Presentation on theme: "USMA Information Warfare Analysis and Research (IWAR) Laboratory Presented to the 13 th Annual Federal Information System Security Education Association."— Presentation transcript:
USMA Information Warfare Analysis and Research (IWAR) Laboratory Presented to the 13 th Annual Federal Information System Security Education Association (FISSEA) Conference Lt. Colonel Daniel Ragsdale Major Joseph Schafer
2 Lab Organization CS485 Information Security Rules of Engagement Upcoming Events Challenges Conclusion IWAR Hall of Fame Agenda Purpose Background Issues Lab Design Goals Lab Overview Cost Saving and Cost Avoidance Techniques to Minimize Risk Legal Constraints
3 Reasonable Questions Ain’t this a cool time to be involved in Information Security? Can/Should this type of lab be built in other Environments? Can this be done on the cheap? Can we trust our system administrators if we give them knowledge of hacker tools and hacker methods? Will the construction of a security lab generate greater interest in security? To all, an emphatic Yes!!
4 Purpose The Information Warfare Analysis and Research (IWAR) Laboratory is an initiative of the USMA Information Technology and Operations Center (ITOC) The purpose of the lab is to provide a realistic, but isolated, environment for research, analysis, and instruction on topics relevant to information warfare and information operations. Infusion of security-relevant topic throughout the USMA curriculum
5 Background Issues Funded, in part by the DISC4, C2 Protect Directorate IWAR Lab design is inspired by the Network Security Lab at Texas A&M University and the ISOLAB at UC Davis Instruction focuses on both offensive and defensive information operations including (but not limited to): –Techniques that intruders use to exploit system vulnerabilities –Techniques to prevent, detect, respond to exploitation attempts
6 Lab Design Goals Realistic, Sophisticated Environment –Shared Resources –“Normal” Services –Targets inside and outside the local domain –Heterogeneous Systems –Varying levels of security Easy System Rebuilds –Ghost Images –Full Tape Backups –Admin Server Centralized Lab reconfiguration Minimize vulnerability to local (USMA) and external attacks Minimize likelihood of local and external disruption Maximize Reuse and Minimize Expenditures
7 Lab Overview 40+ “systems” 10 networking Components 2 Firewalls Various Intrusion Detection and Vulnerability Scanning Software 8 Distinct Operating Systems and Versions $270K Lab Facility
9 Techniques to Mitigate Risk Fully isolated, fully capable Network Locked-Down Search Boxes provide safe access to global resources –Bare minimum services –Removable Storage –Write permission only on /tmp and Zip Drive –Netscape Only –Detailed and Remote Logging –Local and Remote Scanning Cipher-locked Doors Ethics and Legal Briefing
10 Legal Constraints Privacy Act of 1974 Computer Fraud Waste and Abuse Act of 1987 US Code Title 18 Sections 10301030 Fraud and related activity in connection with computers US Code Title 18 Sections 27012701 Unlawful access to stored communications US Code Title 18 Sections 25112511 Interception and disclosure of wire, oral, or electronic communications prohibited DoD Directive 5200.27 Acquisition of Information Concerning Persons and Organizations not Affiliated with the Department of Defense Numerous Department of the Army Regulations
11 Advantages of Isolated Network We’re legal!! Unlikely that activities in the lab affect others Not a production environment –Supports study, analysis, and investigation of the security aspects of Hardware and Software –Supports controlled experimentation Types of Software that cadets and faculty will use in the lab: Port Scanners, Trojan Horses, Root Kits, Network Sniffers, Password Crackers, Viruses Creators, Vulnerability Scanners, Integrity Checker, Encryption, Firewalls, Intrusion Detection, etc. We’re legal!!
12 Lab Organization Black Systems (Attack) –Up to 20 Systems Gray Systems (Research) –3-5 Systems for Research and Instructor Use Gold Systems (Targets) –15-20 Systems –Potential Targets Green Systems –2-5 Army Battle Command Systems –For Security Analysis Network Components –Various hubs, switches, and routers to simulate a sophisticated production environment
13 Team Resources Shared –HP 5000 Printer –Projector –Search Systems Systems Hardware –400MHz AMD Processor –196MB RAM –3GB Hard drives –Zip Drives Linux Software –Red Hat 6.1 –GNU Software –Numerous Software Development Tools NT Software –NT 4.0 (Service pack 6) –MS Office 97, SR2 –Outlook 98 –GNAT –Netscape –Tcl/Tk –Visual Studio –RAPID –Emacs –MSDN –TechNet Solaris Software (User accounts) –Solaris 2.5/2.7 –GNU Software WAS SLIDE 23
21 CS485 Information Security 8 CS Faculty volunteered to assist with the instruction 40 Lessons Hands-on and technically-oriented Guest Lecturers Class Trip Topic projects Research Paper Course Project (2-person teams)
23 Course Project Conduct Offensive Information Operation Missions –Gain resources and secure data –No intentionally destructive actions Employment of offensive information operations methodology Identify countermeasures Continuous web-based reporting using attack reports (SITREPs) Final Report and Presentation
24 1998 USMA Graduate Comments (CS Major) “The Information Security course will also be an excellent [addition to the curriculum]. That is the one area I really wish I had a better knowledge of. I can usually get servers and applications set up, but when it comes to security, I’m not too sure about it.” “When I go to Bosnia, I might see some security issues. It sounds like they will be handled by civilian contractors, but it sure would help to know how well they are doing their job.” 1LT Stephen Hamilton G-6, Battlefield Information Systems 123d Signal Battalion
25 IWAR Rules of Engagement Always remember, you are a representative of USCC, USMA and the US Army. Act accordingly. You must not use any of techniques that you learn to commit unlawful or unethical acts You are given specific authorization to access all of the nonpublic DoD-owned computer systems in the lab Never attempt to connect any of the systems in the isolated IWAR lab network to the any other network, including the USMA network Never hide the fact that you are a service member in the United States Army Do not boast to others about your activities in the IWAR lab Always remember -- you are a representative of USCC, USMA and the US Army. Act accordingly
26 Upcoming Events Course projects for initial Information Security class CS105, Introduction to Computing Science, Tech Tour –1200+ Cadets –Early exposure to security relevant topics Demonstration Site for IEEE SMC Information Assurance Workshop in June 1999 Primary Lab for at least 2 IW Courses Ongoing research for: –DISC4 C2 Protect Program –PM for an Army Battle Control System (ABCS) Support for numerous other CS Courses, including: –Operating Systems –Computer Networks –Computer Systems –Artificial Intelligence –Information Systems Design Infusion of security relevant topics throughout the USMA curriculum
27 Challenges Heterogeneous nature of the lab increase the difficulty of: – Initial Lab Setup –Ongoing network and system administration Important tradeoff consideration for all lab components: –Provide necessary functionality –Serve as a target Demand for lab use might exceed lab capacity
28 Reasonable Questions Ain’t this a cool time to be involved in Information Security? Can/Should this type of lab be built in other Environments? Can this be done on the cheap? Can we trust our system administrators if we give them knowledge of hacker tools and hacker methods? Will the construction of a security lab generate greater interest in security? To all, an emphatic Yes!!
29 Conclusion We have achieved our initial goals –Research –Analysis –Instruction Generating tremendous interest among cadets, faculty, and outside agencies Provides a facility to evaluate and “test drive” software before putting it into a production environment To the best of our knowledge, this is one of the best equipped information security labs for undergraduate-level instruction Challenges ahead include: –System administration –Incorporation of new offensive and defensive techniques