Computer Security Incidents

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.
Using Your Knowledge – Security Threats
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Taxonomy of Computer Security Incidents Yashodhan Fadnavis.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
1 An Overview of Computer Security computer security.
Chapter 1 Introduction to Security
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Lecture 11 Reliability and Security in IT infrastructure.
Web server security Dr Jim Briggs WEBP security1.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CYBER CRIME AND SECURITY TRENDS
APA of Isfahan University of Technology In the name of God.
Computer Crime and Information Technology Security
A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, S. Hansman and R. Hunt,
Cyber crime & Security Prepared by : Rughani Zarana.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Computer Security, Ethics and Privacy Chapter 11.
C8- Securing Information Systems
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Securing the Network.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t.
Topic 5: Basic Security.
Module 11: Designing Security for Network Perimeters.
McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
1 Copyright © 2014 M. E. Kabay. All rights reserved. Taxonomy of Computer Security Breaches CSH6 Chapter 8 “Using a Common Language for Computer Security.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
Introduction to Security Dr. John P. Abraham Professor UTPA.
Computer Security By Duncan Hall.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Forms of Network Attacks Gabriel Owens COSC 352 February 24, 2011.
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
Denial of Service Attack Pornography Phising Spoofing Salami Attack Forgery Hackers: enjoy intellectual challenges of overcoming software limitations.
Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:
Manajemen Jaringan, Sukiswo ST, MT 1 Network Control Sukiswo
Securing Information Systems
Proactive Incident Response
Computer Security Incidents
Issues and Protections
Major Event Response Time Declining
Threats By Dr. Shadi Masadeh.
Secure Software Confidentiality Integrity Data Security Authentication
Threats to computers Andrew Cormack UKERNA.
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Answer the questions to reveal the blocks and guess the picture.
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Risk Assessment = Risky Business
What Makes a Network Vulnerable?
The University of Adelaide, School of Computer Science
Securing your hack-free work environment
IS4550 Security Policies and Implementation
Faculty of Science IT Department By Raz Dara MA.
Intrusion Detection system
Test 3 review FTP & Cybersecurity
Presentation transcript:

Computer Security Incidents Lesson 2 Computer Security Incidents Taxonomy

Need an accepted taxonomy because . . . Provides a common frame of reference If no taxonomy, then we: Can’t develop common reporting criteria Can’t develop processes and standardization Ultimately-no IA “Common Language”

Must have these characteristics . . . + B = C Logically related columns Taxonomy Must be: 1 2 3 4 5 1 2 3 1 2 3 4 Categories Exhaustive Mutually exclusive Repeatable Unambiguous Accepted Useful

Where to start? The inability to share data because of non- standard terminology is not a new problem For this reason several computer security taxonomies have already been developed Most comprehensive study done by Sandia Labs in conjunction with Carnegie Mellon University Currently in use at Carnegie Mellon’s CERT/CC Sandia Report: “A Common Language for Computer Security Incidents”, John D. Howard and Thomas A. Longstaff (October 1998)

Network Based Taxonomy Network Based Taxonomy Incident Attack Network Based Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Event Sandia Labs Attackers Hackers Spies Terrorists Corporate Raiders Professional Criminals Vandals Voyeurs Tool Physical Attack Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives Challenge, Status, Thrills Political Gain Financial Damage Network Based Taxonomy

Basic Model Incident Intrusions Attacks Intruders Attackers Attackers Objectives Tool Vulnerability Action Target Unauthorized Result Attackers Objectives

Computer Network “Incident” Defended Network Intruders Hackers Terrorists Other Intrusions Increased access Disclosure of info Theft of resources Corruption of info Denial of Service Objectives Status/Thrills Political Gain Financial Gain Damage

Intrusion Taxonomy Intrusion Event Intruders Action Target Tool Tool Vulnerability Vulnerability Action Action Target Target Unauthorized Result Unauthorized Result Intruders Objectives

Intrusion Intrusion Intruder Connection SECURITY Defended Network Vulnerabilities Design Implementation Configuration Connection Defended Network Jl;j;j jjl;j;lj jl;kllkj Physical force Info exchange User command Script/Program Autonomous agent Toolkit Distributed tool Data tap Tools Events Action Target Unauthorized Results Increased access Disclosure Corrupt data Denial of Service Theft Thrills Political Gain Financial Gain Damage Objective

No Intrusion Attempted Intrusion FIREWALL Intruder Connection FIREWALL Defended Network Jl;j;j jjl;j;lj jl;kllkj Physical force Info exchange User command Script/Program Autonomous agent Toolkit Distributed tool Data tap Tools Vulnerabilities Design Implementation Configuration Did have Intent Thrills Political Gain Financial Gain Damage No Unauthorized Results Objective

Intrusion Intrusion taxonomy in practice . . . Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Sandia Labs Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Event Unauthorized Result Increased Access Disclosure of Corruption of Denial of Service Theft of Resources Attack Vulnerability Design Implementation Configuration Intrusion Intruders Objectives Intrusion taxonomy in practice . . . Toolkit Design Bypass Process Corruption of Data Denial of Service Computer Network Intrusion

Intrusion Intrusion taxonomy in practice . . . Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Sandia Labs Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Event Unauthorized Result Increased Access Disclosure of Corruption of Denial of Service Theft of Resources Attack Vulnerability Design Implementation Configuration Intrusion Intruders Objectives Intrusion taxonomy in practice . . . Unauthorized Result Intrusion Tool Kit Design Increased Access Bypass Process Authorized User Authorized User Insider Threat

Taxonomy applied A Case Study

Network Based Taxonomy Network Based Taxonomy Intrusion Attack Event Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Sandia Labs Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives Design User Command Authenticate Account Increased Access Network Based Taxonomy Network Based Taxonomy Intrusion 1

Intrusion 1 - Increased Acess Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Unauthorized Result Objectives Target User Command Design Bypass Process Root Access Increased Access Account Intrusion 2 Disclosure of Information Process Corruption of Information Data Denial of Service Component Theft of Resources Computer Network Internetwork

Intrusion 2 - Root Level Access Intrusion 1 - Increased Access Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives Root Access User Command Design Intrusion 3 Disclosure of Information Steal Data

Intruders Objectives Intrusion 3 - Disclosure of Information Intrusion 2 - Root Level Access Intrusion 1 - Increased Access Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives

Process Modify Intruders Objectives Script or Denial of Program Intrusion 3 - Disclosure of Information Intrusion 2 - Root Level Access Intrusion 1 - Increased Access Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives Script or Program Implementation Modify Process Disclosure of Information Denial of Service Theft of Resources

New definition: “Intrusion Set” Multiple related intrusions = “Intrusion Set” Multiple Events Tool Vulnerability Unauthorized Result Action Target Intruder Objective

? Who? What? Why? Intrusion Sets Intruder AND OBJECTIVES answer the what Intrusion Sets Need more information to get to attribution Need to know who? AND Need to know why? ? OBJECTIVES Intruder

Attribution Who and Why? Objectives Intruders Intrusion Set Tool Vulnerability Action Target Unauthorized Result Attribution

Objective reporting criteria Must report all unauthorized results (Actual or attempted) Including intrusion data Intrusion(s) Unauthorized Result Disclosure of Information Corruption of Denial of Service Theft of Resources Increased Access Action Target Not every event? Action Target Unauthorized Result Action Target Vulnerability Tool Disclosure of Information Corruption of Denial of Service Theft of Resources Unauthorized Result Increased Access Attackers Intruders Tool Vulnerability Action Target Objectives Physical Force Challenge, Status, Thrills Challenge, Status, Thrill Hackers Hackers Design Probe Account Information Exchange Political Gain Group 1 Spies Spies Implementation Scan Process Pol/Mil Gain User Command Financial Gain Terrorists Terrorists Configuration Flood Data Financial gain Group 2 Corporate Raiders Corporate Raiders Script or Program Authenticate Component Damage Damage Professional Criminals Professional Criminals Autonomous Agent Bypass Computer Group 3 Vandals Vandals Toolkit Spoof Network Distributed Tool Voyeurs Voyeurs Read Internetwork Group 4 Data Tap Copy Steal Modify Delete

New Work US Military: US Cyber Command FBI: Cyber Forensic Centers MITRE ATT&CK Matrix Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a model and framework for describing the actions an adversary may take while operating within an enterprise network.

MITRE ATT&CK Matrix https://attack.mitre.org/wiki/File:ATT%26CK_Matrix.png#file REF: https://attack.mitre.org/index.php/Main_Page

SUMMARY Common Taxonomy Developed Increased Data Sharing Ongoing Prosecutions Increasing More Frameworks emerging

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.