1 / 29

INFORMATION WARFARE Part 1: Fundamentals

INFORMATION WARFARE Part 1: Fundamentals. Advanced Course in Engineering 2006 Cyber Security Boot Camp Air Force Research Laboratory Information Directorate, Rome, NY M. E. Kabay, PhD, CISSP-ISSMP

knut
Download Presentation

INFORMATION WARFARE Part 1: Fundamentals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INFORMATION WARFAREPart 1: Fundamentals Advanced Course in Engineering2006 Cyber Security Boot Camp Air Force Research Laboratory Information Directorate, Rome, NY M. E. Kabay, PhD, CISSP-ISSMP Assoc. Prof. Information AssuranceProgram Direction, MSIA & BSIA Division of Business & Management, Norwich UniversityNorthfield, Vermont mailto:mkabay@norwich.edu V: 802.479.7937

  2. Topics • 08:00-08:15 Introductions & Overview • 08:15-09:00 Fundamental Concepts • 09:05-10:25 INFOWAR Theory • 10:35-11:55 Case Histories & Scenarios

  3. Part 1: Fundamental Concepts • Fundamental Elements of INFOSEC • Sources of Damage to IT • Risk Categories • Taxonomy for Computer Incidents

  4. C-I-A Fundamental Elements of INFOSEC: Protect the 6 atomic elements of information security (not just 3): • Confidentiality • Possession or control • Integrity • Authenticity • Availability • Utility

  5. Confidentiality Restricting access to data • Protecting against unauthorized disclosure of existence of data • E.g., allowing industrial spy to deduce nature of clientele by looking at directory names • Protecting against unauthorized disclosure of details of data • E.g., allowing 13-yr old girl to examine HIV+ records in Florida clinic

  6. Possession Control over information • Preventing physical contact with data • E.g., case of thief who recorded ATM PINs by radio (but never looked at them) • Preventing copying or unauthorized use of intellectual property • E.g., violations by software pirates

  7. Integrity Internal consistency, validity, fitness for use • Avoiding physical corruption • E.g., database pointers trashed or data garbled • Avoiding logical corruption • E.g., inconsistencies between order header total sale & sum of costs of details

  8. Authenticity Correspondence to intended meaning • Avoiding nonsense • E.g., part number field actually contains cost • Avoiding fraud • E.g., sender’s name on e-mail is changed to someone else’s

  9. Availability Timely access to data • Avoid delays • E.g., prevent system crashes & arrange for recovery plans • Avoid inconvenience • E.g., prevent mislabelling of files

  10. Utility Usefulness for specific purposes • Avoid conversion to less useful form • E.g., replacing dollar amounts by foreign currency equivalent • Prevent impenetrable coding • E.g., employee encrypts source code and "forgets" decryption key

  11. Rough Guesses About Sources of Damage to IT See CSH4 (Computer Security Handbook, 4th ed): Ch 4, “Studies and Surveys of Computer Crime.” Also http://www2.norwich.edu/mkabay/methodology/crime_stats_methods.htm

  12. Risk Categories* • Physical Attempts to gain control (physical intrusion) • Electronic Attempts to gain control (malicious hacking) • Execution of Arbitrary Code (viruses, trojans, Active-x, Java, ...) • Spoofing (lying about who you are -- users, sites, devices) • Eavesdropping (sniffing, wiretapping of data, passwords ...) ________ * ICSA Risk Framework

  13. Risk Categories (Cont’d) • Lack of Knowledge / Awareness (admin., users, outside errors) • Lack of Trust, Confidence (IT, users, disgruntled… ) • Denial of service (down time: electronic DOS, disasters, reliable) • Exploitation of User by Site (privacy, swindles….) • Exploitation the data subject (privacy, confidentiality, non-user) • Lack of Interoperability

  14. Taxonomy for Computer Security Incidents • What is a Common Descriptive Language? • What is a Taxonomy? • Why a Language/Taxonomy for Computer Crime? • The Model as a Whole • Actions • Targets • Events • Vulnerability • Tool • Unauthorized Result • Objectives • Attackers

  15. What is a Common Descriptive Language? • Set of terms that experts agree on in a field • Clear definitions to the extent possible • Precise • Unambiguous • Easy to determine in the field • A common language does not necessarily imply a causal or structural model • Provides means of communication among experts • Supports analysis

  16. What is a Taxonomy? • Structure relating terms in the common language • Permits classification of phenomena • Expresses (a) model(s) of the underlying phenomena • Supports hypothesis-building • Supports collection and analysis of statistical information

  17. Why a Language/Taxonomy for Computer Crime? • Field of information assurance growing • More people • Less common experience • Growing variability in meaning of terms • What’s wrong with ambiguous terminology? • Can cause confusion – talking at cross-purposes • Can mislead investigators and others • Wastes time in clarification time after time • Interferes with data-gathering • Makes comparisons and tests difficult or impossible

  18. The Model as a Whole(See full-page printout at end)

  19. Actions • Probe / scan • Flood • Authenticate / Bypass / Spoof • Read / Copy / Steal • Modify / Delete

  20. Targets Analyze the following real cases and identify the target(s) in the events: • A criminal inserts a Trojan Horse into a production system; it logs keystrokes • A criminal hacker defaces a Web page • An attacker launches millions of spurious packets addressed to a particular e-commerce server • The Morris Worm of November 1988 takes down 9,000 computers on the Internet

  21. Events • An event consists of an action taken against a target • Analyze the following events in these terms: • An 8-year-old kid examines all the ports on a Web server to see if any are unprotected • A dishonest employee makes copies on a Zip disk of secret formulas for a new product • A saboteur cuts the cables linking a company network to the Internet

  22. Vulnerability • Vulnerability = a weakness • Distinguish among vulnerabilities due to • Design • Implementation • Configuration • See National Vulnerability Database • Thousands of vulnerabilities • Classified by platform and version

  23. National Vulnerability DB http://nvd.nist.gov/

  24. Tool • Means of exploiting a vulnerability • Widely available on Internet • Exchanged at hacker meetings • 2600 • L0pht (defunct) • Discussed and demonstrated at black-hat and gray-hat conferences • DEFCON – Las Vegas • HACTIC – Netherlands • Many exploits usable by script kiddies and other poorly-trained hackers

  25. Unauthorized Result Many possible results; e.g., consider results of these attacks: • Someone installs a Remote Access Trojan called BO2K on a target system • An e-mail-enabled worm (e.g., KLEZ) sends a copy of a confidential document to 592 strangers • The Stacheldraht DDoS tool completely interdicts access to an e-commerce site • A secret program installed by an employee uses all the “excess” CPU cycles in a corporate network for prime-number calculations

  26. Objectives • Characteristics of the human beings involved in the attack • Different objectives and define different labels • Criminal hacking • Industrial espionage • Industrial sabotage • Information warfare

  27. Gain Ideology Skill Attackers • Wide range of attributes • Subject of chapter 6 in CSH4

  28. The Model as a Whole (again)

  29. Resume at 09:05:03

More Related