270 likes | 421 Views
PRESENTAION OUTLINE. THE PRESENTATION WILL CENTRE ON: OVERVIEW OF CLOUD COMPUTING CLOUD COMPUTING – WHAT IS IT? Conceptual & definitional Issues SECURITY ISSUES (Public, Enterprise/Private) Engaging the Challenges with CERTs Readiness Conclusion And Recommendation.
E N D
PRESENTAION OUTLINE THE PRESENTATION WILL CENTRE ON: • OVERVIEW OF CLOUD COMPUTING • CLOUD COMPUTING – WHAT IS IT? • Conceptual & definitional Issues • SECURITY ISSUES (Public, Enterprise/Private) • Engaging the Challenges with CERTs Readiness • Conclusion And Recommendation
Overview of Globalised Cyberspace Globalised Digital Entrapment • Today, the world is constructing a Digital Web – which in ‘architectural -construct’ is not too different from the natural Spider-web. • It can therefore be rightly said therefore that Man has become entrapped in its own techno-knowledge dynamics? • Some of the most critical cyber crimes are: • Insiders, Hackers (or "crackers"), "Hacktivism." Or Political Hacking, Criminal Groups, • The Phonemasters', Internet Fraud, Foreign intelligence services. Information Warfare, • Virus Writers, Internet Fraud, Identity Theft, Child Pornography, Terrorists and many more! • Recognizing this emerging problem, the US Vice-President Al Gore asked the Attorney General on February 26, 1999, to study the problem and to report back with recommendations on how to protect people from this threat. • It is estimated that identity theft has become the fastest-growing financial crime in America and perhaps the fastest-growing crime of any kind in that society. With Identity Theft, questions often asked is: • Is There Another You?:
Conceptual & Definitional Issues • Cloud computing is a paradigm shift influenced by the shift from “Mainframe” to “Client-Server” in the early 1980s. • Cloud computing describes a new Roadmap for user needs, consumption, and delivery model for IT services based on the Internet. • It typically involves “Internet-centric” and dependent provision of dynamically scalable and often “virtualized” resources.
Cybersecurity: Nature of the Problem • The Nature of the Problem - Crime of the new millennium. • Cybercrime and in particular – Digital Espionage and Identity theft have been referred to by some as the crime of the new millennium. • It can be accomplished anonymously, easily, with a variety of means, and the impact upon the victim can be devastating. Identity theft is simply the theft of identity information such as a name, date of birth, Social Security number (SSN), or a credit card number. • Victims of identity theft often do not realize they have become victims until they attempt to obtain financing on a home or a vehicle. Only then, when the lender tells them that their credit history makes them ineligible for a loan, do they realize something is terribly wrong.
THE CLOUD CRITICAL ISSUES : ( SaS) • Cloud application services or “Software as a Service(SaaS)" deliver Software Solutionsas a service over the Internet,eliminating the need to install and run the application on the customer's own computers and simplifying maintenance and support. • People tend to use the terms ‘SaaS’ and ‘cloud’interchangeably. However, they are 2 different things. Key characteristics include: • Network-based access to, and management of, commercially available (i.e., not custom) software • Activities that are managed from central locations rather than at each customer's site, enabling customers to access applications remotely via the Web • Application delivery that is typically closer to a one-to-many model (single instance, multi-tenant architecture) than to a one-to-one model, including architecture, pricing, partnering, and management characteristics • Centralized feature updating, which removes the need for downloadable patches and upgrades.
CLOUD Infrastructure • Cloud infrastructure services, also known as "Infrastructure as a Service (IaaS)", delivers computer infrastructure - typically a platform virtualization environment - as a service. • Rather than purchasing servers, software, data-center space or network equipment, clients instead buy those resources as a fully outsourced service. • Suppliers typically bill such services on a utility computing basis and amount of resources consumed (and therefore the cost) will typically reflect the level of activity. • IaaS evolved from virtual private server offerings.
Security in the Cloud? • Centralized Security Issues of Cloud Computing • Could improve due to centralization of data,increased security-focused resources, etc. • But concerns can persist about loss of control over certain sensitive data, and the lack of security for stored kernels. • Security is often as good as or better than under traditional systems, in part because providers are able to devote resources to solving security issues that many customers cannot afford. • Providers typically log accesses, but accessing the audit logs themselves can be difficult or impossible. • Furthermore, the complexity of security is greatly increased when data is distributed over a wider area and / or number of devices.
Managing the Risks In the Cloud • Most cloud computing infrastructures consist of services delivered through common centers and built on servers. • Clouds often appear as single points of access for consumers' computing needs.
CYBERCRIME:HOW MUCH DO WE KNOW • Security researchers said they have discovered software capable of stealing information installed on computers in 103 countries from a network that targeted government agencies. • The software infected more than 1,200 computers, almost 30% of which were considered high-value targets, according to a report published Sunday by Information Warfare Monitor, a Toronto-based organization. • China Journal: China Responds to Attack Reports • Information Warfare Monitor report: "Tracking GhostNet" • A report by researchers at Cambridge University: "The snooping dragon"
Cyber Attacks and Warefare • Is the Digital World is Under siege? • Today, there are now more Cybers–espionage attacks in the global cyberspace than virus attacks! • Apparent attacks suggest that cyberespionage is on the rise. • Few years ago, Kevin Chilton, commander of the U.S. Strategic Command, said military computer networks are increasingly coming under attack from hackers trying to steal information, many of whom he said appeared to have ties to China. (China had denied this). • The number of targeted attacks suspected of being espionage attempts detected by researchers at MessageLabs, a division of Symantec Corp., jumped from one or two per week in 2005 to an average of 53 a day in 2008. • Among the affected computers were those in embassies belonging to Germany, India, and Thailand, ministries of Iran and Latvia, and a computer network operated by critical organization around the world.
CYBER ATTACKS • In the attacks tracked by the Canadian researchers, the installed software provided near-complete control over the victims' computers. • Attackers could steal files, capture passwords, and even activate a Web camera.
Technical Challenges: Legal • The challenges that law enforcement agencies face in the battle with cybercrime generally being divided into three categories: • a) Technical challenges that hinder law enforcement's ability to find and prosecute criminals operating online; • b) Legal challenges resulting from laws and legal tools needed to investigate cybercrime lagging behind technological structural, and social changes; and • c) Operational challenges to ensure that we have created a network of well-trained, well-equipped investigators and prosecutors who work together with unprecedented speed - even across national borders.
UNDERGROUND SERVER MARKETS • The availability of an underground market in which to sell stolen digital information provides criminals with more financial incentives to offend. • The chart following shows the main locations of servers hosting such underground markets, with 58 percent located in north America and 39 percent in western Europe (Symantec 2007), as might be expected in countries with extensive computer infrastructure.
LOCATION OF UNDERGROUND SERVERS Source: Adapted from Symantec 2007:
CYBER ATTCAKS Some of these are obviously more significant than others. • The theft of national security information from a government agency or the interruption of electrical power to a major metropolitan area have greater consequences for national security, public safety, and the economy than the defacement of a web-site. • But even the less serious categories have real consequences and, ultimately, can undermine confidence in e-commerce and violate privacy or property rights. • A website hack that shuts down an e-commerce site can have disastrous consequences for a business. • An intrusion that results in the theft of credit card numbers from an online vendor can result in significant financial loss and, more broadly, reduce consumers' willingness to engage in e-commerce. • Because of these implications, it is critical that we have in place the programs and resources to investigate and, ultimately, to deter these sorts of crimes”.
Evaluation of Cybersecurity Viewpoints The followings are the critical view-points worthy of consideration: • Technology Viewpoint • Advances in high-speed telecommunications, computers and other technologies are creating new opportunities for criminals, new classes of crimes, and new challenges for law enforcement. • Economy Viewpoint • Possible increases in consumer debt may affect bankruptcy filings. • Deregulation, economic growth, and globalization are changing the volume and nature of anticompetitive behavior. • The interconnected nature of the world’s economy is increasing opportunities for criminal activity, including money laundering, white-collar crime and alien smuggling. • Government Viewpoint • Changes in the fiscal posture or policies of state and local governments could have dramatic effects on the capacity of state and local governments to remain effective law enforcement partners.
Evaluation of Cybersecurity Viewpoints • Globalization Viewpoint • • Issues of criminal and civil justice increasingly transcend national boundaries, require the cooperation of foreign governments, and involve treaty obligations, multinational environment and trade agreements and other foreign policy concerns. • Social-Demographic Viewpoint • • The numbers of adolescents and young adults, now the most crime-prone segment of the population, are expected to grow rapidly over the next several years. • The Unpredictable Viewpoint • • The Global War on Terrorism requires continual adjustments to new conditions. The Department is determined to proactively confront new challenges in its effort to protect the Nation. • • Response to unanticipated natural disasters and their aftermath, which require the Department to divert resources in an effort to deter, investigate and prosecute disaster-related federal crimes such as charity fraud, insurance fraud and other crimes. • • Changes in federal laws may affect responsibilities and workload. • • Much of the litigation caseload is defensive. T
CLOUD ACTIVITIES AND THREATS • A multitude of threats exist for mobile devices, and the list will continue to grow as new vulnerabilities draw the attention of malicious actors. This paper provides a brief overview of mobile device malware and provides information on the following threats to mobile devices: • Social engineering; • Exploitation of social networking; • Mobile botnets; • Exploitation of mobile applications; and • Exploitation of m-commerce
COMMERCIAL SPY SOFTWARE • FlexiSpyis commercial spyware sold for up to $349.00 per year. • Versions are available that work on most of the major smartphones, including Blackberry, Windows Mobile, iPhone, and Symbian-based devices. • The following are some of the capabilities provided by the software
SPY SOFTWARE CAPABILITIES • Listen to actual phone calls as they happen; • Secretly read Short Message Service (SMS) texts, call logs, and emails; • Listen to the phone surroundings (use as remote bugging device); • View phone GPS location; • Forward all email events to another inbox; • Remotely control all phone functions via SMS; • Accept or reject communication based on predetermined lists; and • Evade detection during operation. • FlexiSpy claims to help protect children and catch cheating spouses, but the implications of this type of software are far more serious. • Imagine a stranger listening to every conversation, viewing every email and text message sent and received, or tracking an individual’s every movement without his or her knowledge.
Way Forward Recommendation for Nigeria • Cybercrime is a very serious challenge to Global development endeavor of the New Millennium. This new information order presents a lot of opportunities, benefits and equal risks to the brave new world. • Each nation owes it a responsibility to the world to come up with responses on how to combat Cybercrime. • Private and Public sectors must collaborate to resolve issues of standards and procedures. It has been noticed that the efforts of the Council of Europe on Cybercrime has received International attention. • Need for a Convention on Cyber Crime as multilateral instrument specifically designdedS to address the problems posed by the spread of criminal activity in computer networks.
RECOMMENDATION • Create National Cybersecuritty & Cybercrime Film & Documentary on the critical issues (Positive and Negative) on impact of the Internet on Nigerians and Africans. • Establish Nigeria ‘s IT Presence in the Silicon valley, Bangalore, Israel, Russia, etc. • Establish a Framework for National Software Policy and Legislation • Establish National e-Government Academies at Federal, State and Local Government Levels. • Build and Develop critical mass (Capacities/Capabilities) for Software Code Warriors . Establish a Cybercrime Reporting Centre • Develop Cloud Technology Technical Negotiators Specialists. • Maintain up-to-date software, including operating systems and applications; • Install anti-virus software as it becomes available and maintain up-to-date signatures and engines; • Enable the personal identification number (PIN) or password to access the mobile device, if available; • Encrypt personal and sensitive data, when possible; • Disable features not currently in use such as Bluetooth, infrared, or Wi-Fi; • Set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices; • Use caution when opening email and text message attachments and clicking links; • Avoid opening files, clicking links, or calling numbers contained in unsolicited email or text messages; • Avoid joining unknown Wi-Fi networks; • Delete all information stored in a device prior to discarding it; and • Maintain situational awareness of threats affecting mobile devices. • Anti-virus software exists for some mobile devices, which is one component of a layered