance三指標 • Loss of Integrity • Loss of Availability (x) • Loss of Stability (x) /24

  14. Botnet的利益關係與影響 • F. Loss of Integrity • 用戶對MNO的保密失去信心 • 預測2012年會增加0.5%的客戶流失率 • 損失EUR74million • (不包括損失信譽或是其他用戶失去信心) /24

  15. Botnet的利益關係與影響 • G. Loss of Profit due to increased Claims • 用戶資料遭到濫用 • Passwords, credit card credentials • EUR 33 million/4years The potential losses are estimated to be the range of EUR 100million over a period of four years(2012 till 2015) /24

  16. Solution的架構 /24

  17. Solution的架構 • Analysis • honeypot • multiple information source • knowledge • addresses, used communication protocols • the structure of the serves that control the Bot • characteristics that can be used to detect malware • suggestions for the disinfection of victims /24

  18. Solution的架構 • Detection • monitor the traffic • packet inspection • the evaluation of traffic attributes /24

  19. Solution的架構 • Mitigation • 鑑定受感染的裝置和客戶 • 通知用戶 • 提供掃毒的資訊 • 自動開啟掃毒工具 • 將收集來的資訊分享給第三方 /24

  20. Solution的架構 • Prevention • 隔離使用者 • 封鎖IP addresses, domains or protocols • 抑制它與C&C serve溝通 • 防止其他裝置再被感染 • 監控 /24

  21. Solution的架構 • Anti-Botnet Operation Center • 負責協調各個模組間的功能,亦能成為第三方的接口,如:與外部專家或其他營運商交換資料 /24

  22. Solution的架構 /24

  23. Solution的架構 • 整合在4G網路中 • 其他方法 • Serving GPRS Support Node(SGSN) • Gateway GPRS Support Node (GGSN) • SMS Service Centre (SMS-SC) /24

  24. Conclusion /24

More Related