Evaluating the Feasibility of a Pakistan Honeynet Node by Farrukh Naghman Student ID: 42601800 Supervisor Milton Baar
Dec 25, 2015
Evaluating the Feasibility of a Pakistan Honeynet Node
byFarrukh NaghmanStudent ID: 42601800
SupervisorMilton Baar
Evaluating The Feasibility of a Pakistan Honeynet Node 2
Agenda
• Aim• Reviewing the Methodology Adopted• Introduction• Literature Review• Analysing the Cyber Threat• Evaluating the Feasibility of a Honeynet Node in Pakistan• Recommendations• Conclusion
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 3
Aim
To review and analyse literature of the honeynet project and to evaluate its use in setting up a Pakistan node
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 4
Reviewing the Methodology Adopted
For the comparative analysis, I selecteda. Pakistan as a model developing country, andb. Australia as a model developed country.
For both these countries, I c. compared the statistics of Internet attacks,d. identified and compared existing security measures.
And lastly, I carried out the feasibility of implementing a honeynet node in Pakistan.
11/05/2012
Introduction
In this section, I shall discuss • facts about Internet,• fundamentals of cyber crime and security, and• the problem statement
11/05/2012 Evaluating The Feasibility of a Pakistan Honeynet Node 5
Introduction Literature Review Cyber Threat Analysis Feasibility Study Recommendation Conclusion
Evaluating The Feasibility of a Pakistan Honeynet Node 6
Facts about Internet
1. The Internet is now fully integrated into daily commercial and personal lives; over 30% of the world population uses the Internet
2. A by-product of the increased public awareness of Internet is an increase in cybercrime
3. John Walker Crime Trends Analysis estimated the cost of cyber crime in Australia to be $US1.2 billion per year
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 7
Fundamentals of Cyber Crime and Security
Cyber Crime is defined as:“Any violation which involves the use of computer either standalone or connected to a computer network either a small scale system or system with a global reach, that is, Internet against computers or computer systems and technology enabled crime” – House of Representative, Standing Committee on Communications, The Parliament of Commonwealth of Australia, June 2010
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 8
Fundamentals of Cyber Crime and Security - continued
1. Conventional cyber-security techniques include:-a. Software firewallb. Hardware firewallc. Anti-malware
2. Characteristics are:-a. Defensive by designb. Non-proactive
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 9
Fundamentals of Cyber Crime and Security - continued
1. Modern cyber-security techniques include:-a. Intrusion detection system (IDS), which inspects network activity for
suspicious patternsb. Intrusion prevention system (IPS), which is a pre-emptive approach to identify
potential threatsc. Honeypot, which is a trap for hackersd. Honeynet is a network of honeypots
2. Characteristics are:-a. Offensive by designb. Proactive
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 10
What should be happening?
What is actually happening?
1. A by-product of the increased public awareness of Internet is an increase in cybercrime.
2. In developed countries deployment of proactive cyber-security solutions is on the rise.
3. In developing countries, however, computer networks are still equipped with conventional solutions that are not proactive by design.
4. Cybercrimes have no boundaries so efforts to mitigate these crimes should also be similar across the world.
Problem Statement
11/05/2012
Literature Review
In this section, I shall • enumerate the sources that I examined for the project• describe the methods used to explore the sources
11/05/2012 Evaluating The Feasibility of a Pakistan Honeynet Node 11
Introduction Literature Review Cyber Threat Analysis Feasibility Study Recommendation Conclusion
Evaluating The Feasibility of a Pakistan Honeynet Node 12
Sources Examined
Australian Sources1. Cyber Security Operations Centre
(CSOC), Defence Signals Directorate (DSD)
2. Australian Crime Commission3. Australian Institute of Criminology4. Australian Federal Police5. Australian CERT6. Australian Honeynet Project7. SCAMwatch, The Australian
Competition and Consumer Commission (ACCC)
Pakistani Sources1. Federal Investigation Agency (FIA),
Government of Pakistan2. National Response Centre for Cyber
Crimes (NR3C), FIA3. Pakistan CERT4. Pakistan Honeynet Project5. Rewterz Pakistan6. Other sources from the Internet
a. Express Tribuneb. Daily Times, andc. Pro Pakistani
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 13
Methods Used to Explore the Sources
1. Finding academic and non-academic data from the sources of information
2. Communicating with Australian and Pakistani sources to collect information
3. Exploring blogs, forums and other websites related to cyber security
11/05/2012
Analysing the Cyber Threat
In this section, I shall1. review Australian and Pakistan cyber threat, and 2. discuss efforts done by Australia and Pakistan regarding cyber-security
11/05/2012 Evaluating The Feasibility of a Pakistan Honeynet Node 14
Introduction Literature Review Cyber Threat Analysis Feasibility Study Recommendation Conclusion
Evaluating The Feasibility of a Pakistan Honeynet Node 15
Australian Threat Review
1. The Australian Crime Commission (ACC)Conducted survey in Australia in 2008; 14 per cent reported computer security incidents amounting to a financial loss estimated up to $649 million.
2. The Australian Institute of Criminology (AIC)
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 16
Australian Threat Review – continued
3. AusCERT – Australian CERT
4. SCAMwatch - by the Australian Competition and Consumer Commission (ACCC)Recorded following scams in the year 2012
a. Scratchie cardsb. Carbon price scamsc. Phone scams
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 17
Efforts by Australia
1. Australian government announced E-Security review on 2 July 2008. 2. Prime Minister of Australia Hon. Kevin Rudd MP in his first national
security statement to the Parliament, on 4 December 2008, identified the cyber-security as one of the top most national priorities.
3. Australian Government Cyber Security Strategy was formulated4. AG Cyber Security Strategy turned out to be the backbone of Australian
Cyber Security Policy
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 18
Efforts by Australia - continued
5. The Cyber Security Policy resulted in the establishment of:-
a. Australia’s National CERT1 (CERT Australia)b. Cyber Security Operations Centre (CSOC)
6. Australian Honeynet Project - a step towards securing Australian cyber space
11/05/2012
CSO
C
The Attorney-General’s Department (AGD)
Australian Communications and Media Authority (ACMA)
Australian Federal Police (AFP)
Australian Security Intelligence Organisation (ASIO)
Defence Signals Directorate (DSD)
Department of Broadband, Communications and the Digital
Economy (DBCDE)
Australian Government Information Management Office (AGIMO)
Cyber Security Policy and Coordination (CSPC) Committee
1 Computer Emergency Response Team
Evaluating The Feasibility of a Pakistan Honeynet Node 19
1. Rewterz gives map of Pakistan based sources of malware
2. Cyber-warfare in the Southeast Asian regiona. Major players are India and Pakistanb. Recently, involvement of Bangladeshi greyhats have been foundc. Most of the incidents include websites defacementd. Recently few incidents also reported data-leaks
Pakistan Threat Review
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 20
Pakistan Threat Review - continued
5. Microsoft Security Intelligence Reporta. Pakistan placed among the countries with high malware detection in the third
and fourth quarters of year 2011b. Microsoft places Pakistan among the five locations with the largest
‘Computers Cleaned per Mile’ (CCM) increases
11/05/2012
Microsoft Security Intelligence ReportVolume 12July through December, 2011
Evaluating The Feasibility of a Pakistan Honeynet Node 21
Efforts by Pakistan
1. Electronic Transaction Ordinance was passed by the Government of Pakistan in 2002
2. Prevention of Electronic Crime Ordinance was passed by the government in 2009
3. National Response Centre for Cyber Crimes (NR3C) was established under Federal Investigation Agency (FIA) to deal with cyber crimes
4. NR3C is operating with ten different wings
11/05/2012
NR3
C
NR3C CERT
Forensic Lab
R&D
Implementation of Standards & Procedures
Media Projection
Technology Development Centre
Network Operations & Security
Liaison organization
Training & Seminars
Legal Regularity & Issues
Evaluating The Feasibility of a Pakistan Honeynet Node 22
Efforts by Pakistan - continued
6. Pakistan CERT was performing as national CERT till 2010 but has been inactive after the establishment of NR3C CERT. During the course of the project the websites content has not changed.
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 23
Efforts by Pakistan - continued
7. Pakistan Honeynet is also an independent, non-profit organization but as the website reflects, this project appears to be inactive
11/05/2012
Evaluating the Feasibility of a Honeynet Node in Pakistan
1. Honeynet analysisa. Existing facilitiesb. Benefits of existing facilities
2. Final findings of the analysis
11/05/2012 Evaluating The Feasibility of a Pakistan Honeynet Node 24
Introduction Literature Review Cyber Threat Analysis Feasibility Study Recommendation Conclusion
Evaluating The Feasibility of a Pakistan Honeynet Node 25
Honeynet Analysis
1. Existing Facility, Modus Operandi and Capabilitiesa. A National Honeypot by NR3C – FIA is a welcome step in the right direction
but there is still many things to dob. Official website of NR3C is being hosted from central server that is running
from outside Pakistan; it requires strict policies to ensure Confidentiality, Integrity and Availability of resources
c. Pakistan honeynet project is a much needed step but it is not as active as compared to its competitive model, that is, Australian honeynet project
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 26
Honeynet Analysis - continued
d. Pakistan honeynet project is being hosted from the Honeynet Project’s central server, located in United States of America
e. To confirm the location of the servers, I ran few simple Network Scanning checks
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 27
Honeynet Analysis - continued
2. Benefits of existing facilitiesa. Pakistan’s cyberspace has started getting equipped with modern and
sophisticated techniquesb. Government and private sectors are concerned about the rising Internet
fraud and other threatsc. In 2010 more than 312 cases were registered in different categories of cyber-
crimes. Most of the crimes are related to the defacement of websites but few cases have been registered where data-leak was observed
d. There are signs of improved public awareness
11/05/2012
Evaluating The Feasibility of a Pakistan Honeynet Node 28
Final Findings
1. Pakistani establishment is operating without cyber-security law2. Pakistani agencies are not in communication with the honeynet project3. Pakistani CERT and honeynet projects are inactive4. Pakistan agencies do not own independent honeynet node5. The Australian honeynet project is also hosted from Pennsylvania,
Wayne, US but AFP is running its private honeypot6. Unlike Pakistani honeynet, Australian honeynet project shares
information with Australian law enforcement agencies
11/05/2012
Recommendations
1. Pakistan needs to reinstate cyber security law
2. Pakistan government should develop info sharing with the honeynet project
3. NR3C should deploy honeypot independently
4. NR3C must not operate honeypot without having requisite expertise
5. Pakistan needs her national CERT to be active
6. Government must have a check over private security solution providers
7. Government must ensure improved general awareness
11/05/2012 Evaluating The Feasibility of a Pakistan Honeynet Node 29
Introduction Literature Review Cyber Threat Analysis Feasibility Study Recommendation Conclusion
Conclusion
11/05/2012 Evaluating The Feasibility of a Pakistan Honeynet Node 30
Internet users
Vulnerabilities
Cyber-threats
Need for cyber-security
Introduction Literature Review Cyber Threat Analysis Feasibility Study Recommendation Conclusion
Offensive network security
Defensive network security
Antivirus suite
OS security settings
Exercise of Command & Control
Monitoring
Implementation of Policy
Policy
Strategy
Awareness at all levels
a. Today, Internet means social interaction
b. Social interaction means implicit trust that anybody can exploit easily
c. Cyber criminals are increasingly employing sophisticated techniques
d. This is the responsibility of the government to harness the full range of resources to help protect government, business and individual Australians
1. Summary of the project2. Concluding remarks3. Questions
Cyber-Security is a must …
Basic cyber security model …
Implementing National Security …
Thank You !