Presentation is loading. Please wait.

Presentation is loading. Please wait.

1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber.

Similar presentations


Presentation on theme: "1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber."— Presentation transcript:

1 1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber Security Boot Camp Air Force Research Laboratory Information Directorate, Rome, NY M. E. Kabay, PhD, CISSP-ISSMP Assoc. Prof. Information Assurance Program Direction, MSIA & BSIA Division of Business & Management, Norwich University Northfield, Vermont mailto:mkabay@norwich.edumailto:mkabay@norwich.edu V: 802.479.7937

2 1-2/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Topics 08:00-08:15 Introductions & Overview 08:15-09:00 Fundamental Concepts 09:05-10:25 INFOWAR Theory 10:35-11:55 Case Histories & Scenarios

3 1-3/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Part 1: Fundamental Concepts Fundamental Elements of INFOSEC Sources of Damage to IT Risk Categories Taxonomy for Computer Incidents

4 1-4/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Fundamental Elements of INFOSEC: Protect the 6 atomic elements of information security (not just 3): Confidentiality Possession or control Integrity Authenticity Availability Utility C-I-A

5 1-5/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Confidentiality Restricting access to data Protecting against unauthorized disclosure of existence of data E.g., allowing industrial spy to deduce nature of clientele by looking at directory names Protecting against unauthorized disclosure of details of data E.g., allowing 13-yr old girl to examine HIV+ records in Florida clinic

6 1-6/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Possession Control over information Preventing physical contact with data E.g., case of thief who recorded ATM PINs by radio (but never looked at them) Preventing copying or unauthorized use of intellectual property E.g., violations by software pirates

7 1-7/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Integrity Internal consistency, validity, fitness for use Avoiding physical corruption E.g., database pointers trashed or data garbled Avoiding logical corruption E.g., inconsistencies between order header total sale & sum of costs of details

8 1-8/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Authenticity Correspondence to intended meaning Avoiding nonsense E.g., part number field actually contains cost Avoiding fraud E.g., senders name on e-mail is changed to someone elses

9 1-9/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Availability Timely access to data Avoid delays E.g., prevent system crashes & arrange for recovery plans Avoid inconvenience E.g., prevent mislabelling of files

10 1-10/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Utility Usefulness for specific purposes Avoid conversion to less useful form E.g., replacing dollar amounts by foreign currency equivalent Prevent impenetrable coding E.g., employee encrypts source code and "forgets" decryption key

11 1-11/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Rough Guesses About Sources of Damage to IT See CSH4 (Computer Security Handbook, 4 th ed): Ch 4, Studies and Surveys of Computer Crime. Also http://www2.norwich.edu/mkabay/methodology/crime_stats_methods.htm

12 1-12/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Risk Categories* Physical Attempts to gain control (physical intrusion) Electronic Attempts to gain control (malicious hacking) Execution of Arbitrary Code (viruses, trojans, Active-x, Java,...) Spoofing (lying about who you are -- users, sites, devices) Eavesdropping (sniffing, wiretapping of data, passwords...) ________ * ICSA Risk Framework

13 1-13/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Risk Categories (Contd) Lack of Knowledge / Awareness (admin., users, outside errors) Lack of Trust, Confidence (IT, users, disgruntled… ) Denial of service (down time: electronic DOS, disasters, reliable) Exploitation of User by Site (privacy, swindles….) Exploitation the data subject (privacy, confidentiality, non-user) Lack of Interoperability

14 1-14/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Taxonomy for Computer Security Incidents What is a Common Descriptive Language? What is a Taxonomy? Why a Language/Taxonomy for Computer Crime? The Model as a Whole Actions Targets Events Vulnerability Tool Unauthorized Result Objectives Attackers

15 1-15/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 What is a Common Descriptive Language? Set of terms that experts agree on in a field Clear definitions to the extent possible Precise Unambiguous Easy to determine in the field A common language does not necessarily imply a causal or structural model Provides means of communication among experts Supports analysis

16 1-16/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 What is a Taxonomy? Structure relating terms in the common language Permits classification of phenomena Expresses (a) model(s) of the underlying phenomena Supports hypothesis-building Supports collection and analysis of statistical information

17 1-17/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Why a Language/Taxonomy for Computer Crime? Field of information assurance growing More people Less common experience Growing variability in meaning of terms Whats wrong with ambiguous terminology? Can cause confusion – talking at cross- purposes Can mislead investigators and others Wastes time in clarification time after time Interferes with data-gathering Makes comparisons and tests difficult or impossible

18 1-18/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 The Model as a Whole (See full-page printout at end)

19 1-19/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Actions Probe / scan Flood Authenticate / Bypass / Spoof Read / Copy / Steal Modify / Delete

20 1-20/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Targets Analyze the following real cases and identify the target(s) in the events: A criminal inserts a Trojan Horse into a production system; it logs keystrokes A criminal hacker defaces a Web page An attacker launches millions of spurious packets addressed to a particular e-commerce server The Morris Worm of November 1988 takes down 9,000 computers on the Internet

21 1-21/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Events An event consists of an action taken against a target Analyze the following events in these terms: An 8-year-old kid examines all the ports on a Web server to see if any are unprotected A dishonest employee makes copies on a Zip disk of secret formulas for a new product A saboteur cuts the cables linking a company network to the Internet

22 1-22/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Vulnerability Vulnerability = a weakness Distinguish among vulnerabilities due to Design Implementation Configuration See National Vulnerability Database Thousands of vulnerabilities Classified by platform and version

23 1-23/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 National Vulnerability DB http://nvd.nist.gov/

24 1-24/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Tool Means of exploiting a vulnerability Widely available on Internet Exchanged at hacker meetings 2600 L0pht (defunct) Discussed and demonstrated at black-hat and gray-hat conferences DEFCON – Las Vegas HACTIC – Netherlands Many exploits usable by script kiddies and other poorly-trained hackers

25 1-25/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Unauthorized Result Many possible results; e.g., consider results of these attacks: Someone installs a Remote Access Trojan called BO2K on a target system An e-mail-enabled worm (e.g., KLEZ) sends a copy of a confidential document to 592 strangers The Stacheldraht DDoS tool completely interdicts access to an e- commerce site A secret program installed by an employee uses all the excess CPU cycles in a corporate network for prime-number calculations

26 1-26/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Objectives Characteristics of the human beings involved in the attack Different objectives and define different labels Criminal hacking Industrial espionage Industrial sabotage Information warfare

27 1-27/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Attackers Wide range of attributes Subject of chapter 6 in CSH4 Skill Ideology Gain

28 1-28/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 The Model as a Whole (again)

29 1-29/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 Resume at 09:05:03


Download ppt "1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber."

Similar presentations


Ads by Google