Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federal Intrusion Detection Network (FIDNet) Concept Overview Darwyn Banks, Program Manager “Protecting the Critical Infrastructure: Issues & Solutions”

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Federal Intrusion Detection Network (FIDNet) Concept Overview Darwyn Banks, Program Manager “Protecting the Critical Infrastructure: Issues & Solutions”"— Presentation transcript:

1

2 Federal Intrusion Detection Network (FIDNet) Concept Overview Darwyn Banks, Program Manager “Protecting the Critical Infrastructure: Issues & Solutions” Falls Church, VA 9 November 1999

3 Agenda  What is this FIDNet? –New Initiative –Technical Issues –Privacy Concerns –Why GSA?  Q&A

4 What is FIDNet? A New Initiative The National Plan (CIAO) FY00 Budget Amendment, Sep 99 –Federal Cyber Service –FIDNet –PKI –Expert Review Team –State & Local Gov’t ISACs

5 What is FIDNet? FIDNet is NOT Big Brother Email

6 What is FIDNet? Example Network Security Mgmt Copyright, Cisco Systems Inc. ©, 1999 Agencies own, operate & tune their own sensors; set the policies FIDNet Ops Agencies’ Ops

7 What is FIDNet? Short List of IDS Vendors * Advantor Corp. Anzen Computing Axent Technologies Inc. Cisco Systems Inc. Computer Associates Inc. CyberSafe Corp. DataLynx Inc. Internet Security Systems Inc. Network Associates Inc. Network Flight Recorder Inc. Network ICE ODS Networks Inc. PentaSafe Inc. PRC Securant Technologies Inc. Security Dynamics Technologies Inc. TASC Inc. Trident Data Systems Tripwire Security Systems Inc. WetStone Technologies Inc. *Compiled by Information Security Magazine, September 1999 URL: http://www.infosecuritymag.com/sept99/prod_roundup.htm

8 What is FIDNet? Example Network Security Mgmt (cont’d) Copyright, Cisco Systems, Inc. ©, 1999 Agencies own, operate & tune their own sensors; set the policies FIDNet Ops Agencies’ Ops

9 What is FIDNet? FIDNet will:  Be a new capability--pilot proposal –Probably more than current products/services –Certainly more than just new sensors  Incorporate current & future R&D  Leverage technical development(s)  Include personnel development  Work as one with FedCIRC  Analyze & correlate IDS output  Not usurp agency autonomy

10 What is FIDNet? FIDNet Assumptions  Participating agencies have an IDS  FIDNet will be able to read / accept the output(s) of the agencies’ disparate systems  Program will recommend (if not provide) preferred IDS configuration(s)  r&D ongoing. We are pushing the IDS envelope: –Industry considers this to be a workable challenge Intrusion Detection Exchange Format Working Group (IETF/IDWG) Common Intrusion Detection Framework (DARPA/CIDF) Common Vulnerabilities & Exposures (Mitre/CVE) –Scalability of IDS technologies up to the federal level

11 What is FIDNet? FIDNet Vendor Offerings  Must address: –False Alarms –Data Overload –Data Visualization –Meaningful Analysis  Must maintain: –Interoperability –Flexibility –Adaptability –Extensibility

12 What is FIDNet? 4 Levels of Data Flow Level 0: Sender, Recipient, Agency Actual network traffic [in/out-bound to/from Internet] FIDAC (GSA) FedCIRC (GSA) FIDAC (GSA) FedCIRC (GSA) Output of Agencies’ IDS Level 1: FIDAC / FedCIRC NIPC/ Analysis & Warning FIDAC / FedCIRC NIPC/ Analysis & Warning Suspicious Activity Level 2: NIPC/ Law Enforcement FBI/ Computer Crime NIPC/ Law Enforcement FBI/ Computer Crime Criminal Activity Level 3: Who Sees?

13 FIDNet Proposed FIDNet Architecture 4 Distinct Levels of Data Flow Internet Probable Incident Data JTF-CND ISAC (Future) FIDAC FedCIRC NIPC Analysis and Warning IDS Output Data IDS Output Data NSIRC 0100110111010 Sensor 0100110 Level 0 Level 2 Level 1 Legal Validation and Court Order NIPC Computer Crimes Section Suspected Criminal Activity Level 3 Law Enforcement Processes Sensor 1 Sensor 2 Agency #1Agency #2 Situational Awareness Collaboration Net

14 What is FIDNet? 4 Levels of Data Flow Level 0: Sender, Recipient, Agency Actual network traffic [in/out-bound to/from Internet] FIDAC (GSA) FedCIRC (GSA) FIDAC (GSA) FedCIRC (GSA) Output of Agencies’ IDS Level 1: FIDAC / FedCIRC NIPC/ Analysis & Warning FIDAC / FedCIRC NIPC/ Analysis & Warning Suspicious Activity Level 2: NIPC/ Law Enforcement FBI/ Computer Crime NIPC/ Law Enforcement FBI/ Computer Crime Criminal Activity Level 3: Who Sees?

15  Cross-correlation of intrusions / network “events” –“Raise the Bar” of Network Security –Agencies gain new insight –Better Detection of Low Flyers  Economie$ of $cale –Pooling scarce resources Expected Benefits of FIDNet:

16 “Now that’s great security software!” PAGE 8 AUGUST 27, 1995 PARADE MAGAZINE

17 Back-up Slides

18 Intrusion Detection Systems: Physical Analogy Alarm ADT ® Alarm air So what? Alarm False Positives Cost $$ False Positives Cost $$ Police Station Alarm Central Facility ADT ®

19 Intrusion Detection Systems: Physical Analogy (cont’d) 417 425 401405409 413 421 422 418 414 402406410 426

Download ppt "Federal Intrusion Detection Network (FIDNet) Concept Overview Darwyn Banks, Program Manager “Protecting the Critical Infrastructure: Issues & Solutions”"

Similar presentations

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Copyright 2005 - 2009: Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Eleven Police Technology Information Exchange.

Copyright : Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Eleven Police Technology Information Exchange.
MOTOROLA and the Stylized M Logo are registered in the US Patent and Trademark Office. All other product or service names are the property of their respective.

MOTOROLA and the Stylized M Logo are registered in the US Patent and Trademark Office. All other product or service names are the property of their respective.
InfraGard Update SSA John V. Gillies SA Matthew E. Morin.

InfraGard Update SSA John V. Gillies SA Matthew E. Morin.
CIAO.0209 - July 99 - 1 Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.

CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.
Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”

Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.

Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
STATE OF THE PRACTICE OF INTRUSION DETECTION TECHNOLOGIES Presented by Hap Huynh Based on content by SEI.

STATE OF THE PRACTICE OF INTRUSION DETECTION TECHNOLOGIES Presented by Hap Huynh Based on content by SEI.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Security administrators The experts need better tools too!

Security administrators The experts need better tools too!
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
InterAct™ Business Overview LexisNexis presentation June 2013 InterAct Proprietary and Confidential.

InterAct™ Business Overview LexisNexis presentation June 2013 InterAct Proprietary and Confidential.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.

The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.
GARDINER POLICE DEPARTMENT SERVING SINCE 1849 SERVING SINCE 1849 Chief James M. Toman.

GARDINER POLICE DEPARTMENT SERVING SINCE 1849 SERVING SINCE 1849 Chief James M. Toman.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.

Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.

Similar presentations

Ads by Google