Prof. Dr.
(TU NN)
Norbert Pohlmann
Institute for Internet Security - if(is)
Westphalian University of Applied Sciences
Gelsenkirchen, Germany www.if-is.net
How global is the village Internet?
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
Content
The interconnected network Internet
and some conditions
IT Security and IT Risk
The possible future of the Internet
Assessment of the Internet Players
Future Contribution of the Internet Players
Summary
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
3
Content
The interconnected network
Internet and some conditions
IT Security and IT Risk
The possible future of the Internet
Assessment of the Internet Players
Future Contribution of the Internet Players
Summary
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
4
The Interconnected Network
Overview of the Internet
44,000+ Autonomous Systems (AS)
US
= 14,614
Germany = 1,385
China
= 224
…
400,000+ connections between AS
US
= 78,000
Germany = 37,000
China
= 970
…
3 B+ number of IPv4 addresses
US
= 983,261,006
Germany = 111,165,772
China
= 267,010,580
…
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
5
The global village Internet
Changes in the general condition
The Internet is going beyond all borders and cultures!
Problems with criminal prosecution in a lot of countries
Different opinions about what is right and what is wrong
Different legal frameworks
Radical change and development in IT
Mobile devices, Social Networks, Cloud Computing, …
new Player, new operation systems, new IT concepts, new attacks
Internet of things: SmartGrid, SmartCar, SmartTraffic, SmartHome, …
e.g. nuclear phase-out provides more risk on the Internet
The kind of values that we have to protect are changing over the time
bits and bytes are changing
from data and information to knowledge into intelligence
Accessible from anywhere (Mobile devices Cloud Computing, …)
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
User
Companies
6
The global village Internet
Players
Attacker
User
Governments
IT Producer
Companies
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
7
Content
The interconnected network Internet
and some conditions
IT Security and IT Risk
The possible future of the Internet
Assessment of the Internet Players
Future Contribution of the Internet Players
Summary
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
Our IT Security Problems
Overview
IT security
problems
Time
Today
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
9
Our IT Security Problems
Risk discussion
IT security
problems
Time
Today
Economy
Which risk level
is too high?
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
10
Content
The interconnected network Internet
and some conditions
IT Security and IT Risk
The possible future
of the Internet
Assessment of the Internet Players
Future Contribution of the Internet Players
Summary
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
11
The future of the village Internet (1/5)
Successful development
One common
global
and
successful
village Internet
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
12
The future of the village Internet (2/5)
Unsuccessful development
One global but
unsuccessful
village Internet
The users don´t like the Internet because of
the bad security, untrustworthiness,
the lacking reliability, government behavior, …
and so on!
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
13
The future of the village Internet (3/5)
Governments dominated
Different “Government” villages in the Internet
USA, …
European
Commission
BRI(C)S
China
OPEC
Driven by the
Governments
© www.Luisa-Pohlmann.com Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
14
The future of the village Internet (4/5)
IT Producer Companies dominated (1/2)
Different “company” villages in the Internet
Apple
German
Telekom
Amazon
Driven by the
IT Producer
Companies
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
15
The future of the village Internet (5/5)
IT Producer Companies dominated (2/2)
…
MaxUserByte = UserLimit (new)
+ Telekom-Service
+ Managed-Service
MaxSumByte = SumUserLimit
+ Managed-Service
- Internal-Other-Services
Telekom
Other Content Provider (CP)
SumContent = SumUserLimit
(paid by the user)
or
Managed-Service
(paid by the CP)
Telekom-Service
IP-TV, Music, … Content offered by Telekom
Managed-Service
Paid by “Other Content Provider”
Internal-Other-Services
Traffic produced by organization in the Telekom network
UserLimit
Limited traffic paid by the user
Other Content Provider
Google, Facebook, Amazon, …
…
New flat rate:
-
16 Mbit/s
-
max. 75 Gbyte
-
than 384 Kbit/s
© www.Luisa-Pohlmann.com
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
16
Content
The interconnected network Internet
and some conditions
IT Security and IT Risk
The possible future of the Internet
Assessment
of the Internet Players
Future Contribution of the Internet Players
Summary
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
17
Governments
Targets
Government
1
Government
2
Government
X
Society X
Society 2
Society 1
Responsible to secure
basic needs
Food
Energy
Peace
Freedom
…
Ensure Success / Wealth
Develop legal frameworks
which cover the culture
needs of the society
…
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
18
Governments
Politicians
Government
1
Government
2
Government
X
Society X
Society 2
Society 1
Think and act short-termly and
nationally
Solve things rather quickly than in a
sustainable manner
Act too slow for the needed
changes in the Internet
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
19
Governments
Vulnerability (1/3)
Government
1
Government
2
Government
X
Society X
Society 2
Society 1
The
Government 1
gets
information about a vulnerability
of an operation system
What should the Government do?
Use it for their own purposes
or
Inform all players
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
20
Governments
Vulnerability (2/3)
Government
1
Government
2
Government
X
Society X
Society 2
Society 1
The
Government 1
informs
the IT producer company
to fix the problem!
All societies are secure
The attackers are not successful !
Attacker
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
21
Governments
Vulnerability (3/3)
Government
1
Government
2
Government
X
Society X
Society 2
Society 1
The
Government 1
uses the
vulnerability to attack other
countries!
All societies are unsecure
The
Government 1
attacks the
other countries (Government
and companies)
Cyber Way is reality
If the attacker
also knows the
vulnerability then all countries
will be unsecure
Attacker
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
22
Governments
Vulnerability: Summary (4/4)
Why does this make no sense?
Kant’s “Categorical Imperative”
Ethical problem
Prisoner’s Dilemma
Economic problem
War strategies
Policy problem
Act in such a way that such actions
would be appropriate as a universal law.
A
B
A
cooperate
A
defect
B
cooperate
win
win
ego win
0
B
defect
0
ego win
0
0
Don’t Throw Stones
From a Glass House
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
Highly motivated and skilled attackers
Too many vulnerabilities available
The attackers are operating in secrecy
from almost anywhere in the world
They use a lot of computers (Malware, botnets)
with unlimited power
23
Attacker
Assessment
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
The criminal organizations use the vulnerabilities in our
technologies and the non-perfect IT security mechanisms
very effective
A
successful business model
produces a
successful
underground economy
We see an innovation in attack models and the attackers are
getting more professional
24
Attacker
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
25
Attacker
Damage Model
private budget A (
in: salary, …
out: internet, damage, …
)
private budget B (
in: salary, …
out: internet, damage, …
)
private budget C (
in: salary, …
out: internet, damage, …
)
…
business budget X (
in: internet, …
out: damage, …
)
business budget Y (
in: internet, …
out: damage, …
)
business budget Y (
in: internet, …
out: damage, …
)
…
attacker budget (
in: hack, …
out: botnet, malware, …
)
Other damages
Image loss
Loss of reputation
Indirect financial losses
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
26
User
Assessment
Developments and changes in the Internet are faster than ever.
The users always need to adapt knowledge to act in the right way.
The protected values are constantly rising.
Internet users need to know the problems of the Internet or
they harm themselves and others!
Internet competence
Don´t click on every Web-link or attachment of e-mails
Use anti malware solutions, personal firewall, automatic updates, …
…
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
27
User Companies
Assessment
They do not enough for the IT security
Example: Insecure websites in the field
Today most of the malware is distributed by insecure websites
2.5 % of the German measured websites are infected with malware.
(
US ~ 1.01;
Japan ~ 0.51; …)
Reasons for insecure websites
Many websites / webservers are not implemented securely
Patches are not or very late installed
There is no responsibility for own websites!
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
28
IT Producer Companies
Assessment
Reliability of IT products and IT services
We need much more responsibility / reliability by the companies which
offer IT products and IT services.
At the moment the big IT companies like Apple, Google, Facebook and
Microsoft show us what we need.
The market is producer driven.
But they don´t take the necessary responsibility
for their products and services.
Business model: “Paying with personal information”
Playing Monopoly
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
29
How global is the village Internet
Cyber War
The probability of a successful cyber war is very high
The US and Israel fight against Iran (Stuxnet).
China and the US fight against the rest of the world and against each
other.
No soldiers have to die; you can organize and make the cyber war
from the office.
But who is our friend and who is our enemy in the global village
Internet?
How important is the origin of IT technology?
Most important software companies come from the US
A lot of important hardware companies come from Asia
Some important industry technologies comes from Germany
…
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
How global is the village Internet
Ethic of new Technologies
3D printer
Producing guns at home
Google Glass
Promotes privacy problems in the real world
Drone
Like a computer game
…
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
© www.gearfuse.com, © Giuseppe Porzani - Fotolia.com, © www.dodge.com, © Sergiy Serdyuk - Fotolia.com
Traffic System
Our society has learned to organize the mobility
31
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
32
Content
The interconnected network Internet
and some conditions
IT Security and IT Risk
The possible future of the Internet
Assessment of the Internet Players
Future Contribution
of the Internet Players
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
33
Future Contribution
Attacker
None !
All other players have to destroy the business model of the attacker!
Only ethical hacking under open rules!
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
34
Future Contribution
Governments (1/2)
We really need responsible governments and politicians !
(Not a strong lobbying!)
We want one common global Internet
But we have 190+ different Governments worldwide
We have to find out which part of the governments´ responsibility
is global and which part is local
How can the Governments help
to create a common Internet culture?
Local responsibility of the governments
should be:
All military stuff
Needed legal frameworks
…
Government
3
Government
1
Government
2
Government
X
Internet
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
35
Future Contribution
Governments (2/2)
Global responsibility of the governments should be:
Promotion of international security infrastructures for identification,
authentication, e-mail-Security and so on
reach international enforcement,
teach the users the appropriated Internet competence
share security relevant information with all other players so that we can
realize collaboration between the defenders
and so on.
© www.Luisa-Pohlmann.comGovernment
3
Government
1
Government
2
Government
X
Internet
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
36
Future Contribution
User Companies
More IT security for the 5 % important data of the company
More IT security awareness for the employees
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
37
Future Contribution
IT Producer Companies
IT Producer Companies
More secure and trustworthy technology
Secure Software Development (Bug-free Software)
Secure Engineering (e.g. right integration of SSL, …)
Have to make the windows much shorter between the discovery of
vulnerability and the integration of appropriated updates!
More reliability for the technologies and services
Appropriate Business Models (Data protection, privacy)
IT Security Producer Companies
IT security solutions which protect us much more sufficiently
More proactive security solutions
More object security solutions
…
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
38
Future Contribution
User
The user have to take the necessary responsibility
Build up an Internet competence
Use the needed IT security solutions
Be responsible for the future!
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
39
How global is the village Internet?
Common culture development
Laws follow culture. So it is important to develop a common culture!
An old sociological paradox (David Loy):
We as users together have to organize a common force!
consumer association (Evaluation of products and services, …)
If the users like to have a global village Internet,
then the users should create such a society
Society
but
society
also creates people
Society
Our
economic
and
political systems
are not neutral!
People
create
society
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any
Content
The interconnected network Internet
and some conditions
IT Security and IT Risk
The possible future of the Internet
Assessment of the Internet Players
Future Contribution of the Internet Players
Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any