The Security Network Track # 2, Panel #3 Presented by John C. Deal Erik Visnyak October 6, 2009 CyberSecurity for the GIG; a historical perspective

 Almon Strowger  Cliff Stoll –  Compromise of the Greek Telephone System – 2004/2005  Cyber Attack on Estonia and the Republic of Georgia – 2007/2008  Others

1st Perimeter - Stop Common Hackers & Vulnerabilities + “Trip-Wire ” A Classic Approach to Defense-In-Depth Internet 3rd Perimeter - Internal Trip-Wire Installation Firewall DMZ Public Servers FW External IDS ACL Internal IDS 2nd Perimeter – DMZ + Stop Attacks 4th Perimeter - Allow Only Verified Enclave Users & Applications Deny All Others Final Defensive Perimeter - Server Trip-Wire & Other Server Security Mechanisms Intrusion Detection System Enclave Firewall ACL FW Server Tools 1st Perimeter - Stop Common Hackers & Vulnerabilities + “Trip-Wire” Defense in Depth is more than Technology; It is about Security Controls working thru Operations, People, and Technologies

DoD Publishes STIGs: a Security Technical Implementation Guide is a methodology for standardized secure installation and maintenance of computer software and hardware. a STIG describes what needs to be done for minimizing network-based attacks and also for stopping system access if a computer criminal is next to the device. Lastly, a STIG may also be used to describe the processes and lifecycles for maintenance (such as software updates and vulnerability patching). Standard Implementation of IA Controls and STIGs to Protect, Detect and Harden Networked Information Systems IA SW Components Wireless Security IPSec Gateway Firewall Agent Policy Management Threat Management IDPS Management Vulnerability Scanner Identity Management Audit Management Security Patch Management Rogue System Detection Management Security Management Software CDS Workstation Software - Access Data at Rest Encryption Application Guard Hardware Application Guard Software - Transfer IA Workstation Software Application Guard Functional Architecture for Information Assurance

ComponentDescription Policy ManagementDefines the configuration policy that the system must adhere to and the Policy agent enforces. IPsec GatewayProvides layer 3 data in transit encryption to network traffic. Threat ManagementObtain signature updates to push to various agents and monitors agent activities via virus scans. Patch ManagementCollects IAVA updates and deploys them to the Patch Agent. Collects patch compliance information from the various systems. IDPS ManagementScans packets inbound/outbound within the operation system/network and raises alerts or makes automatic prevention decisions based on the severity level of the attack signature/anomaly. Firewall AgentFilters ingress/egress traffic to/from the host systems. This is accomplished by port and protocol rule-based access control lists. CDS Workstation Software Utilizes a secure OS to enforce separation and mandatory access control between various VMs running on a single HW platform, allowing a specific user access to VM at different classification levels. Data at Rest EncryptionEncrypts the hard drive, volume partitions, directories, and files living on the mobile devices. Application Guard Software Application developed to handle specific protocol traffic and can conduct a deep inspection of the data against specific rules (dirty words) to determine if the traffic is allowed to move from one domain to another. Application Guard Hardware Accredited hardware platform that houses MLS guard software. Rogue System Detection Management Collects events from the sensor agents throughout the network and raises alerts to administrators if a sensor detects a Rogue System in the network. Audit ManagementCollects and analyzes audit logs from various systems and network devices throughout the architecture. Can index the activity and raise alerts. Vulnerability ScannerScans the entire network for vulnerability and reports any findings to the administrators. Identity ManagementCentralized repository for all user accounts that provides Role-based access controls to all the domain systems. Wireless Security HW/SW Detects wireless signals/traffic and correlates RF signals for intrusion detection/prevention and tracking. Provides Layer 2 Encryption and Authentication/Authorization/Auditing Services Descriptions of IA and Security Controls

Trust is the Basic Security Issue  Information Access and Info Sharing based on role, clearance and need to know  Challenges to Cyber-trust ◦ Pervasive computing – pda, phones, ◦ Social networking ◦ Processing Speeds Trust and Security Control mechanisms (establishing and maintaining trust)  Basic Defense in Depth – passwords, ACL, bio-metrics, encryption, etc  IA Controls and Security Hardening Monitoring and Maintaining Cyber-trust  Knowing where your trust relations are vulnerable  Deterrents to trust-violations ◦ Hacking deterrents ◦ Snooping ◦ Cyber-attacks  Knowing when your trust has been violated ◦ IDPS and AND (Signature Based and Behavioral Based)  Host, Wireless and Network Sensors System Vision of the Target GIG Version 1.0, June 2007

Contact Information: Phone: