Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Incidents

Published byHubert Mathieu Modified over 5 years ago

Similar presentations

Presentation on theme: "Computer Security Incidents"— Presentation transcript:

1 Computer Security Incidents
Lesson 2 Computer Security Incidents Taxonomy

2 Need an accepted taxonomy because . . .
Provides a common frame of reference If no taxonomy, then we: Can’t develop common reporting criteria Can’t develop processes and standardization Ultimately-no IA “Common Language”

3 Must have these characteristics . . .
+ B = C Logically related columns Taxonomy Must be: 1 2 3 4 5 1 2 3 1 2 3 4 Categories Exhaustive Mutually exclusive Repeatable Unambiguous Accepted Useful

4 Where to start? The inability to share data because of non-
standard terminology is not a new problem For this reason several computer security taxonomies have already been developed Most comprehensive study done by Sandia Labs in conjunction with Carnegie Mellon University Currently in use at Carnegie Mellon’s CERT/CC Sandia Report: “A Common Language for Computer Security Incidents”, John D. Howard and Thomas A. Longstaff (October 1998)

5 Network Based Taxonomy Network Based Taxonomy
Incident Attack Network Based Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Event Sandia Labs Attackers Hackers Spies Terrorists Corporate Raiders Professional Criminals Vandals Voyeurs Tool Physical Attack Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives Challenge, Status, Thrills Political Gain Financial Damage Network Based Taxonomy

6 Basic Model Incident Intrusions Attacks Intruders Attackers Attackers
Objectives Tool Vulnerability Action Target Unauthorized Result Attackers Objectives

7 Computer Network “Incident”
Defended Network Intruders Hackers Terrorists Other Intrusions Increased access Disclosure of info Theft of resources Corruption of info Denial of Service Objectives Status/Thrills Political Gain Financial Gain Damage

8 Intrusion Taxonomy Intrusion Event Intruders Action Target Tool Tool
Vulnerability Vulnerability Action Action Target Target Unauthorized Result Unauthorized Result Intruders Objectives

9 Intrusion Intrusion Intruder Connection SECURITY Defended Network
Vulnerabilities Design Implementation Configuration Connection Defended Network Jl;j;j jjl;j;lj jl;kllkj Physical force Info exchange User command Script/Program Autonomous agent Toolkit Distributed tool Data tap Tools Events Action Target Unauthorized Results Increased access Disclosure Corrupt data Denial of Service Theft Thrills Political Gain Financial Gain Damage Objective

10 No Intrusion Attempted Intrusion FIREWALL Intruder Connection FIREWALL
Defended Network Jl;j;j jjl;j;lj jl;kllkj Physical force Info exchange User command Script/Program Autonomous agent Toolkit Distributed tool Data tap Tools Vulnerabilities Design Implementation Configuration Did have Intent Thrills Political Gain Financial Gain Damage No Unauthorized Results Objective

11 Intrusion Intrusion taxonomy in practice . . .
Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Sandia Labs Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Event Unauthorized Result Increased Access Disclosure of Corruption of Denial of Service Theft of Resources Attack Vulnerability Design Implementation Configuration Intrusion Intruders Objectives Intrusion taxonomy in practice . . . Toolkit Design Bypass Process Corruption of Data Denial of Service Computer Network Intrusion

12 Intrusion Intrusion taxonomy in practice . . .
Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Sandia Labs Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Event Unauthorized Result Increased Access Disclosure of Corruption of Denial of Service Theft of Resources Attack Vulnerability Design Implementation Configuration Intrusion Intruders Objectives Intrusion taxonomy in practice . . . Unauthorized Result Intrusion Tool Kit Design Increased Access Bypass Process Authorized User Authorized User Insider Threat

13 Taxonomy applied A Case Study

14 Network Based Taxonomy Network Based Taxonomy
Intrusion Attack Event Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Sandia Labs Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives Design User Command Authenticate Account Increased Access Network Based Taxonomy Network Based Taxonomy Intrusion 1

15 Intrusion 1 - Increased Acess
Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Unauthorized Result Objectives Target User Command Design Bypass Process Root Access Increased Access Account Intrusion 2 Disclosure of Information Process Corruption of Information Data Denial of Service Component Theft of Resources Computer Network Internetwork

16 Intrusion 2 - Root Level Access Intrusion 1 - Increased Access
Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives Root Access User Command Design Intrusion 3 Disclosure of Information Steal Data

17 Intruders Objectives Intrusion 3 - Disclosure of Information
Intrusion 2 - Root Level Access Intrusion 1 - Increased Access Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives

18 Process Modify Intruders Objectives Script or Denial of Program
Intrusion 3 - Disclosure of Information Intrusion 2 - Root Level Access Intrusion 1 - Increased Access Intruders Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Data Tap Vulnerability Design Implementation Configuration Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Denial of Service Theft of Resources Objectives Script or Program Implementation Modify Process Disclosure of Information Denial of Service Theft of Resources

19 New definition: “Intrusion Set”
Multiple related intrusions = “Intrusion Set” Multiple Events Tool Vulnerability Unauthorized Result Action Target Intruder Objective

20 ? Who? What? Why? Intrusion Sets Intruder AND OBJECTIVES
answer the what Intrusion Sets Need more information to get to attribution Need to know who? AND Need to know why? ? OBJECTIVES Intruder

21 Attribution Who and Why? Objectives Intruders Intrusion Set Tool
Vulnerability Action Target Unauthorized Result Attribution

22 Objective reporting criteria
Must report all unauthorized results (Actual or attempted) Including intrusion data Intrusion(s) Unauthorized Result Disclosure of Information Corruption of Denial of Service Theft of Resources Increased Access Action Target Not every event? Action Target Unauthorized Result Action Target Vulnerability Tool Disclosure of Information Corruption of Denial of Service Theft of Resources Unauthorized Result Increased Access Attackers Intruders Tool Vulnerability Action Target Objectives Physical Force Challenge, Status, Thrills Challenge, Status, Thrill Hackers Hackers Design Probe Account Information Exchange Political Gain Group 1 Spies Spies Implementation Scan Process Pol/Mil Gain User Command Financial Gain Terrorists Terrorists Configuration Flood Data Financial gain Group 2 Corporate Raiders Corporate Raiders Script or Program Authenticate Component Damage Damage Professional Criminals Professional Criminals Autonomous Agent Bypass Computer Group 3 Vandals Vandals Toolkit Spoof Network Distributed Tool Voyeurs Voyeurs Read Internetwork Group 4 Data Tap Copy Steal Modify Delete

23 New Work US Military: US Cyber Command FBI: Cyber Forensic Centers
MITRE ATT&CK Matrix Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a model and framework for describing the actions an adversary may take while operating within an enterprise network.

24 MITRE ATT&CK Matrix REF:

25 SUMMARY Common Taxonomy Developed Increased Data Sharing Ongoing
Prosecutions Increasing More Frameworks emerging

Download ppt "Computer Security Incidents"

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.

A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.
Using Your Knowledge – Security Threats

Using Your Knowledge – Security Threats
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Taxonomy of Computer Security Incidents Yashodhan Fadnavis.

Taxonomy of Computer Security Incidents Yashodhan Fadnavis.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,

A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, S. Hansman and R. Hunt,
Cyber crime & Security Prepared by : Rughani Zarana.

Cyber crime & Security Prepared by : Rughani Zarana.

Similar presentations

Ads by Google