Ben mascolo isc 300
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Information System Security and the US Military PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on
  • Presentation posted in: General

Ben Mascolo – ISC 300. Information System Security and the US Military. AKO – Army Knowledge Online AR – Army Regulation CAC – Common Access Card DKO – Defence Knowledge Online DOD – Department of Defence IED – Improvised Explosive Device. Terms and Acronyms used.

Download Presentation

Information System Security and the US Military

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ben mascolo isc 300

Ben Mascolo – ISC 300

Information System Security and the US Military


Terms and acronyms used

AKO – Army Knowledge Online

AR – Army Regulation

CAC – Common Access Card

DKO – Defence Knowledge Online

DOD – Department of Defence

IED – Improvised Explosive Device

Terms and Acronyms used


Terms and acronyms used1

PIN – Personal Identification Number

TFTP – Trivial File Transfer Program

UFO – Unidentified Flying Object

WAN – Wide Area Network

PLA – Peoples Liberation Army of China

Terms and Acronyms used


Information system security and the us military

Security Measures currently held by the US military for its information systems are not enough and need to be improved.

Introduction


Introduction

Introduction

  • The gathering of intelligence is key in military and paramilitary operations

  • The US Military has consolidated all personal, movement, and intelligence information into a series of inter-connected WANs called DKO.

  • This is a relevant issue because enemies of the US no longer have to conduct reconnaissance, if they can penetrate these information systems.


Case 1 of attack on us military

Case 1 of Attack on US Military

  • April of 1990

  • Dutch Teenagers

  • Stole Troop movement information and attempted to sell it to the Iraqi government

  • Not a direct exploit of the information system


Case 1 of attack on us military1

Case 1 of Attack on US Military

  • Attacked the information system in 3 ways

    • Dictionary attack to guess passwords

    • Used loop holes in the operating system

    • Broke into civilian contractors with access to military systems


Case 1 of attack on us military2

Case 1 of Attack on US Military


Case 1 of attack on the us military

Case 1 of Attack on the US Military

  • The Military found out about the attack via Dutch television when the teens publicly broadcasted another attack


Case 2 of attack on us military

Case 2 of Attack on US Military

  • British Attacker

  • 40 Years old

  • Looked for accounts with no passwords

  • Simply logged in

  • Left Notes on desktops of users telling them to create a password

  • Deleted security records


Case 2 of attack on the us military

Case 2 of Attack on the US Military

  • Cost a total of $700,000 in damages

  • Was discovered by system administrators after they noted many logins from out side the country


Case 3 of attack on the us military

Case 3 of Attack on the US Military

  • Conducted by the PLA

  • Specifically attacked Defense Secretary Gates

  • The PLA consistently attacks the US Military

  • The strategy for penetration is different than the two previous groups


Case 3 of attack on the us military1

Case 3 of Attack on the US Military

  • PLA Created a Trojan virus

  • This type of virus works by having a user authorize the install

  • The user does this because the virus has another seemingly useful virus


Case 3 of attack on the us military2

Case 3 of Attack on the US Military

  • The virus exploited a well known security loop hole.

  • The virus dwelled in the system for 8 months before it was found.


Current security measures

Current Security Measures

  • Two types

    • Software Security

    • Physical security


Current software security measures

Current Software Security Measures

  • Passwords – 2 upper case, 2 lower case, 2 numbers, 2 special character, must be changed ever three months

  • Must log in with CAC in order to change password

  • Authorization rules – certain people are allowed access to certain aspects of information

  • Encryption


Current physical security measures

Current Physical Security Measures

  • CAC ID card – All personnel have a smart card to access military computers

  • Fingerprint ID – Some access requires Fingerprint authentication

  • Separate computers for separate purposes – only certain computer are allowed to access sensitive information


Newest security measures

Newest security measures

  • As of 17 NOV 2008 all USB storage devices have been banned


Security measures needed

Security Measures Needed

  • Finger print authentication for access to any military computer on top of current security measures


Long term effects

Long term effects

  • Forces the enemy to conduct traditional reconnaissance and expose themselves

  • They wont be able to easily know routes taken by conveys

    • Reduces ease of placement of IED


Final thought

Security measures in information system in the US military are strong, but not currently strong enough. These information systems track all information including movement, personal information and military secrets.

Final Thought


  • Login