ben mascolo isc 300
Download
Skip this Video
Download Presentation
Information System Security and the US Military

Loading in 2 Seconds...

play fullscreen
1 / 21

Information System Security and the US Military - PowerPoint PPT Presentation


  • 141 Views
  • Uploaded on

Ben Mascolo – ISC 300. Information System Security and the US Military. AKO – Army Knowledge Online AR – Army Regulation CAC – Common Access Card DKO – Defence Knowledge Online DOD – Department of Defence IED – Improvised Explosive Device. Terms and Acronyms used.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Information System Security and the US Military' - mavis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
terms and acronyms used

AKO – Army Knowledge Online

AR – Army Regulation

CAC – Common Access Card

DKO – Defence Knowledge Online

DOD – Department of Defence

IED – Improvised Explosive Device

Terms and Acronyms used
terms and acronyms used1

PIN – Personal Identification Number

TFTP – Trivial File Transfer Program

UFO – Unidentified Flying Object

WAN – Wide Area Network

PLA – Peoples Liberation Army of China

Terms and Acronyms used
slide4
Security Measures currently held by the US military for its information systems are not enough and need to be improved.Introduction
introduction
Introduction
  • The gathering of intelligence is key in military and paramilitary operations
  • The US Military has consolidated all personal, movement, and intelligence information into a series of inter-connected WANs called DKO.
  • This is a relevant issue because enemies of the US no longer have to conduct reconnaissance, if they can penetrate these information systems.
case 1 of attack on us military
Case 1 of Attack on US Military
  • April of 1990
  • Dutch Teenagers
  • Stole Troop movement information and attempted to sell it to the Iraqi government
  • Not a direct exploit of the information system
case 1 of attack on us military1
Case 1 of Attack on US Military
  • Attacked the information system in 3 ways
    • Dictionary attack to guess passwords
    • Used loop holes in the operating system
    • Broke into civilian contractors with access to military systems
case 1 of attack on the us military
Case 1 of Attack on the US Military
  • The Military found out about the attack via Dutch television when the teens publicly broadcasted another attack
case 2 of attack on us military
Case 2 of Attack on US Military
  • British Attacker
  • 40 Years old
  • Looked for accounts with no passwords
  • Simply logged in
  • Left Notes on desktops of users telling them to create a password
  • Deleted security records
case 2 of attack on the us military
Case 2 of Attack on the US Military
  • Cost a total of $700,000 in damages
  • Was discovered by system administrators after they noted many logins from out side the country
case 3 of attack on the us military
Case 3 of Attack on the US Military
  • Conducted by the PLA
  • Specifically attacked Defense Secretary Gates
  • The PLA consistently attacks the US Military
  • The strategy for penetration is different than the two previous groups
case 3 of attack on the us military1
Case 3 of Attack on the US Military
  • PLA Created a Trojan virus
  • This type of virus works by having a user authorize the install
  • The user does this because the virus has another seemingly useful virus
case 3 of attack on the us military2
Case 3 of Attack on the US Military
  • The virus exploited a well known security loop hole.
  • The virus dwelled in the system for 8 months before it was found.
current security measures
Current Security Measures
  • Two types
    • Software Security
    • Physical security
current software security measures
Current Software Security Measures
  • Passwords – 2 upper case, 2 lower case, 2 numbers, 2 special character, must be changed ever three months
  • Must log in with CAC in order to change password
  • Authorization rules – certain people are allowed access to certain aspects of information
  • Encryption
current physical security measures
Current Physical Security Measures
  • CAC ID card – All personnel have a smart card to access military computers
  • Fingerprint ID – Some access requires Fingerprint authentication
  • Separate computers for separate purposes – only certain computer are allowed to access sensitive information
newest security measures
Newest security measures
  • As of 17 NOV 2008 all USB storage devices have been banned
security measures needed
Security Measures Needed
  • Finger print authentication for access to any military computer on top of current security measures
long term effects
Long term effects
  • Forces the enemy to conduct traditional reconnaissance and expose themselves
  • They wont be able to easily know routes taken by conveys
    • Reduces ease of placement of IED
final thought

Security measures in information system in the US military are strong, but not currently strong enough. These information systems track all information including movement, personal information and military secrets.

Final Thought
ad