1 / 38

Information Warfare Defenses

Review. What is battlefield?Information Age BattlefieldComputer Network Attack (CNA)Nation-States ConflictBusinessTerrorists and Activists Simula WarInformation Warfare Tactics Process. Contents. Risk AnalysisAssetsRisk managementObjectivesPhysical SecurityPersonal SecurityProcedural S

nathalie
Download Presentation

Information Warfare Defenses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    5. Risk Analysis Risk analysis is an evaluation of the exposure one has to loss of assets or services. In the business world, a certain amount of risk may be acceptable, and entrepreneurship often involves taking risks. However in the context of warfare, there is a much lower threshold for risk.

    6. While one needs to take a realistic view, one should always be sure to take a cold, hard look at the worst case scenario, especially in the context of warfare. Risk Management Standard What is the risk of a laptop being lost or stolen? What is the risk of compromised passwords? What is the risk of an unavailable network or communication system And how do you evaluate the costs of such losses?

    7. Assets Evaluating risk first involves identifying assets: Some assets are obvious: Information Equipment Systems Personnel Some are not obvious: Reputation Soldier loyalty

    8. Sample Analysis Chart

    9. Risk Management Risk management objectives are different from one system to another but they are based on the following categories: Identification Something which uniquely identifies a user and is called UserID. Authorization The process of assigning access right to user Access Control Assurance that the user or computer at the other end of the connection is permitted to do what he asks for.

    10. Risk Management (Cont.) Authentication Assurance that the user or computer at the other end of the connection really is what it claims to be. Data Integrity Assurance that the data that arrives is the same as when it was sent. Confidentiality Assurance that sensitive information is not visible to an eavesdropper. This is usually achieved using encryption.

    17. Disaster Recovery Plan Having a disaster recovery plan is essential for any enterprise, but especially for the military. This will include: Data warehousing Backup communications Backup authentication Backup operational procedures Logging, data gathering, and reporting procedures

    18. Penetration Testing In military, or other highly sensitive applications, actual penetration testing may be done. For most applications, routine vulnerability assessment is adequate. Some vulnerability assessment tools: Shadow Security Scanner Nessus SATAN Systems Analysis Tool for Auditing Networks

    21. Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) Makes use of a certificate authority (CA). This is a trusted party that registers public keys. The CA issues “certificates” that verify that the public key does belong to a given individual. VeriSign, Inc. is a well-known company in this field. PKI has many critics, most of which have to do with whether or not you trust the CA, and how you know if certificates have been revoked and keeping up with new keys. Many feel that PKI works best within the context of a given business or organization where the CA is local.

    22. Virtual Private Network (VPN) Virtual Private Network (VPN) Using encryption to create a private channel across a public medium The connection is referred to as a “tunnel”

    23. Encryption Symmetric-The same key to encrypt and decrypt. DES AES Asymmetric-Uses different and related keys RSA Public Key

    24. Quantum Cryptography Advantage is that if someone is eavesdropping, the message will be distorted (since the act of reading the message changes it) and the loss of integrity can be detected. Based on the polarization of light through a filter. One useful application is on the distribution of secret keys. Quantum Cryptography tutorial Quantum Cryptography Demo

    25. Encryption Applications Encrypting data on a laptop in the event that the laptop is stolen. Encrypting voice and data transmissions. sftp, ssh (secure shell) Email Web Security Property identification (digital watermarking)

    26. SSH/SFTP FTP (File Transfer Protocol), for uploading and downloading files, and Telnet, used to login remotely, are very old protocols. They are vulnerable because information is transmitted “in the clear” (unencrypted). SSH, or Secure Shell, is a way of securing your remote login session using encryption. This way passwords and other information are not transmitted “in the clear.” SFTP is a similar idea, except that it protects files that are being uploaded or downloaded.

    27. Web Security Secure Socket Layer (protocol: https://) Information is encrypted by the client machine and decrypted by the host. Transport Layer Secure http (shttp://) Application Layer (encrypts page only) PCT Private Communications Technology (Microsoft SSL protocol) SET (Secure Electronic Transaction) bankcard protocol IPSec protocol used to encrypt and authenticate IP packets

    28. Biometrics In 2002, Tsutomu Matsumoto and students showed how easy it is to defeat fingerprint scanners using materials that are easily obtainable (Ferguson and Schneier, Practical Cryptography 2003: 356). But fingerprint scanners can be a useful adjunct to other means of authentication. San Jose State Study Science News: Iris Scan

    29. Electromagnetic Pulse and High Energy Radio Frequency High-power radio frequency (HERF) weapons can be used to disrupt electronic signals or actually destroy sensitive electronics. High Power Microwaves (HPM) can be used for missile defense by causing electronic disruption (as opposed to Laser systems that cause structural damage.)

    31. Intrusion Detection Systems (IDS) Intrusion Detection Systems (IDS) are evaluated based on: Rate of detection of events Number of false alarms Ability to handle new events Reporting capability Robustness under attack The IDS is usually placed either between the router and the LAN or between the Internet and the router. Where the IDS is positioned will help you determine the effectiveness of your router and firewall. One has to trade of performance with security. The more analysis that is done, the slower the performance. CERT/CC publishes an Intrusion Detection Checklist: http://www.cert.org/tech_tips/intruder_detection_checklist.html

    32. IDS alerts Sensors monitors network traffic and logs suspicious activity. Alerts may be issued when: Anomalies are detected that don’t fit normal traffic patterns “Signatures” or patterns of packet sequences that match known attacks are detected The IDS may use one or more of these means to alert of a potential break-in: Email Pager Pop-up Log file

    33. Distributed Intrusion Detection (DID) Distributed Intrusion Detection (DID) systems employ multiple IDSs on a network. Popular systems include: MyNetWatchman and http://www.dshield.org. These systems provide a mechanism (agent software) that reports logs to a web based server for analysis.

    34. IDS Tools Symantec ManHunt Network Associates Entercept Cisco IDS Host Sensors (uses Entercept) Other Commercial products recommended by CERT Freeware Purdue's COAST Snort www.snort.org

    35. Forensics Forensics involves gaining enough legally admissible evidence to obtain a conviction. Logs Date stamps Preserving Chain of Evidence (keep notes and have those in contact with the evidence sign statements.) Always keep in mind that email and IP addresses can be forged and the apparent perpetrator may be completely innocent. Software Access Data Forensic Toolkit for Windows SourceForge.net Open Source for Unix

    36. Forensics (Cont.) Those in computer forensics have to be very knowledgeable about wiretap, privacy, and other laws or they run the risk of a lawsuit. Get educated: cops.org is the site of IACIS (International Association of Computer Investigative Specialists) a non-profit dedicated to educating law enforcement in computer forensics

    37. Incident Response Plan (IRP) Create a - Security Incidence Response Team (SIRT) Containment-may involve blocking a compromised machine at the router or shutting down a service Escalation Plan-what to do if containment fails Establish Chains of Command Secure logs Patches, Educate Users, Re-evaluation Report Incidents to authorities such as http://www.cert.org/contact_cert/contactinfo.html https://tips.fbi.gov/ NIPC email reporting

    39. Resources and References CERT/CC SANS Security Digest NIST FBI NIPC Nessus Security Scanner SATAN Systems Analysis Tool for Auditing Networks Most Wanted NSA Security Page GMU Security Page

More Related