INFORMATION WARFARE Part 1: Fundamentals
description
Transcript of INFORMATION WARFARE Part 1: Fundamentals
1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
INFORMATION WARFARE
Part 1: Fundamentals
Advanced Course in Engineering2006 Cyber Security Boot Camp
Air Force Research Laboratory Information Directorate, Rome, NY
M. E. Kabay, PhD, CISSP-ISSMPAssoc. Prof. Information Assurance
Program Direction, MSIA & BSIA Division of Business & Management, Norwich University
Northfield, Vermont mailto:[email protected] V: 802.479.7937
1-2/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Topics
08:00-08:15 Introductions & Overview08:15-09:00 Fundamental Concepts09:05-10:25 INFOWAR Theory10:35-11:55 Case Histories & Scenarios
1-3/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Part 1: Fundamental Concepts
Fundamental Elements of INFOSECSources of Damage to ITRisk CategoriesTaxonomy for Computer Incidents
1-4/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Fundamental Elements of INFOSEC:
Protect the 6 atomic elements of information security (not just 3):
ConfidentialityPossession or controlIntegrityAuthenticityAvailabilityUtility
C-I-A
1-5/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Confidentiality
Restricting access to dataProtecting against unauthorized disclosure of
existence of dataE.g., allowing industrial spy to deduce
nature of clientele by looking at directory names
Protecting against unauthorized disclosure of details of dataE.g., allowing 13-yr old girl to examine
HIV+ records in Florida clinic
1-6/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Possession
Control over informationPreventing physical contact with data
E.g., case of thief who recorded ATM PINs by radio (but never looked at them)
Preventing copying or unauthorized use of intellectual propertyE.g., violations by software pirates
1-7/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Integrity
Internal consistency, validity, fitness for useAvoiding physical corruption
E.g., database pointers trashed or data garbled
Avoiding logical corruptionE.g., inconsistencies between order header
total sale & sum of costs of details
1-8/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Authenticity
Correspondence to intended meaningAvoiding nonsense
E.g., part number field actually contains cost
Avoiding fraudE.g., sender’s name on e-mail is changed
to someone else’s
1-9/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Availability
Timely access to dataAvoid delays
E.g., prevent system crashes & arrange for recovery plans
Avoid inconvenienceE.g., prevent mislabelling of files
1-10/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Utility
Usefulness for specific purposesAvoid conversion to less useful form
E.g., replacing dollar amounts by foreign currency equivalent
Prevent impenetrable codingE.g., employee encrypts source code and
"forgets" decryption key
1-11/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Rough Guesses About Sources of Damage to IT
See CSH4 (Computer Security Handbook, 4th ed): Ch 4, “Studies and Surveys of Computer Crime.”Also http://www2.norwich.edu/mkabay/methodology/crime_stats_methods.htm
1-12/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Risk Categories*
Physical Attempts to gain control (physical intrusion)
Electronic Attempts to gain control (malicious hacking)
Execution of Arbitrary Code (viruses, trojans, Active-x, Java, ...)
Spoofing (lying about who you are -- users, sites, devices)
Eavesdropping (sniffing, wiretapping of data, passwords ...)
________
* ICSA Risk Framework
1-13/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Risk Categories (Cont’d)
Lack of Knowledge / Awareness (admin., users, outside errors)
Lack of Trust, Confidence (IT, users, disgruntled… )
Denial of service (down time: electronic DOS, disasters, reliable)
Exploitation of User by Site (privacy, swindles….)
Exploitation the data subject (privacy, confidentiality, non-user)
Lack of Interoperability
1-14/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Taxonomy for Computer Security Incidents What is a Common Descriptive Language? What is a Taxonomy? Why a Language/Taxonomy for Computer Crime? The Model as a Whole Actions Targets Events Vulnerability Tool Unauthorized Result Objectives Attackers
1-15/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
What is a Common Descriptive Language?
Set of terms that experts agree on in a fieldClear definitions to the extent possible
PreciseUnambiguousEasy to determine in the field
A common language does not necessarily imply a causal or structural model
Provides means of communication among experts
Supports analysis
1-16/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
What is a Taxonomy?
Structure relating terms in the common language
Permits classification of phenomenaExpresses (a) model(s) of the underlying
phenomenaSupports hypothesis-buildingSupports collection and analysis of statistical
information
1-17/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Why a Language/Taxonomy for Computer Crime?Field of information assurance growing
More peopleLess common experienceGrowing variability in meaning of terms
What’s wrong with ambiguous terminology?Can cause confusion – talking at cross-
purposesCan mislead investigators and othersWastes time in clarification time after timeInterferes with data-gatheringMakes comparisons and tests difficult or
impossible
1-18/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
The Model as a Whole(See full-page printout at end)
1-19/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Actions
Probe / scanFloodAuthenticate / Bypass / SpoofRead / Copy / StealModify / Delete
1-20/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Targets
Analyze the following real cases and identify the target(s) in the events:
A criminal inserts a Trojan Horse into a production system; it logs keystrokes
A criminal hacker defaces a Web pageAn attacker launches millions of
spurious packets addressed to a particular e-commerce server
The Morris Worm of November 1988 takes down 9,000 computers on the Internet
1-21/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Events
An event consists of an action taken against a target
Analyze the following events in these terms:An 8-year-old kid examines all
the ports on a Web server to see if any are unprotected
A dishonest employee makes copies on a Zip disk of secret formulas for a new product
A saboteur cuts the cables linking a company network to the Internet
1-22/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Vulnerability
Vulnerability = a weaknessDistinguish among vulnerabilities
due toDesignImplementationConfiguration
See National Vulnerability Database Thousands of vulnerabilities Classified by platform and version
1-23/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
National Vulnerability DBhttp://nvd.nist.gov/
1-24/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Tool
Means of exploiting a vulnerabilityWidely available on InternetExchanged at hacker meetings
2600L0pht (defunct)
Discussed and demonstrated at black-hat and gray-hat conferencesDEFCON – Las VegasHACTIC – Netherlands
Many exploits usable by script kiddies and other poorly-trained hackers
1-25/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Unauthorized Result
Many possible results; e.g., consider results of these attacks:
Someone installs a Remote Access Trojan called BO2K on a target system
An e-mail-enabled worm (e.g., KLEZ) sends a copy of a confidential document to 592 strangers
The Stacheldraht DDoS tool completely interdicts access to an e-commerce site
A secret program installed by an employee uses all the “excess” CPU cycles in a corporate network for prime-number calculations
1-26/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Objectives
Characteristics of the human beings involved in the attack
Different objectives and define different labelsCriminal hackingIndustrial espionageIndustrial sabotageInformation warfare
1-27/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
AttackersWide range of attributesSubject of chapter 6 in CSH4
Skill
IdeologyGain
1-28/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
The Model as a Whole (again)
1-29/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00
Resume at 09:05:03