Cyber Security

407 views

Published on

Iraq National Defense Cooperation Conference - Al Nahrain Center for Strategic Studies - Baghdad, Iraq

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
407
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Taken from President’s International Strategy for Cyberspace (ISC)
  • Taken from President’s International Strategy for Cyberspace (ISC)
  • Cyber Security

    1. 1. Cyber Security UNCLASSIFIED Al-Nahrain Center for Strategic StudiesIraq and the Regional Security in a Changing Environment Baghdad, Iraq UNCLASSIFIED Lieutenant Colonel Randy Carlson, U.S. Army
    2. 2. UNCLASSIFIED Cyberspace Environment Goal for Environment • Innovative – continue to adapt with changing system of networks • Globally Interoperable – able to interact across international boundaries • Secure – protect networks serving government and civilian equities • Reliable – keep the network running Achieving Goal • Diplomacy – work together to create policy that will lead an open, secure and reliable cyberspace • Defense – protect networks and systems and reserve the right to defend vital national assets • Development – continue to work to create a cyberspace environment that is more open, secure and reliable. Global, Internationally Shared Operating Environment 2UNCLASSIFIED
    3. 3. UNCLASSIFIED Internet Security Terms 1. Spearphishing - A targeted trap that tricks the user into revealing his security credentials. http://www.fbi.gov/news/stories/2009/april/spearphi shing_040109 2. Hacktivism - the use of computers and computer networks as a means of protest to promote political ends. http://en.wikipedia.org/wiki/Hacktivism 3. Anonymous (used as a mass noun) is a loosely associated hacktivist group that originated in 2003 on the imageboard 4chan, representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain. 4. Botnets - A botnet is a collection of compromised computers, each of which is known as a bot, connected to the Internet. 5. Rootkits- A rootkit is software that implements stealth capabilities that are designed to hide the existence of certain processes or programs. 3UNCLASSIFIED
    4. 4. UNCLASSIFIED Cyber Threat• Cyber threats are a current threat to government and civilian network infrastructure• Cyber threats continue to grow on daily basis; over 60,000 new malicious software programs are identified every day (USCYBERCOM).• Increased concern for attacks affecting economic interests, especially the theft of business information and intellectual property• Three areas of cyber threats: 1. Exploitation 2. Disruption 3. Destruction The threat is here now and has moved to major criminal activity (McAfee). 4UNCLASSIFIED
    5. 5. Top Vulnerabilities for 2012 – Industrial threats will mature and segment – Embedded hardware attacks will widen and deepen – Hacktivism and Anonymous will reboot and evolve – Virtual currency systems will experience broader and more frequent attacks – Domain Name System will drive new network threat vectors – Traditional spam will go “legit,” while spearphishing will evolve into the targeted messaging attack – Mobile botnets and rootkits will mature and converge – Rogue certificates and rogue certificate authorities will undermine users’ confidence – Advances in operating systems and security will drive next- generation botnets and rootkitsSource: Mcafee Threat Predictions 5http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf
    6. 6. UNCLASSIFIED Mitigating Actions to Cyber ThreatsGeneral• Establish an organization to anticipate, mitigate, and deter cyber threats.• Work for strong cooperation between the government and private industries.• Collaborate with international community and allied partners on cyberspace security issues.Active Cyber Defense• Capability to discover and defeat threats and vulnerabilities to government and civilian networks and systems• Use sensors, software, and intelligence to detect and stop malicious activity before it can affect networks or systems• Intrusions may not always be halted outside the local network; technology must also work to identify and combat malicious activity inside the local network. Collaboration and Organization are Critical to Fight this threat 6UNCLASSIFIED
    7. 7. UNCLASSIFIED Mitigating Actions to Cyber Threats Manage • Develop a trained and ready workforce... – simple user awareness – committed investments in technical education/training • Establish procedures for incident response and overall network situational awareness • Ensure solid access control measures • Develop backup capabilities • Establish accountability processes 7UNCLASSIFIED
    8. 8. ReferencesMcafee Threat Predictionshttp://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdfInternational Information Systems Security Certification Consortiumhttps://www.isc2.org/IEEE Spectrum Security Pagehttp://spectrum.ieee.org/telecom/securitySAN Internet Storm Centerhttps://isc.sans.edu/How Stuff Works - Firewallshttp://www.howstuffworks.com/firewall.htmLog Analysis Softwarehttp://www.sawmill.net/How Visa Protects Your Datahttp://www.fastcompany.com/magazine/160/visa-secret-security-center 8
    9. 9. Thank You!! 9
    10. 10. Backups 10
    11. 11. Rule #1• Know ALL of what is in your network and EVERYBODY who is using your network. – Inventory of Hardware and Software – Inventory of Software – Identity of People • People must be trained and screened. – Inventory of Address Space – Inventory of Patches and Corrections – Network Management Software is key. • Network Element Manager Must do these actions all the time! 11
    12. 12. Rule #2• Monitor who and what is connecting into and out of your network. – Firewall Management is critical – Intrusion Detection is critical – Inventory of all Circuits – Inventory of all Outsourced Maintenance Access – Inventory of any shared gateways – Inventory of EXTERNAL Address Space – Visibility is critical, but in a different way. • Log Analysis Tools Execute persistent, consistent monitoring and protection! 12
    13. 13. Rule #3• Recognize that the language of security varies from device to device and vendor to vendor, this results in very big mistakes. – Different Ways to say the same thing depending on vendor or model of device. – On one type of firewall • Deny 129.32.100.1 -255.255.255.0 -> Denies Networks from 129.32.100.1 to 129.32.100.255 • Deny 129.32.100.1 – 0.0.0.255 -> Allows Networks from 129.32.100.1 -> 129.32.100.255 – On another type of Firewall • Deny 129.32.100.1 -255.255.255.0 -> Allows Networks from 129.32.100.1 to 129.32.100.255 • Deny 129.32.100.1 – 0.0.0.255 -> Denies Networks from 129.32.100.1 -> 129.32.100.255 – Very easy to make mistake that can open up your entire network. – Must have “automated tools” and Big Picture Analysis to see these mistakes as they are very difficult to see and tend to hide. – Can be very hard to find a mistake. Apply right tools and training at the right time. 13
    14. 14. Network Address DescriptionHow many ways can you describe a group of hosts?- Start to end 123.134.1.0 - 123.134.1.255- Address to subnet mask - 123.134.1.0 255.255.255.0- CIDR Format - 123.134.1.0/24- Address and wildcard mask 123.134.1.0 0.0.0.255- Label - "DMZ" - 123.134.1.0/24 Language - Binary is universal? - Checkpoint Firewall - ranges - 10.11.12.0-10.11.12.255 - If you wanted to let 1 IP address in on your Checkpoint Firewall – You would do Permit 10.11.12.13 - 10.11.12.13 -Same Logic on Cisco Firewall – “access-list outside permit ip 10.11.12.13 10.11.12.13 any” -You just let in over 4,000,000 IP addresses!!! -Correct Statement would be: -“access-list outside permit ip 10.11.12.13 255.255.255.0 any” 14
    15. 15. Language ProblemsLanguage??- Binary is universal language?? Not so..- Checkpoint Firewall - ranges - 10.11.12.0-10.11.12.255- If you wanted to let 1 IP address in on your Checkpoint Firewall – Youwould do Permit 10.11.12.13 - 10.11.12.13-Same Logic on Cisco Firewall – -“access-list outside permit ip 10.11.12.13 10.11.12.13 any” -You just let in over 4,000,000 IP addresses!!!-Correct Statement would be: -“access-list outside permit ip 10.11.12.13 255.255.255.0 any” You must know the SPECIFICS of how your equipment works!!! 15
    16. 16. Examples (Not Recommendation) of Technologies– Inventory of Hardware - Microsoft® Systems Management Server (SMS)– Inventory of Software - Microsoft® Systems Management Server (SMS)– Identity of People – Public Key Encryption– Inventory of Address Space – Solar Winds– Inventory of Patches and Corrections - Novell ZENworks 16
    17. 17. Examples (Not Recommendations) of Technologies – Firewall Management - Juniper Networks® Network and Security Manager (NSM) – Intrusion Detection – McAfee IDS – Inventory of all Circuits - Clarity Inventory Manager – Inventory of all Outsourced Maintenance Access – ObserveIt 3rd Party Monitor – Inventory of any shared gateways – Solar Winds – Inventory of EXTERNAL Address Space – Firewall Add on programs (DIFFICULT PROBLEM!!) 17

    ×