Evaluating the Feasibility of a Pakistan Honeynet Node by Farrukh Naghman Student ID: 42601800 Supervisor Milton Baar.

Evaluating the Feasibility of a Pakistan Honeynet Node

byFarrukh NaghmanStudent ID: 42601800

SupervisorMilton Baar

Evaluating The Feasibility of a Pakistan Honeynet Node 2

Agenda

• Aim• Reviewing the Methodology Adopted• Introduction• Literature Review• Analysing the Cyber Threat• Evaluating the Feasibility of a Honeynet Node in Pakistan• Recommendations• Conclusion

11/05/2012


Aim

To review and analyse literature of the honeynet project and to evaluate its use in setting up a Pakistan node

11/05/2012


Reviewing the Methodology Adopted

For the comparative analysis, I selecteda. Pakistan as a model developing country, andb. Australia as a model developed country.

For both these countries, I c. compared the statistics of Internet attacks,d. identified and compared existing security measures.

And lastly, I carried out the feasibility of implementing a honeynet node in Pakistan.

11/05/2012

Introduction

In this section, I shall discuss • facts about Internet,• fundamentals of cyber crime and security, and• the problem statement

11/05/2012 Evaluating The Feasibility of a Pakistan Honeynet Node 5

Introduction Literature Review Cyber Threat Analysis Feasibility Study Recommendation Conclusion


Facts about Internet

1. The Internet is now fully integrated into daily commercial and personal lives; over 30% of the world population uses the Internet

2. A by-product of the increased public awareness of Internet is an increase in cybercrime

3. John Walker Crime Trends Analysis estimated the cost of cyber crime in Australia to be $US1.2 billion per year

11/05/2012


Fundamentals of Cyber Crime and Security

Cyber Crime is defined as:“Any violation which involves the use of computer either standalone or connected to a computer network either a small scale system or system with a global reach, that is, Internet against computers or computer systems and technology enabled crime” – House of Representative, Standing Committee on Communications, The Parliament of Commonwealth of Australia, June 2010

11/05/2012


Fundamentals of Cyber Crime and Security - continued

1. Conventional cyber-security techniques include:-a. Software firewallb. Hardware firewallc. Anti-malware

2. Characteristics are:-a. Defensive by designb. Non-proactive

11/05/2012


Fundamentals of Cyber Crime and Security - continued

1. Modern cyber-security techniques include:-a. Intrusion detection system (IDS), which inspects network activity for

suspicious patternsb. Intrusion prevention system (IPS), which is a pre-emptive approach to identify

potential threatsc. Honeypot, which is a trap for hackersd. Honeynet is a network of honeypots

2. Characteristics are:-a. Offensive by designb. Proactive

11/05/2012


What should be happening?

What is actually happening?

1. A by-product of the increased public awareness of Internet is an increase in cybercrime.

2. In developed countries deployment of proactive cyber-security solutions is on the rise.

3. In developing countries, however, computer networks are still equipped with conventional solutions that are not proactive by design.

4. Cybercrimes have no boundaries so efforts to mitigate these crimes should also be similar across the world.

Problem Statement

11/05/2012

Literature Review

In this section, I shall • enumerate the sources that I examined for the project• describe the methods used to explore the sources




Sources Examined

Australian Sources1. Cyber Security Operations Centre

(CSOC), Defence Signals Directorate (DSD)

2. Australian Crime Commission3. Australian Institute of Criminology4. Australian Federal Police5. Australian CERT6. Australian Honeynet Project7. SCAMwatch, The Australian

Competition and Consumer Commission (ACCC)

Pakistani Sources1. Federal Investigation Agency (FIA),

Government of Pakistan2. National Response Centre for Cyber

Crimes (NR3C), FIA3. Pakistan CERT4. Pakistan Honeynet Project5. Rewterz Pakistan6. Other sources from the Internet

a. Express Tribuneb. Daily Times, andc. Pro Pakistani

11/05/2012


Methods Used to Explore the Sources

1. Finding academic and non-academic data from the sources of information

2. Communicating with Australian and Pakistani sources to collect information

3. Exploring blogs, forums and other websites related to cyber security

11/05/2012

Analysing the Cyber Threat

In this section, I shall1. review Australian and Pakistan cyber threat, and 2. discuss efforts done by Australia and Pakistan regarding cyber-security




Australian Threat Review

1. The Australian Crime Commission (ACC)Conducted survey in Australia in 2008; 14 per cent reported computer security incidents amounting to a financial loss estimated up to $649 million.

2. The Australian Institute of Criminology (AIC)

11/05/2012


Australian Threat Review – continued

3. AusCERT – Australian CERT

4. SCAMwatch - by the Australian Competition and Consumer Commission (ACCC)Recorded following scams in the year 2012

a. Scratchie cardsb. Carbon price scamsc. Phone scams

11/05/2012


Efforts by Australia

1. Australian government announced E-Security review on 2 July 2008. 2. Prime Minister of Australia Hon. Kevin Rudd MP in his first national

security statement to the Parliament, on 4 December 2008, identified the cyber-security as one of the top most national priorities.

3. Australian Government Cyber Security Strategy was formulated4. AG Cyber Security Strategy turned out to be the backbone of Australian

Cyber Security Policy

11/05/2012


Efforts by Australia - continued

5. The Cyber Security Policy resulted in the establishment of:-

a. Australia’s National CERT1 (CERT Australia)b. Cyber Security Operations Centre (CSOC)

6. Australian Honeynet Project - a step towards securing Australian cyber space

11/05/2012

CSO

C

The Attorney-General’s Department (AGD)

Australian Communications and Media Authority (ACMA)

Australian Federal Police (AFP)

Australian Security Intelligence Organisation (ASIO)

Defence Signals Directorate (DSD)

Department of Broadband, Communications and the Digital

Economy (DBCDE)

Australian Government Information Management Office (AGIMO)

Cyber Security Policy and Coordination (CSPC) Committee

1 Computer Emergency Response Team


1. Rewterz gives map of Pakistan based sources of malware

2. Cyber-warfare in the Southeast Asian regiona. Major players are India and Pakistanb. Recently, involvement of Bangladeshi greyhats have been foundc. Most of the incidents include websites defacementd. Recently few incidents also reported data-leaks

Pakistan Threat Review

11/05/2012


Pakistan Threat Review - continued

5. Microsoft Security Intelligence Reporta. Pakistan placed among the countries with high malware detection in the third

and fourth quarters of year 2011b. Microsoft places Pakistan among the five locations with the largest

‘Computers Cleaned per Mile’ (CCM) increases

11/05/2012

Microsoft Security Intelligence ReportVolume 12July through December, 2011


Efforts by Pakistan

1. Electronic Transaction Ordinance was passed by the Government of Pakistan in 2002

2. Prevention of Electronic Crime Ordinance was passed by the government in 2009

3. National Response Centre for Cyber Crimes (NR3C) was established under Federal Investigation Agency (FIA) to deal with cyber crimes

4. NR3C is operating with ten different wings

11/05/2012

NR3

C

NR3C CERT

Forensic Lab

R&D

Implementation of Standards & Procedures

Media Projection

Technology Development Centre

Network Operations & Security

Liaison organization

Training & Seminars

Legal Regularity & Issues


Efforts by Pakistan - continued

6. Pakistan CERT was performing as national CERT till 2010 but has been inactive after the establishment of NR3C CERT. During the course of the project the websites content has not changed.

11/05/2012


Efforts by Pakistan - continued

7. Pakistan Honeynet is also an independent, non-profit organization but as the website reflects, this project appears to be inactive

11/05/2012

Evaluating the Feasibility of a Honeynet Node in Pakistan

1. Honeynet analysisa. Existing facilitiesb. Benefits of existing facilities

2. Final findings of the analysis




Honeynet Analysis

1. Existing Facility, Modus Operandi and Capabilitiesa. A National Honeypot by NR3C – FIA is a welcome step in the right direction

but there is still many things to dob. Official website of NR3C is being hosted from central server that is running

from outside Pakistan; it requires strict policies to ensure Confidentiality, Integrity and Availability of resources

c. Pakistan honeynet project is a much needed step but it is not as active as compared to its competitive model, that is, Australian honeynet project

11/05/2012


Honeynet Analysis - continued

d. Pakistan honeynet project is being hosted from the Honeynet Project’s central server, located in United States of America

e. To confirm the location of the servers, I ran few simple Network Scanning checks

11/05/2012


Honeynet Analysis - continued

2. Benefits of existing facilitiesa. Pakistan’s cyberspace has started getting equipped with modern and

sophisticated techniquesb. Government and private sectors are concerned about the rising Internet

fraud and other threatsc. In 2010 more than 312 cases were registered in different categories of cyber-

crimes. Most of the crimes are related to the defacement of websites but few cases have been registered where data-leak was observed

d. There are signs of improved public awareness

11/05/2012


Final Findings

1. Pakistani establishment is operating without cyber-security law2. Pakistani agencies are not in communication with the honeynet project3. Pakistani CERT and honeynet projects are inactive4. Pakistan agencies do not own independent honeynet node5. The Australian honeynet project is also hosted from Pennsylvania,

Wayne, US but AFP is running its private honeypot6. Unlike Pakistani honeynet, Australian honeynet project shares

information with Australian law enforcement agencies

11/05/2012

Recommendations

1. Pakistan needs to reinstate cyber security law

2. Pakistan government should develop info sharing with the honeynet project

3. NR3C should deploy honeypot independently

4. NR3C must not operate honeypot without having requisite expertise

5. Pakistan needs her national CERT to be active

6. Government must have a check over private security solution providers

7. Government must ensure improved general awareness



Conclusion


Internet users

Vulnerabilities

Cyber-threats

Need for cyber-security


Offensive network security

Defensive network security

Antivirus suite

OS security settings

Exercise of Command & Control

Monitoring

Implementation of Policy

Policy

Strategy

Awareness at all levels

a. Today, Internet means social interaction

b. Social interaction means implicit trust that anybody can exploit easily

c. Cyber criminals are increasingly employing sophisticated techniques

d. This is the responsibility of the government to harness the full range of resources to help protect government, business and individual Australians

1. Summary of the project2. Concluding remarks3. Questions

Cyber-Security is a must …

Basic cyber security model …

Implementing National Security …

Thank You !

Evaluating the Feasibility of a Pakistan Honeynet Node by Farrukh Naghman Student ID: 42601800 Supervisor Milton Baar.

Documents

pakistan honeynet node6

pakistan honeynet node7

pakistan honeynet node8

pakistan honeynet node4

pakistan honeynet node3

pakistan honeynet node2

pakistan honeynet node9

pakistan node