Securing DefenceNetworks : A PracticalApproachSqn Ldr Shouqi (Retd)Chief Defence Architect, APAC© 2011 Cisco and/or its af...
• Identify leading vulnerabilities• Analyze them• Suggest some practical steps to mitigate the risk© 2011 Cisco and/or its...
• Technical Vulnerabilities• Human Vulnerabilities• Process Vulnerabilities© 2011 Cisco and/or its affiliates. All rights ...
Source : HP tipping point© 2011 Cisco and/or its affiliates. All rights reserved.   Cisco Public   4
Source : HP tipping point© 2011 Cisco and/or its affiliates. All rights reserved.   Cisco Public   5
• Defence networks are air-gapped - Jumping the air gap is not     easy• Follow the KISS principle (Keep It Simple, Stupid...
© 2011 Cisco and/or its affiliates. All rights reserved.   Cisco Public   7
• Apple, HP, Sony have (inadvertently) shipped pre-owned hardware with malware in them*• Compromised ICs are the ultimate ...
Military                                                      OEM                                                         ...
400 fake devices were supplied to the US military by authorized suppliers. There is an                  FBI investigation ...
Source :© 2011 Cisco and/or its affiliates. All rights reserved.              Cisco Public   11
• Social engineering – People are the biggest vulnerability           •          With hardware and software becoming incre...
• As you and your families gather to celebrate the holidays,          we wanted to take a moment to send you our greetings...
Tickles people’s vanity…….WOW, I am invited!© 2011 Cisco and/or its affiliates. All rights reserved.                      ...
• Compromised employees            • Go no further than WikiLeaks – allegedly kick started the Tunisian revolution, and th...
• Omega Corporation, leader is precision instrumentation and       measurement devices• Computerized their design and manu...
• Tim Lloyd was a star employee, who got sidetracked as the       organization grew.• At some point he was fired for misbe...
© 2011 Cisco and/or its affiliates. All rights reserved.   Cisco Public   18
• Baseline the network behaviour : traffic patterns, load patterns, resource       utilization, port utilization, flow pat...
© 2011 Cisco and/or its affiliates. All rights reserved.   Cisco Public   20
• Sensors are your eyes and ears on the network, they should like       Caesars wife – above suspicion• The more the merri...
• Air Force Act, 1950 Part 1, Section 34(L)          “(l) knowingly does any act calculated to imperil the success of the ...
Thank you.
Upcoming SlideShare
Loading in...5
×

Securing Defence Networks: A Practical Approach by Arif Shoqui,

834

Published on

DEFCOM, India’s most important Defense event covering all 3 Sister Services – Army, Navy & Airforce lived up to its expectations in 2011. Cisco participated in a major way and ensured its sessions and demos all aligned to the event’s theme- “Enabling Information and Communication Technologies (ICT) for Info Age Warfare". Cisco expert Suhas Mansingh, Senior Director presented a paper on ‘Emerging Optical Transport Technologies & Architectures’ and Arif Shouqi spoke on ‘Strategic Approaches to security of Defense Networks: A Practical Blueprint’. Cisco showcased two LIVE demos at our booth- WSON (Wavelength Switched Optical Network) and Security Encryption Demo supported by SRE-N

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
834
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Securing Defence Networks: A Practical Approach by Arif Shoqui,

  1. 1. Securing DefenceNetworks : A PracticalApproachSqn Ldr Shouqi (Retd)Chief Defence Architect, APAC© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  2. 2. • Identify leading vulnerabilities• Analyze them• Suggest some practical steps to mitigate the risk© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  3. 3. • Technical Vulnerabilities• Human Vulnerabilities• Process Vulnerabilities© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  4. 4. Source : HP tipping point© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  5. 5. Source : HP tipping point© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  6. 6. • Defence networks are air-gapped - Jumping the air gap is not easy• Follow the KISS principle (Keep It Simple, Stupid) •Web 1.0 Vs web 2.0 •Choose a browser, then disable all plug-ins and „cute‟ extras •Move towards a simple Operating System with basic capabilities •Simple databases with simple queries, sacrifice performance for security •Configure or Compile out unused applications and infrastructure, have only what you need and use• Data Transfer Controls – no movable storage, or use custom adaptors and drivers to prevent commercial storage being usedSo what remains, then…..?© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  7. 7. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  8. 8. • Apple, HP, Sony have (inadvertently) shipped pre-owned hardware with malware in them*• Compromised ICs are the ultimate sleeper cells – Gen Wesley Clark• DARPA has a three year programme where : • MIT Engineers create chips with hardwired malware and, • Three private companies are given a load of compromised and uncompromised chips, and devise tests to catch them• In 2008 FBI announced a multi-year inquiry in counterfeit Cisco routersSupply chain penetration is a serious threat….armies guard their installed hardware with their lives, but who guards the warehouse from where it was sourced?*Source : Verizon executive Marcus Sachs, 2007 at Internet Security Alliance© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  9. 9. Military OEM SI Reseller Distributer Fake : $235 OEM eBay? Orig : $ 1375 Fake?© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  10. 10. 400 fake devices were supplied to the US military by authorized suppliers. There is an FBI investigation in progress………..though the intent was mercenary, it is an eminently exploitable channel….HP, Nortel, Cisco and 3Com have all been hit by counterfeit equipmentTogether, they formed AGMA (Alliance for Gray Market and Counterfeit Abatement)© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  11. 11. Source :© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  12. 12. • Social engineering – People are the biggest vulnerability • With hardware and software becoming increasingly secure, people have become the preferred target. • Endeavour to trigger strong human emotions that make someone more susceptible to bypass technical protections• Human vulnerabilities – „the seven weaknesses‟ that are exploited • Greed • Sexuality • Trust • Vanity • Curiosity • Compassion • AnxietyKiddies attack technology, pro’s attack people……© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  13. 13. • As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we‟re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission. • Greeting card: • hxxp://xtremedefenceforce.com/[omitted] hxxp://elvis.com.au/[omitted] • Merry Christmas! ___________________________________________ Executive Office of the President of the United States The White House 1600 Pennsylvania Avenue NW Washington, DC 20500 2 gigabytes of PDFs, Microsoft Word and Excel documents from dozens of victims and uploaded to a server in Belarus© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  14. 14. Tickles people’s vanity…….WOW, I am invited!© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  15. 15. • Compromised employees • Go no further than WikiLeaks – allegedly kick started the Tunisian revolution, and the Arab spring • DARPA has an ongoing project CINDER – Cyber INsiDER threat, whose purpose is to detect hostile behaviour, not ferret out people. Dealing with the insider threat is very complex and difficult, with measures ranging from robust legislation to a very intelligent security operations centre© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  16. 16. • Omega Corporation, leader is precision instrumentation and measurement devices• Computerized their design and manufacture, sales took off and they beat competition hollow• 25,000 different products, customizable to 500,000 distinct designs• Software and databases controlled the entire process© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  17. 17. • Tim Lloyd was a star employee, who got sidetracked as the organization grew.• At some point he was fired for misbehavior.• Few days later a logic bomb destroyed every bit of the software used to run the company.• Omega never recovered their prime position.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  18. 18. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  19. 19. • Baseline the network behaviour : traffic patterns, load patterns, resource utilization, port utilization, flow patternsIf you don’t know what is normal, how will you recognize the abnormal ?• Inventory your applicationsIf you don’t know what should be running, how will you identify what should not be running ?• Define access control and privilege levelsIf you don’t know who should be there, how will you know who should not ?A Security Operations Centre is the first practical step towards building security into people, policy and procedure – it can start small and scale up. Anomalous behaviour detection is the most effective way of dealing with insider threats AND compromised hardware© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  20. 20. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  21. 21. • Sensors are your eyes and ears on the network, they should like Caesars wife – above suspicion• The more the merrier – a large sensor base makes for early detection and good quality decisions (example – Ironport Vs Sophos Vs MacAfee Vs Symantec )• A mix of network based sensors and host based sensors• Always available, incorruptible, low overhead, flexible and configurable, scalable, fail gracefully• Eventually all autonomous network sensors should be completely Indigenous, but a start has to be made somewhere© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  22. 22. • Air Force Act, 1950 Part 1, Section 34(L) “(l) knowingly does any act calculated to imperil the success of the military, naval or air forces of India or any forces co-operating therewith or any part of such forces;” …….. shall, on conviction by court-martial, be liable to suffer death or such less punishment as is in this Act mentioned. This is applicable only during active service, but here is a question If someone, in gross violation of policy, uses a USB drive on an operational network, thereby infecting the network, which takes radars offline during active service five years thence, would he or she be subject to section 34(L) ? Robust legislation, from which strong and clear rules and regulations are derived, which are then relentlessly enforced and monitored, is essential in tackling human vulnerabilities© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  23. 23. Thank you.
  1. ¿Le ha llamado la atención una diapositiva en particular?

    Recortar diapositivas es una manera útil de recopilar información importante para consultarla más tarde.

×