Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information System Security and the US Military Ben Mascolo – ISC 300.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Information System Security and the US Military Ben Mascolo – ISC 300."— Presentation transcript:

1 Information System Security and the US Military Ben Mascolo – ISC 300

2 Terms and Acronyms used AKO – Army Knowledge Online AR – Army Regulation CAC – Common Access Card DKO – Defence Knowledge Online DOD – Department of Defence IED – Improvised Explosive Device

3 Terms and Acronyms used PIN – Personal Identification Number TFTP – Trivial File Transfer Program UFO – Unidentified Flying Object WAN – Wide Area Network PLA – Peoples Liberation Army of China

4 Introduction Security Measures currently held by the US military for its information systems are not enough and need to be improved.

5 Introduction The gathering of intelligence is key in military and paramilitary operations The US Military has consolidated all personal, movement, and intelligence information into a series of inter-connected WANs called DKO. This is a relevant issue because enemies of the US no longer have to conduct reconnaissance, if they can penetrate these information systems.

6 Case 1 of Attack on US Military April of 1990 Dutch Teenagers Stole Troop movement information and attempted to sell it to the Iraqi government Not a direct exploit of the information system

7 Case 1 of Attack on US Military Attacked the information system in 3 ways  Dictionary attack to guess passwords  Used loop holes in the operating system  Broke into civilian contractors with access to military systems

8 Case 1 of Attack on US Military

9 Case 1 of Attack on the US Military The Military found out about the attack via Dutch television when the teens publicly broadcasted another attack

10 Case 2 of Attack on US Military British Attacker 40 Years old Looked for accounts with no passwords Simply logged in Left Notes on desktops of users telling them to create a password Deleted security records

11 Case 2 of Attack on the US Military Cost a total of $700,000 in damages Was discovered by system administrators after they noted many logins from out side the country

12 Case 3 of Attack on the US Military Conducted by the PLA Specifically attacked Defense Secretary Gates The PLA consistently attacks the US Military The strategy for penetration is different than the two previous groups

13 Case 3 of Attack on the US Military PLA Created a Trojan virus This type of virus works by having a user authorize the install The user does this because the virus has another seemingly useful virus

14 Case 3 of Attack on the US Military The virus exploited a well known security loop hole. The virus dwelled in the system for 8 months before it was found.

15 Current Security Measures Two types  Software Security  Physical security

16 Current Software Security Measures Passwords – 2 upper case, 2 lower case, 2 numbers, 2 special character, must be changed ever three months Must log in with CAC in order to change password Authorization rules – certain people are allowed access to certain aspects of information Encryption

17 Current Physical Security Measures CAC ID card – All personnel have a smart card to access military computers Fingerprint ID – Some access requires Fingerprint authentication Separate computers for separate purposes – only certain computer are allowed to access sensitive information

18 Newest security measures As of 17 NOV 2008 all USB storage devices have been banned

19 Security Measures Needed Finger print authentication for access to any military computer on top of current security measures

20 Long term effects Forces the enemy to conduct traditional reconnaissance and expose themselves They wont be able to easily know routes taken by conveys  Reduces ease of placement of IED

21 Final Thought Security measures in information system in the US military are strong, but not currently strong enough. These information systems track all information including movement, personal information and military secrets.

Download ppt "Information System Security and the US Military Ben Mascolo – ISC 300."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
UNIT 20 The ex-hacker.

UNIT 20 The ex-hacker.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
1 3. Data Protection and Privacy Reference: Discovering Computers 2003/2004 Course Technology, Thomson Learning Chapter 12 Note: The privacy laws in HK.

1 3. Data Protection and Privacy Reference: Discovering Computers 2003/2004 Course Technology, Thomson Learning Chapter 12 Note: The privacy laws in HK.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.

第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
1Lecturer: Dalia Mirghani Saadabi. 2 A set of computers connected together so that they can communicate is called a computer network. This involves installing.

1Lecturer: Dalia Mirghani Saadabi. 2 A set of computers connected together so that they can communicate is called a computer network. This involves installing.
Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.

Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Operating Systems Protection & Security.

Operating Systems Protection & Security.
Data Confidentiality. Learning Objectives: By the end of this topic you should be able to: discuss the need to keep data confidential explain how data.

Data Confidentiality. Learning Objectives: By the end of this topic you should be able to: discuss the need to keep data confidential explain how data.

Similar presentations

Ads by Google