Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t.

Published byAlexina Scott Modified over 8 years ago

Similar presentations

Presentation on theme: "Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t."— Presentation transcript:

1 Lesson 2 Computer Security Incidents Taxonomy

2 Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t develop common reporting criteria Can’t develop processes and standardization Ultimately-no IA “Common Language”

3 Must have these characteristics... + = Logically related columns 1 1 2 2 3 3 4 4 5 5 1 1 2 2 3 3 1 1 2 2 3 3 4 4 Must be: Mutually exclusive Unambiguous Repeatable Accepted Useful Exhaustive

4 Where to start? For this reason several computer security taxonomies have already been developed Currently in use at Carnegie Mellon’s CERT/CC The inability to share data because of non- standard terminology is not a new problem Most comprehensive study done by Sandia Labs in conjunction with Carnegie Mellon University Sandia Report: “A Common Language for Computer Security Incidents”, John D. Howard and Thomas A. Longstaff (October 1998)

5 Sandia Labs Network Based Taxonomy Network Based Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Incident Event Unauthorized Result Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Objectives Challenge, Status, Thrills Political Gain Financial Gain Damage Attack Vulnerability Design Implementation Configuration Tool Physical Attack Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Attackers Hackers Spies Terrorists Corporate Raiders Professional Criminals Vandals Voyeurs

6 Basic Model ToolVulnerability Unauthorized Result ActionTarget Objectives Attackers Objectives Attackers Attacks Incident Intrusions Intruders

7 Computer Network “Incident” Objectives Status/Thrills Political Gain Financial Gain Damage Intruders Hackers Terrorists Other Intrusions Increased access Disclosure of info Theft of resources Corruption of info Denial of Service Defended Network Computer Network Incident

8 Intrusion Taxonomy ToolVulnerability Unauthorized Result ActionTarget Intruders Objectives Intrusion ToolVulnerability Unauthorized Result ActionTarget Event ActionTarget

9 Intrusion Jl;j;j jjl;j;lj jl;kllkj Physical force Info exchange User command Script/Program Autonomous agent Toolkit Distributed tool Data tap Physical force Info exchange User command Script/Program Autonomous agent Toolkit Distributed tool Data tap Tools Vulnerabilities Design Implementation Configuration Vulnerabilities Design Implementation Configuration Unauthorized Results Increased access Disclosure Corrupt data Denial of Service Theft Unauthorized Results Increased access Disclosure Corrupt data Denial of Service Theft Thrills Political Gain Financial Gain Damage Thrills Political Gain Financial Gain Damage Events Action Target Events Action Target

10 Intrusion Jl;j;j jjl;j;lj jl;kllkj Physical force Info exchange User command Script/Program Autonomous agent Toolkit Distributed tool Data tap Physical force Info exchange User command Script/Program Autonomous agent Toolkit Distributed tool Data tap Tools Vulnerabilities Design Implementation Configuration Vulnerabilities Design Implementation Configuration Thrills Political Gain Financial Gain Damage Thrills Political Gain Financial Gain Damage Did have Intent No Unauthorized Results No Unauthorized Results

11 Intrusion taxonomy in practice... Taxonomy in practice... Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Sandia Labs Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Event Unauthorized Result Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Attack Vulnerability Design Implementation Configuration Intrusion Intruders Objectives Toolkit Design Bypass Process Corruption of Data Denial of Service Computer Network Intrusion

12 Intrusion taxonomy in practice... Taxonomy in practice... Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Sandia Labs Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Event Unauthorized Result Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Attack Vulnerability Design Implementation Configuration Intrusion Intruders Objectives Insider Threat Authorized User Authorized User Increased Access Tool Kit Design Bypass Process Unauthorized Result Authorized User Authorized User

13 Taxonomy applied

14 Sandia Labs Network Based Taxonomy Network Based Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Event Unauthorized Result Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Attack Vulnerability Design Implementation Configuration Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Intrusion Intruders Objectives Design User Command Authenticate Account Increased Access Intrusion 1

15 Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Vulnerability Design Implementation Configuration Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Intrusion 1 - Increased Acess Intruders Objectives Intrusion 2 User Command Design Bypass Process Root Access

16 Unauthorized Result Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Vulnerability Design Implementation Configuration Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Intrusion 1 - Increased Access Intrusion 2 - Root Level Access User Command Design Steal Data Disclosure of Information Intruders Objectives Root Access Intrusion 3

17 Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Vulnerability Design Implementation Configuration Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Intrusion 1 - Increased Access Intrusion 2 - Root Level Access Intrusion 3 - Disclosure of Information Intruders Objectives

18 Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Unauthorized Result Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Vulnerability Design Implementation Configuration Tool Physical Force Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Intrusion 1 - Increased Access Intrusion 2 - Root Level Access Intrusion 3 - Disclosure of Information Intruders Objectives Script or Program Implementation Modify Process Denial of Service Theft of Resources Disclosure of Information

19 New definition: “Intrusion Set” Multiple Events Multiple related intrusions = “Intrusion Set” ToolVulnerability Unauthorized Result ActionTarget Intruder Objective

20 Who? What? Why? answer the what Need more information to get to attribution Need to know who ? Need to know why ?

21 Who and Why? Intrusion Set Intruders Objectives Tool Vulnerability ActionTarget Unauthorized Result Attribution

22 Challenge, Status, Thrills Political Gain Financial Gain Damage Challenge, Status, Thrill Damage Financial gain Pol/Mil Gain Action Target Not every event? Action Target Objective reporting criteria Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Process Data Component Computer Network Internetwork Implementation Configuration Information Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Tool Data Tap Spies Terrorists Corporate Raiders Professional Criminals Vandals Voyeurs ObjectivesVulnerabilityToolAttackers Intruders Probe Account Disclosure of Information Corruption of Information Denial of Service Theft of Resources Unauthorized Result Increased Access Design Physical Force Hackers Spies Terrorists Corporate Raiders Professional Criminals Vandals Voyeurs Group 1 Group 2 Group 3 Group 4 Unauthorized Result Disclosure of Information Corruption of Information Denial of Service Theft of Resources Increased Access ActionTarget Unauthorized Result Action TargetVulnerabilityTool Including intrusion data Intrusion(s) Must report all unauthorized results (Actual or attempted)

23 SUMMARY Common Taxonomy Developed Increased Data Sharing Ongoing Prosecutions Increasing

Download ppt "Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.

Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.

A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.
Using Your Knowledge – Security Threats

Using Your Knowledge – Security Threats
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Taxonomy of Computer Security Incidents Yashodhan Fadnavis.

Taxonomy of Computer Security Incidents Yashodhan Fadnavis.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.

Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google