Alok Vijayant - PowerPoint PPT Presentation

About This Presentation
Title:

Alok Vijayant

Description:

alok vijayant. mba(fms),ceh, h3x, pgdcs, cop (chinese),adop. director (idg) office of nsa (pmo) govt of india. educational brief : schooling at rimc, dehradun, b.sc ... – PowerPoint PPT presentation

Number of Views:203
Avg rating:3.0/5.0
Slides: 31
Provided by: isr82
Learn more at: http://is-ra.org
Category:
Tags: alok | infosec | vijayant

less

Transcript and Presenter's Notes

Title: Alok Vijayant


1
THREAT LANDSCAPE
CYBER
Alok Vijayant CAIIB, MBA(FMS), CEH, H3X PGDCS,
COP(MANDARIN), ADOP(MANDARIN) Director Cyber
Security Operations National Technical Research
Organization
2
(No Transcript)
3
ALOK VIJAYANT MBA(FMS),CEH, H3X, PGDCS, COP
(CHINESE),ADOP DIRECTOR (IDG) OFFICE OF NSA
(PMO) GOVT OF INDIA
EDUCATIONAL BRIEF Schooling at RIMC, Dehradun,
B.Sc(Hons) Physics, DU, MBA(Finance IT) from
FMS, Delhi University, CEH (Certified Ethical
Hacking) from EC Council, New York, H3X (Ethical
Hacking Expert) from Orchid Seven, PGDCS from
IMT, Ghaziabad
EXPERIENCE Served RBI for 14 years in various
capacities Fake Currencies, Bank Frauds,
Payment Systems, Dealing Rooms Operations Joined
NTRO, Countrys premier Technical Intelligence
Agency (2005) as Head of IDG (Information
Dominance Group) and TFIU (Tech Financial
Intelligence Unit)
SPEAKER AT INTERNATIONAL CONF OWASP
International Conference 2009,2010,2011,2012 ClubH
ack 2008, 2009, 2010,2011,2012 NullCon 2008,
2009, 2010,2011,2012 C0CoN 2009,
2010,2011,2012 MalCoN 2010, 2011,2012 UN Conf on
Terrorist Monitoring, Seattle 2009 SecurityByte
Int Conf, 2011 BlackHat 2011 DefCon 2011 India
Top 100 CISO Award Ceremony, Panelist Governance
Now Mobility Reliability Panelist National
CISO Conference 2012 Speaker (2012) DIA
Conference 2012, 2013
SPEAKER AT RAW Training Institute BPRD SSB
Academy CBI Academy ARTRAC, Defence NICFS IIMC NCR
B NDC, Min of Defence MCTE, Mhow
4
RESOURCES
5
HUMAN RESOURCE AS A TARGET
6
TECHNICAL RESOURCE AS A TARGET
7
COST OF ATTACK
8
ATTACK INVESTIGATION IN AN ENTERPRISE ..
FIREWALL adequately configured to disallow
EXECUTABLES
9
Noisy
ESPIONAGE TARGET
DESTRUCTION TARGET
SLEEPER CELL
Boom
BOTNETS
Selection of Payload with varying Characteristics
DDoS
Silent
Active
10
DETECTION THE DIRTY METHOD
Running a Sensor
11
HOW WE DO IT .
ATTACK DETECTION
NON-OPTIMIZED
STATISTICAL PREDICTION MODEL
DIRECT THREAD DETECTION
12
HOW WE DO IT .
ATTACK MITIGATION
NON-OPTIMIZED
SANDBOXING
MALWARE ANALYSIS
OBTAINING BINARIES
REVERSING
THREAT IDENTIFICATION STATE NCII ACTIVITIES
SINKHOLING DNS
IDENTIFICATION OF INFECTION
ADVISORIES
13
(No Transcript)
14
Malware Detector
15
Identification of CC
16
Attack on vital Ministries/Organizations 15TH
Dec 2009
Systematic Investigation Unique mix of
offensive, investigative and recovery mechanism
Investigative Posture
Other Methods
RD Posture
Simulated
NIC asked to place CC as filter
Obtained Details
CC Identified
NIC asked to find recipients of the mail
Recipients informed and measures suggested
Payload identified and reversed
Vaccine Developed
NIC Given fresh sets of targets to place it on
filters
NIC 450 Mail Ids found compromised
Users informed by NIC
IB DIARA Informed and given the list
Users Sanitized
17
NATIONAL SECURITY ADVISORY BOARD ATTACK JAN 2010
18
SHADOW IN THE CLOUD
19
GHOSTNET II WHAT WAS THE TRIGGER
NTRO Team has been investigating and reversing
various Malwares received on information systems
and studying the signatures over a period of
time Cyber Sensor DRISHTI has been observing
the trends in the cyber space by monitoring
incidences of attack on Indian Systems (Database
Size is Approximately 32000 unique
identities) Receipt of distinct signatures of
Chinese Information Systems during earlier
investigations and analysis by NTRO
Team Pilferrage of Data from US/Canadian
Investigators pertaining to Indian Logs relating
to the GHOST NET II being investigated covertly
in US/Canada Matching Data and signature
Analysis revealing the existence of same network
associated with US/Canada as well as India (Could
be leveraged Diplomatically)
20
Some Comparisons .
Analysis Performed by NTRO
Logs obtained from US
21
Additional Investigation from NTRO on the
subject ..
Analysis Performed by NTRO
NSAB (National Security Advisory Board) Analysis
..
Logs obtained from US
22
GHOST NET II (Shadow in the Cloud)
Cyber Operations
Selectors
Cyber Investigations
Results
Agencies
Cabinet Secretary Permission
23
STUXNET INVESTIGATIONS
24
LATEST ATTACK ON MEA, MHA, MOD, NSCS NOV 1, 2010
25
TARGET OF ATTACK MHA, MOD, NSCS, MEA
26
(No Transcript)
27
DNS SNIFFER
28
INFECTIONS DETECTED
NAGPUR
MUMBAI
DELHI
BENGALURU
29
More Dreaded Challenges
REGIONAL BOTS ETHNIC/RELIGION BOTS TIME-ZONE
BOTS POLITICAL BOTS
30
DETECTION FOR THE NATIONAL ENTERPRISE
The Great Indian Ring of Fire
31
Suggested Course of Action
CIO Forum for CIOs Indian Infosec Consortium
for Indian Infosec Professionals CIO for Head
Hunting IIC for Profile Building for Infosec
Professionals IIC To promote Indigenous
Business at the Global Platform GroundZero
Summit To be the International Platform for
Showcasing Clean Exit from Corporates Methods
of IT Security Rating Standard based on
renumeration model Creation of Indian Ring of
Fire to protect Businesses in India Creation of
System Incubation Facilities for Crowd Sourced
Researches. National Cyber Security Academy
First Course due to be launched at OP JINDAL
UNIVERSITY
32
The Hackers Conference
Write a Comment
User Comments (0)
About PowerShow.com