Strategy
This presentation is the property of its rightful owner.
Sponsored Links
1 / 36

Strategy PowerPoint PPT Presentation


  • 40 Views
  • Uploaded on
  • Presentation posted in: General

Strategy. Deception. “ All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.”.

Download Presentation

Strategy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Strategy

Strategy


Deception

Deception

“All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.”


Deception in information warfare

Deception in Information Warfare

  • Intent of attack

  • Value in defense

  • Extent of attack

  • Depth of defense

  • Methods of attack and defense

  • Objects of attack

  • Success of attack


Facing the enemy

Facing the Enemy

“Hold out baits to entice the enemy. Feign disorder and crush him. If he is secure at all points, be prepared for him. If he is in superior strength, avoid him. If you opponent is of choleric temper, seek to irritate him. Pretend to be weak, that he may grow arrogant. If he is taking his ease, give him no rest. If his forces are united, separate them. Attack him where he is unprepared, appear where you are not expected. These military devices, leading to victory, must not be divulged beforehand.”


Planning of your network

Planning of Your Network

  • How does the network look to valid users?

  • How does the network look to casual scanners?

  • How does the network look dedicated attackers?

  • How does the network look internally?


External view of nets

External view of Nets

Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html


Internal view of network

Internal View of Network


Critical issues

Critical Issues

  • What must you defend?

    • Mission of the organization

    • Assets of the organization

  • What can you defend?

    • Personnel limitations

    • Information limitations

  • What is likely to be attacked?


Strategic goals

Strategic Goals

Sun Tzu said: Whoever is first in the field and awaits the coming of the enemy, will be fresh for the fight; whoever is second in the field and has to hasten to battle will arrive exhausted.

Therefore the clever combatant imposes his will on the enemy, but does not allow the enemy's will to be imposed on him.

By holding out advantages to him, he can cause the enemy to approach of his own accord; or, by inflicting damage, he can make it impossible for the enemy to draw near.


Defensive strategy

Defensive Strategy

  • Deceive the attacker

  • Frustrate the attacker

  • Resist the attacker

  • Recognize and Respond to the attacker


Analogous example

Analogous Example

  • Arsonist profiling, misdirection = Deceive

  • Grounded outlets, fire doors, inter-floor barriers = Frustrate/Resist

  • Smoke detectors, alarm pulls = Recognize

  • Fire-suppression systems = Respond


Deceive the enemy

Deceive the Enemy

Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.

  • Hide the nature of your organization

  • Use obvious targets as alarms, not servers

  • Minimize the footprint of critical assets

  • Honeyd/Tarpit – fake servers/services


Frustrate the enemy

Frustrate the Enemy

If we do not wish to fight, we can prevent the enemy from engaging us even though the lines of our encampment be merely traced out on the ground. All we need do is to throw something odd and unaccountable in his way.

  • Block what you can

  • Prevent information flows critical to enemy

  • Use obvious attack vectors as alarms


Resist the enemy

Resist the Enemy

  • Asset identification, critical to mission

  • Security requirements for assets

  • Restoration of security

  • Vulnerability identification related to mission

  • Layered security

  • Monitor and respond to change

  • Audit and reassess


Factors that block resistance

Factors that Block Resistance

  • Cost

  • Personnel

  • Pace of change

  • Organizational coalitions

  • Assumed survival

  • Security through obscurity


Recognize the enemy

Recognize the Enemy

  • Recognizing indications and warnings

  • Investigating intrusions

  • Applying fixes

  • Monitoring users and applications

  • Updating systems

  • Scanning log and alert files

  • Auditing system configurations


Factors that block recognition

Factors that block Recognition

  • Administrator shortage

  • Administrator overload

  • Administrator ignorance

  • System structure

  • Network architecture

  • Application structure

  • Organizational goals


Offensive strategy

Offensive Strategy

  • Positioning -- high and low

  • Visibility -- sun and shadow

  • Nourishment -- life

  • Occupation -- substance

  • Risk Avoidance -- illness


Inspirational quote

Inspirational Quote

Now the Army likes heights and abhors low areas, esteems the sunny (yang) and disdains the shady (yin). It nourishes life and occupies the substantial. An army that avoids the hundred illnesses is said to be certain of victory.

Sun Tzu


Positioning

Positioning

  • What is a network high point?

  • What is a network low point?

  • What does positioning mean in a network world?


Internet auditing project

Internet Auditing Project

  • Unauthorized project systematically mapping Internet systems for selected vulnerabilities

  • 36 million hosts (85% of active addresses) surveyed over 3-week period (1-21 Dec 98)

  • 5 scanning hosts using newly created (free) Bulk Auditing Security Scanner (BASS)

  • Scanning hosts in 5 different nations

  • 18 different vulnerabilities tested (from CERT advisories)

  • 450,000 vulnerable hosts found

  • Source: Securityfocus.com paper dated Aug 11, 1999


Visibility

Visibility

  • What is sun (yang) in a network world?

  • What is shade (yin) in a network world?

  • How do we exploit sun and shade?

  • Why is visibility significant in a network world?


Malicious code

Malicious Code

  • Viruses

  • Trojan Horses

  • Worms

  • Always verify the integrity and authenticity of downloaded content

  • Always scan content for malicious code before opening


Nourishment

Nourishment

  • Life: Survival, Defense, Basis for attack

  • What is survival in a network world?

  • What is defense in a network world?

  • How do we turn survival and defense into a basis for attack


Strategies of network attack

Strategies of Network Attack

  • Timing: immediate, follow-on, phased

  • Targeting: real, ostensible, coincidental

  • Form of preparation: presupposition, creation


Examples of attack strategies

Massed Attack

Stepped attack

Isolated attack

Isolated follow-up

Masked Attack

Diversion

Examples of Attack Strategies


Rapid detection and response

Reduced

Frequency

Mitigation

Rapid Detection

BoundedScope

Rapid Response

Minimized Impact

Rapid Detection and Response

Technology works for you


Survival tasks

Survival Tasks

  • Rapid detection

    • detecting unauthorized access to data and systems

    • detecting unauthorized changes to data and systems

    • recognizing suspicious overuse of resources

  • Rapid response

    • analyzing the incident

    • disseminating information

    • containing the damage

    • recovering from the incident


Occupation

Occupation

  • Substance: Cross product of strategy, terrain

  • Which are the network nodes that key to victory?

  • Which are the network nodes that key to survival?

  • What does it mean to occupy networks?


Moonlight maze

Moonlight Maze

  • Sophisticated widespread attack on US military systems

  • Goal seems to be intelligence gathering

  • Compromised accounts

  • Corrupted system programs

  • Redirected information (not print, send overseas)

  • ALL DoD publicly-connected accounts ordered to have new passwords as of August 16, 1999

  • Source: Sunday Times of London, July 25, 1999


Avoidance

Avoidance

  • Illnesses: Outside factors that lessen attack

  • How do we accommodate to other network attacks?

  • How do we deal with real-world events?

  • What contingencies must we plan for?


Layered defenses

Frustrate

Deceive

Recognize

Respond

Layered Defenses

Source: Shawn Butler, Security Attribute Evaluation Method

Goal 1

Goal 8

Goal 2

Goal 7

Goal 3

Goal 6

Goal 5

Goal 4


Preparation exercises

Preparation: Exercises

  • Designed to evaluate level of preparedness

  • Run at intervals

  • Red team -- attackers

  • Blue team -- defenders

  • White team -- exercise administrators

  • For realism, needs to involve significant part of organization


Desirable exercises

Desirable Exercises

  • Blue team has goal other than defense

  • Red team has scenario limiting its exercise knowledge

  • White team enforces rules of engagement

  • Red team is visible and vulnerable to blue team

  • Blue team is visible and vulnerable to red team

  • White team is not visible nor vulnerable in context


Factors that frustrate exercises

Factors that Frustrate Exercises

  • Exercise has goal other than assurance preparedness

  • White team puts artificial limits on red team

  • Red team has no scenario, nor knowledge limits

  • Red team not representative of attackers

  • Red team part of white team, not vulnerable

  • Red team results are vulnerabilities of blue team, not operational impact of vulnerabilities


Remainder of the course

Remainder of the Course

  • Identifying attacks

  • Defensive teams

  • Network Structure

  • Handling Incidents


  • Login