SlideShare ist ein Scribd-Unternehmen logo

Cyber Security

Als PPTX, PDF herunterladen
F
frcarlson

Iraq National Defense Cooperation Conference - Al Nahrain Center for Strategic Studies - Baghdad, Iraq

1 von 17
Cyber Security UNCLASSIFIED Al-Nahrain Center for Strategic Studies Iraq and the Regional Security in a Changing Environment Baghdad, Iraq UNCLASSIFIED Lieutenant Colonel Randy Carlson, U.S. Army
UNCLASSIFIED Cyberspace Environment Goal for Environment • Innovative – continue to adapt with changing system of networks • Globally Interoperable – able to interact across international boundaries • Secure – protect networks serving government and civilian equities • Reliable – keep the network running Achieving Goal • Diplomacy – work together to create policy that will lead an open, secure and reliable cyberspace • Defense – protect networks and systems and reserve the right to defend vital national assets • Development – continue to work to create a cyberspace environment that is more open, secure and reliable. Global, Internationally Shared Operating Environment 2 UNCLASSIFIED
UNCLASSIFIED Internet Security Terms 1. Spearphishing - A targeted trap that tricks the user into revealing his security credentials. http://www.fbi.gov/news/stories/2009/april/spearphi shing_040109 2. Hacktivism - the use of computers and computer networks as a means of protest to promote political ends. http://en.wikipedia.org/wiki/Hacktivism 3. Anonymous (used as a mass noun) is a loosely associated hacktivist group that originated in 2003 on the imageboard 4chan, representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain. 4. Botnets - A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. 5. Rootkits- A rootkit is software that implements stealth capabilities that are designed to hide the existence of certain processes or programs. 3 UNCLASSIFIED
UNCLASSIFIED Cyber Threat • Cyber threats are a current threat to government and civilian network infrastructure • Cyber threats continue to grow on daily basis; over 60,000 new malicious software programs are identified every day (USCYBERCOM). • Increased concern for attacks affecting economic interests, especially the theft of business information and intellectual property • Three areas of cyber threats: 1. Exploitation 2. Disruption 3. Destruction The threat is here now and has moved to major criminal activity (McAfee). 4 UNCLASSIFIED
Top Vulnerabilities for 2012 – Industrial threats will mature and segment – Embedded hardware attacks will widen and deepen – Hacktivism and Anonymous will reboot and evolve – Virtual currency systems will experience broader and more frequent attacks – Domain Name System will drive new network threat vectors – Traditional spam will go “legit,” while spearphishing will evolve into the targeted messaging attack – Mobile botnets and rootkits will mature and converge – Rogue certificates and rogue certificate authorities will undermine users’ confidence – Advances in operating systems and security will drive next- generation botnets and rootkits Source: Mcafee Threat Predictions 5 http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf
UNCLASSIFIED Mitigating Actions to Cyber Threats General • Establish an organization to anticipate, mitigate, and deter cyber threats. • Work for strong cooperation between the government and private industries. • Collaborate with international community and allied partners on cyberspace security issues. Active Cyber Defense • Capability to discover and defeat threats and vulnerabilities to government and civilian networks and systems • Use sensors, software, and intelligence to detect and stop malicious activity before it can affect networks or systems • Intrusions may not always be halted outside the local network; technology must also work to identify and combat malicious activity inside the local network. Collaboration and Organization are Critical to Fight this threat 6 UNCLASSIFIED
UNCLASSIFIED Mitigating Actions to Cyber Threats Manage • Develop a trained and ready workforce... – simple user awareness – committed investments in technical education/training • Establish procedures for incident response and overall network situational awareness • Ensure solid access control measures • Develop backup capabilities • Establish accountability processes 7 UNCLASSIFIED
References Mcafee Threat Predictions http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf International Information Systems Security Certification Consortium https://www.isc2.org/ IEEE Spectrum Security Page http://spectrum.ieee.org/telecom/security SAN Internet Storm Center https://isc.sans.edu/ How Stuff Works - Firewalls http://www.howstuffworks.com/firewall.htm Log Analysis Software http://www.sawmill.net/ How Visa Protects Your Data http://www.fastcompany.com/magazine/160/visa-secret-security-center 8
Thank You!! 9
Backups 10
Rule #1 • Know ALL of what is in your network and EVERYBODY who is using your network. – Inventory of Hardware and Software – Inventory of Software – Identity of People • People must be trained and screened. – Inventory of Address Space – Inventory of Patches and Corrections – Network Management Software is key. • Network Element Manager Must do these actions all the time! 11
Rule #2 • Monitor who and what is connecting into and out of your network. – Firewall Management is critical – Intrusion Detection is critical – Inventory of all Circuits – Inventory of all Outsourced Maintenance Access – Inventory of any shared gateways – Inventory of EXTERNAL Address Space – Visibility is critical, but in a different way. • Log Analysis Tools Execute persistent, consistent monitoring and protection! 12
Rule #3 • Recognize that the language of security varies from device to device and vendor to vendor, this results in very big mistakes. – Different Ways to say the same thing depending on vendor or model of device. – On one type of firewall • Deny 129.32.100.1 -255.255.255.0 -> Denies Networks from 129.32.100.1 to 129.32.100.255 • Deny 129.32.100.1 – 0.0.0.255 -> Allows Networks from 129.32.100.1 -> 129.32.100.255 – On another type of Firewall • Deny 129.32.100.1 -255.255.255.0 -> Allows Networks from 129.32.100.1 to 129.32.100.255 • Deny 129.32.100.1 – 0.0.0.255 -> Denies Networks from 129.32.100.1 -> 129.32.100.255 – Very easy to make mistake that can open up your entire network. – Must have “automated tools” and Big Picture Analysis to see these mistakes as they are very difficult to see and tend to hide. – Can be very hard to find a mistake. Apply right tools and training at the right time. 13
Network Address Description How many ways can you describe a group of hosts? - Start to end 123.134.1.0 - 123.134.1.255 - Address to subnet mask - 123.134.1.0 255.255.255.0 - CIDR Format - 123.134.1.0/24 - Address and wildcard mask 123.134.1.0 0.0.0.255 - Label - "DMZ" - 123.134.1.0/24 Language - Binary is universal? - Checkpoint Firewall - ranges - 10.11.12.0-10.11.12.255 - If you wanted to let 1 IP address in on your Checkpoint Firewall – You would do Permit 10.11.12.13 - 10.11.12.13 -Same Logic on Cisco Firewall – “access-list outside permit ip 10.11.12.13 10.11.12.13 any” -You just let in over 4,000,000 IP addresses!!! -Correct Statement would be: -“access-list outside permit ip 10.11.12.13 255.255.255.0 any” 14
Language Problems Language?? - Binary is universal language?? Not so.. - Checkpoint Firewall - ranges - 10.11.12.0-10.11.12.255 - If you wanted to let 1 IP address in on your Checkpoint Firewall – You would do Permit 10.11.12.13 - 10.11.12.13 -Same Logic on Cisco Firewall – -“access-list outside permit ip 10.11.12.13 10.11.12.13 any” -You just let in over 4,000,000 IP addresses!!! -Correct Statement would be: -“access-list outside permit ip 10.11.12.13 255.255.255.0 any” You must know the SPECIFICS of how your equipment works!!! 15
Examples (Not Recommendation) of Technologies – Inventory of Hardware - Microsoft® Systems Management Server (SMS) – Inventory of Software - Microsoft® Systems Management Server (SMS) – Identity of People – Public Key Encryption – Inventory of Address Space – Solar Winds – Inventory of Patches and Corrections - Novell ZENworks 16
Examples (Not Recommendations) of Technologies – Firewall Management - Juniper Networks® Network and Security Manager (NSM) – Intrusion Detection – McAfee IDS – Inventory of all Circuits - Clarity Inventory Manager – Inventory of all Outsourced Maintenance Access – ObserveIt 3rd Party Monitor – Inventory of any shared gateways – Solar Winds – Inventory of EXTERNAL Address Space – Firewall Add on programs (DIFFICULT PROBLEM!!) 17

Empfohlen

Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
CODE BLUE
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of Things
Gerry Elman
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
Bryson Bort
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Andrew Morris
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
lorzinian
 

Empfohlen

Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
CODE BLUE
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of Things
Gerry Elman
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
Bryson Bort
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Andrew Morris
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
lorzinian
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
Venafi
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
Advanced Technology Consulting (ATC)
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security Terms
Suryaprakash Nehra
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
Bangladesh Network Operators Group
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
HITCON GIRLS
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
Lisa Young
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
ClearDATACloud
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez
 
Cyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceCyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrence
Bikrant Gautam
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
jagadeesh katla
 
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
Pp.in worldhistory
Pp.in worldhistoryPp.in worldhistory
Pp.in worldhistory
Rosette Calderon
 
Online smart investor courses
Online smart investor coursesOnline smart investor courses
Online smart investor courses
phillipcapitalth
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
HITCON GIRLS
 

Was ist angesagt? (20)

Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Cyber Security Terms
Cyber Security TermsCyber Security Terms
Cyber Security Terms
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
逃避可恥還沒有用- 你不可不知的物聯網安全問題與挑戰(Ashley Shen & Belinda Lai)
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
Cyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceCyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrence
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 

Andere mochten auch

Gat pat ครูแป๋ว
Gat pat ครูแป๋วGat pat ครูแป๋ว
Gat pat ครูแป๋ว
Biobiome
 
Centres pilot activities Lithuania
Centres pilot activities LithuaniaCentres pilot activities Lithuania
Centres pilot activities Lithuania
pesec
 
Sept 6 Overview of Starter ourses
Sept 6 Overview of Starter oursesSept 6 Overview of Starter ourses
Sept 6 Overview of Starter ourses
Rachael Mann
 
חוברת תחילת קורס
חוברת תחילת קורסחוברת תחילת קורס
חוברת תחילת קורס
Stas Segin
 
Party pix photobooths
Party pix photoboothsParty pix photobooths
Party pix photobooths
PartyPix
 
Create jobs - inspire a generation (overview)
Create jobs - inspire a generation (overview)Create jobs - inspire a generation (overview)
Create jobs - inspire a generation (overview)
pesec
 

Andere mochten auch (20)

Pp.in worldhistory
Pp.in worldhistoryPp.in worldhistory
Pp.in worldhistory
 
Online smart investor courses
Online smart investor coursesOnline smart investor courses
Online smart investor courses
 
Gat pat ครูแป๋ว
Gat pat ครูแป๋วGat pat ครูแป๋ว
Gat pat ครูแป๋ว
 
Centres pilot activities Lithuania
Centres pilot activities LithuaniaCentres pilot activities Lithuania
Centres pilot activities Lithuania
 
Blue Berry BMW SJ-7R
Blue Berry BMW SJ-7RBlue Berry BMW SJ-7R
Blue Berry BMW SJ-7R
 
Eu unit 4
Eu unit 4Eu unit 4
Eu unit 4
 
Sept 6 Overview of Starter ourses
Sept 6 Overview of Starter oursesSept 6 Overview of Starter ourses
Sept 6 Overview of Starter ourses
 
Instafxng weekly analysis 9th-13th july
Instafxng weekly analysis 9th-13th julyInstafxng weekly analysis 9th-13th july
Instafxng weekly analysis 9th-13th july
 
Citizen made deck 6.12
Citizen made deck 6.12Citizen made deck 6.12
Citizen made deck 6.12
 
חוברת תחילת קורס
חוברת תחילת קורסחוברת תחילת קורס
חוברת תחילת קורס
 
Party pix photobooths
Party pix photoboothsParty pix photobooths
Party pix photobooths
 
Jessyca Firsta As
Jessyca Firsta AsJessyca Firsta As
Jessyca Firsta As
 
How the spaniards forced the spanish law
How the spaniards forced the spanish lawHow the spaniards forced the spanish law
How the spaniards forced the spanish law
 
Uitleg ppt kerken en kloosters
Uitleg ppt kerken en kloostersUitleg ppt kerken en kloosters
Uitleg ppt kerken en kloosters
 
POS Processing by Computer Market Research
POS Processing by Computer Market ResearchPOS Processing by Computer Market Research
POS Processing by Computer Market Research
 
KnowledgeZoom for Java: A Concept-Based Exam Study Tool
KnowledgeZoom for Java: A Concept-Based Exam Study Tool KnowledgeZoom for Java: A Concept-Based Exam Study Tool
KnowledgeZoom for Java: A Concept-Based Exam Study Tool
 
Create jobs - inspire a generation (overview)
Create jobs - inspire a generation (overview)Create jobs - inspire a generation (overview)
Create jobs - inspire a generation (overview)
 
Tarea de tecnologia ii
Tarea de tecnologia iiTarea de tecnologia ii
Tarea de tecnologia ii
 
ECC conference 26 June press clippings
ECC conference 26 June press clippingsECC conference 26 June press clippings
ECC conference 26 June press clippings
 
Australian Fur Seals
Australian Fur SealsAustralian Fur Seals
Australian Fur Seals
 

Ähnlich wie Cyber Security

30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
Kaukau9
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
14941
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
Cisco Canada
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
ANUSREEASHOK5
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
Gregory Hanis
 

Ähnlich wie Cyber Security (20)

30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
CyberSecurity.pptx
CyberSecurity.pptxCyberSecurity.pptx
CyberSecurity.pptx
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Network security
Network securityNetwork security
Network security
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 

Cyber Security

  • 1. Cyber Security UNCLASSIFIED Al-Nahrain Center for Strategic Studies Iraq and the Regional Security in a Changing Environment Baghdad, Iraq UNCLASSIFIED Lieutenant Colonel Randy Carlson, U.S. Army
  • 2. UNCLASSIFIED Cyberspace Environment Goal for Environment • Innovative – continue to adapt with changing system of networks • Globally Interoperable – able to interact across international boundaries • Secure – protect networks serving government and civilian equities • Reliable – keep the network running Achieving Goal • Diplomacy – work together to create policy that will lead an open, secure and reliable cyberspace • Defense – protect networks and systems and reserve the right to defend vital national assets • Development – continue to work to create a cyberspace environment that is more open, secure and reliable. Global, Internationally Shared Operating Environment 2 UNCLASSIFIED
  • 3. UNCLASSIFIED Internet Security Terms 1. Spearphishing - A targeted trap that tricks the user into revealing his security credentials. http://www.fbi.gov/news/stories/2009/april/spearphi shing_040109 2. Hacktivism - the use of computers and computer networks as a means of protest to promote political ends. http://en.wikipedia.org/wiki/Hacktivism 3. Anonymous (used as a mass noun) is a loosely associated hacktivist group that originated in 2003 on the imageboard 4chan, representing the concept of many online and offline community users simultaneously existing as an anarchic, digitized global brain. 4. Botnets - A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. 5. Rootkits- A rootkit is software that implements stealth capabilities that are designed to hide the existence of certain processes or programs. 3 UNCLASSIFIED
  • 4. UNCLASSIFIED Cyber Threat • Cyber threats are a current threat to government and civilian network infrastructure • Cyber threats continue to grow on daily basis; over 60,000 new malicious software programs are identified every day (USCYBERCOM). • Increased concern for attacks affecting economic interests, especially the theft of business information and intellectual property • Three areas of cyber threats: 1. Exploitation 2. Disruption 3. Destruction The threat is here now and has moved to major criminal activity (McAfee). 4 UNCLASSIFIED
  • 5. Top Vulnerabilities for 2012 – Industrial threats will mature and segment – Embedded hardware attacks will widen and deepen – Hacktivism and Anonymous will reboot and evolve – Virtual currency systems will experience broader and more frequent attacks – Domain Name System will drive new network threat vectors – Traditional spam will go “legit,” while spearphishing will evolve into the targeted messaging attack – Mobile botnets and rootkits will mature and converge – Rogue certificates and rogue certificate authorities will undermine users’ confidence – Advances in operating systems and security will drive next- generation botnets and rootkits Source: Mcafee Threat Predictions 5 http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf
  • 6. UNCLASSIFIED Mitigating Actions to Cyber Threats General • Establish an organization to anticipate, mitigate, and deter cyber threats. • Work for strong cooperation between the government and private industries. • Collaborate with international community and allied partners on cyberspace security issues. Active Cyber Defense • Capability to discover and defeat threats and vulnerabilities to government and civilian networks and systems • Use sensors, software, and intelligence to detect and stop malicious activity before it can affect networks or systems • Intrusions may not always be halted outside the local network; technology must also work to identify and combat malicious activity inside the local network. Collaboration and Organization are Critical to Fight this threat 6 UNCLASSIFIED
  • 7. UNCLASSIFIED Mitigating Actions to Cyber Threats Manage • Develop a trained and ready workforce... – simple user awareness – committed investments in technical education/training • Establish procedures for incident response and overall network situational awareness • Ensure solid access control measures • Develop backup capabilities • Establish accountability processes 7 UNCLASSIFIED
  • 8. References Mcafee Threat Predictions http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf International Information Systems Security Certification Consortium https://www.isc2.org/ IEEE Spectrum Security Page http://spectrum.ieee.org/telecom/security SAN Internet Storm Center https://isc.sans.edu/ How Stuff Works - Firewalls http://www.howstuffworks.com/firewall.htm Log Analysis Software http://www.sawmill.net/ How Visa Protects Your Data http://www.fastcompany.com/magazine/160/visa-secret-security-center 8
  • 10. Backups 10
  • 11. Rule #1 • Know ALL of what is in your network and EVERYBODY who is using your network. – Inventory of Hardware and Software – Inventory of Software – Identity of People • People must be trained and screened. – Inventory of Address Space – Inventory of Patches and Corrections – Network Management Software is key. • Network Element Manager Must do these actions all the time! 11
  • 12. Rule #2 • Monitor who and what is connecting into and out of your network. – Firewall Management is critical – Intrusion Detection is critical – Inventory of all Circuits – Inventory of all Outsourced Maintenance Access – Inventory of any shared gateways – Inventory of EXTERNAL Address Space – Visibility is critical, but in a different way. • Log Analysis Tools Execute persistent, consistent monitoring and protection! 12
  • 13. Rule #3 • Recognize that the language of security varies from device to device and vendor to vendor, this results in very big mistakes. – Different Ways to say the same thing depending on vendor or model of device. – On one type of firewall • Deny 129.32.100.1 -255.255.255.0 -> Denies Networks from 129.32.100.1 to 129.32.100.255 • Deny 129.32.100.1 – 0.0.0.255 -> Allows Networks from 129.32.100.1 -> 129.32.100.255 – On another type of Firewall • Deny 129.32.100.1 -255.255.255.0 -> Allows Networks from 129.32.100.1 to 129.32.100.255 • Deny 129.32.100.1 – 0.0.0.255 -> Denies Networks from 129.32.100.1 -> 129.32.100.255 – Very easy to make mistake that can open up your entire network. – Must have “automated tools” and Big Picture Analysis to see these mistakes as they are very difficult to see and tend to hide. – Can be very hard to find a mistake. Apply right tools and training at the right time. 13
  • 14. Network Address Description How many ways can you describe a group of hosts? - Start to end 123.134.1.0 - 123.134.1.255 - Address to subnet mask - 123.134.1.0 255.255.255.0 - CIDR Format - 123.134.1.0/24 - Address and wildcard mask 123.134.1.0 0.0.0.255 - Label - "DMZ" - 123.134.1.0/24 Language - Binary is universal? - Checkpoint Firewall - ranges - 10.11.12.0-10.11.12.255 - If you wanted to let 1 IP address in on your Checkpoint Firewall – You would do Permit 10.11.12.13 - 10.11.12.13 -Same Logic on Cisco Firewall – “access-list outside permit ip 10.11.12.13 10.11.12.13 any” -You just let in over 4,000,000 IP addresses!!! -Correct Statement would be: -“access-list outside permit ip 10.11.12.13 255.255.255.0 any” 14
  • 15. Language Problems Language?? - Binary is universal language?? Not so.. - Checkpoint Firewall - ranges - 10.11.12.0-10.11.12.255 - If you wanted to let 1 IP address in on your Checkpoint Firewall – You would do Permit 10.11.12.13 - 10.11.12.13 -Same Logic on Cisco Firewall – -“access-list outside permit ip 10.11.12.13 10.11.12.13 any” -You just let in over 4,000,000 IP addresses!!! -Correct Statement would be: -“access-list outside permit ip 10.11.12.13 255.255.255.0 any” You must know the SPECIFICS of how your equipment works!!! 15
  • 16. Examples (Not Recommendation) of Technologies – Inventory of Hardware - Microsoft® Systems Management Server (SMS) – Inventory of Software - Microsoft® Systems Management Server (SMS) – Identity of People – Public Key Encryption – Inventory of Address Space – Solar Winds – Inventory of Patches and Corrections - Novell ZENworks 16
  • 17. Examples (Not Recommendations) of Technologies – Firewall Management - Juniper Networks® Network and Security Manager (NSM) – Intrusion Detection – McAfee IDS – Inventory of all Circuits - Clarity Inventory Manager – Inventory of all Outsourced Maintenance Access – ObserveIt 3rd Party Monitor – Inventory of any shared gateways – Solar Winds – Inventory of EXTERNAL Address Space – Firewall Add on programs (DIFFICULT PROBLEM!!) 17

Hinweis der Redaktion

  1. Taken from President’s International Strategy for Cyberspace (ISC)
  2. Taken from President’s International Strategy for Cyberspace (ISC)