Abstract image of a woman sitting on books and studying on a laptop

Information_Security_Class

Download as PPT, PDF
D
Dr. Robert L. Straitt

This document contains a presentation on information system security given by Robert Straitt to the University of Corsica. The presentation covers various topics related to information system security threats including types of threats (vandalism, criminal activities, terrorist activities, and military activities), vulnerabilities (commercial software, poorly engineered software, inadequately protected systems, inexperienced or negligent workers, and open communications systems), and safeguards. The document provides details on each of these topics.

1 of 38
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Corsica - USACorsica - USA IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com Information System SecurityInformation System Security University of Corsica, Corte, Corsica 5 January 2000 Robert L. Straitt Organizational Performance Architect 965 West Highway 36, Suite 301, Roseville, MN 55113, USA Tel 651-766-8579 Fax 651-765-6344 rstraitt@indotectsolutions.com
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 2 Information System Security Agenda Topics for Today – Types of Threats – Types of Vulnerabilities – Types of Safeguards – Compromise Scenarios & Exercises – Discussions
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 3 What are the Threats? – Vandalism – Criminal – Terrorist – Military Information System Security Types of Threats
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 4 Information System Security Types of Threats Vandalism •Is a destructive attack on an information system for vengeance or the pleasure of the attacker. •Vandalism involves the penetration of an information system to browse or search data; download or change data, disrupt service to others; or in some way cause damage or harm to the information system. •Vandalism is equivalent to what was traditionally known as "Hacking" in that it always causes some form of physical or emotional damage to the property owner. We will see that today hacking is thought of as much more than just vandalism.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 5 Information System Security Types of Threats Criminal Activities •Objectives for criminal attacks usually are intended to result in direct financial gain. However, many other criminal activities such as malicious destruction and invasion of privacy are committed. These are usually performed in conjunction with or in support of some financial or personal gain. •The difference between computer vandalism and other computer crimes is the intent of the actor. Although the cost of vandalism can be high, it is the systematic and the intent of financial gain of the criminal attack that makes it devastating to it victims. •Criminal activities are most often related to bank frauds, credit frauds, industrial espionage, invasion of privacy; and theft of services.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 6 Information System Security Types of Threats Terrorist Activities •Unlike other forms of warfare which has the goal to defeat an enemy physically, terrorism is designed to defeat an enemy psychologically. By attacking the enemies believe in their own status of security, terrorist are able to destroy an enemy's ability to function normally and defend itself. •Information terrorist can reduce a population's ability to function normally or even paralyze a whole nation through the fear of being helpless against a terrorist attacks. •Today almost every aspect of our lives is somehow dependent on information systems, from food processing and education, to medical treatment and purchasing. Terrorist attacks against financial systems and transportation systems alone can cause wide scale panic of a population. •Interruption of on systems, as common as point of sale systems, across wide areas of a country can result in significant political pressures to be placed on a government's decision and ability to act or not act against a terrorist group.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 7 Information System Security Types of Threats Military Activities •The ability to destroy an enemy's capability to wage war or defend itself without suffering any collateral damage has long been a dream of military leaders. •Internet connections and information warfare techniques now make it possible for enemies armed with less equipment and weapons to gain a decisive advantage over their adversaries at a small price. Sophisticated computer viruses and automated attack routines, allow adversaries to launch untraceable attacks from anywhere in the world against sensitive information and systems. Service from vital communications backbones or power systems which could disrupt military operations and readiness can be denied. An enemy's weapon systems can even be retargeted against their own or friendly forces. •The United States Department of Energy and NSA estimate that more than 120 countries have established computer attack capabilities and most countries are believed to be planning some degree of information warfare as part of their overall security strategy.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 8 Information System Security The Vulnerabilities What are the Vulnerabilities? – Commercial Software – Poorly Engineered Software – Inadequately Protected Systems – Inexperienced or Negligent Workers – Open Communications Systems
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 9 Information System Security The Vulnerabilities Commercial Software •Commercial software is one of the most important weapons in the information warfare arsenal. Because it is used by most sectors and it encompasses all forms of software from operating systems, communications systems, applications software, to even the anti-virus and security software designed to protect an information system. •Commercial software is usually prone security traps like: backdoors, viruses, bombs, and Trojan horses to name a few. •The ability to enter a financial institutions information system by accessing a hidden back door that is opened by a Time Bomb that also releases a Worm(visible process) and activates a dormant virus to bring down system components and cause confusion while the back door is being used for its intended purpose. •Because commercial software is mostly sold without source code and engineering documentation an organization's security measures may be useless to protect against these hidden dangers.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 10 Information System Security The Vulnerabilities Poorly Engineered Software •Poor software engineering methods have left an open door of invitation to hackers, terrorist, and enemy agents to infiltrate industrial, financial, public service, and military systems around the world. •Original user requirements are seldom adequately documented, reviewed, and approved by end users' technical experts. Formal software architectures, and technical requirements are rarely developed. Leaving no baseline to review finished projects against. •As-built software documentation and basic configuration control techniques in most software organizations are nonexistent or haphazard at best. •Software engineering that is done is usually accomplished by software analyst and programmers that are competent technicians but have little if any at all engineering education or training.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 11 Information System Security The Vulnerabilities Inadequately Protected Systems •Systems that are connected directly to the outside-world without any forms of security: It may be expected that these would usually be personal systems for home use. However many business system especially those owned in operated by small non-information type companies are regularly connected to the internet without even minimal security measures in place. •Systems which have obsolete or insufficient security measures. Such systems may be found even in large organizations that do not have a sufficiently trained and properly managed information technology department. •Inadequately protected systems become breeding grounds for the spread of virus and can create a direct conduit into systems that are otherwise secure. •Systems with some but poorly implemented protection are the worst because their owners think they are safe, when they are now in fact at the highest risk.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 12 Information System Security The Vulnerabilities Inexperienced or Negligent Workers •Inexperience and negligent workers are a very high risk to system security. An inexperienced worker may provide sensitive data to an attacker, may access internet sites designed by an attacker, and may delete or disable safeguards unknowingly. •Inexperienced and negligent workers also introduce a human factors issue into the problem, in that once they have created a security compromise and they become fearful of being discovered in ridiculed or possibly fired, they will often try to cover up their mistakes or fail to tell someone of a known problem while the system continues operating at risk or is under attack. Then it is too late. •Attackers target these individuals within organizations to give them information about systems, actually gain access to systems. In many instances the attacker can get these individuals to unknowingly plant viruses, software bombs, or other tools of information warfare within the targeted system.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 13 Information System Security The Vulnerabilities Open Communications Systems •Open or unsecured communications systems is the easiest way for attackers to gain access to information systems or sensitive information being transmitted by an organization. •E-commerce has grown substantially in the last two years and safeguards to protect financial information being transmitted are available. Yet many organizations and individuals fail to use these safeguards. Attackers monitoring data lines and internet sites collecting information needed to commit financial crimes, support terrorists activities and even neutralize national defenses. •Communications can be intercepted even before they leave an individual terminal through van Eck monitoring. This done through the use of sensitive radio receivers which monitor the low level electromagnetic emissions computer and other electronic equipment associated with an information system.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 14 Information System Security Security Safeguards What are the Methods of Safeguards? – Physical Security – Communications Security – Information Security – Software Security – Personal Security
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 15 Information System Security Security Safeguards Physical Security • Physical security involves the protection of the information system hardware, facilities, power and communications systems, and personnel. • Threats to physical security can include: – Fire, Smoke, and Explosion Damage – Water, Storm, or Earthquake Damage – Vandalism, Theft, and Physical Damage – Assaults, Threats, and Kidnapping of Personnel – Electronic Attacks, EMP, van Eck Monitoring, and Power-Line Carrier Invasion • Depending on the value of the information contained within the system complex physical safeguard in the way of structures, backup power, communications and powerline filters; alarm systems, emergency response mechanisms, and even guards may be required. Perform electronic and physical sweeps for bugging and monitoring devises.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 16 Information System Security Security Safeguards Communications Security • Communications security involves the protection of information between nodes of an information system and transmission of information between systems. • Not connecting most vital systems (Level 1 & 2) to outside networks. • Encryption of information between nodes and between systems. Can greatly reduce the risk of communications being intercepted. • Use of secure communications technologies such as dedicated fiber optic cables, spread spectrum communications, and frequency hopping techniques. • Passwords and encryption keys should be changed regularly and selection of these should be random without obvious patterns or based on a single selection criteria.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 17 Information System Security Security Safeguards Information Security • Information security involves mechanisms to protect sensitive or valued information from being disclosed or exploited. • Hard copy waste should be shredded before disposal. • Advertisement and public release information should be reviewed to ensure that over time sensitive information is not be released in otherwise unnoticeable discreet packages. • Discussions of work issues should be done in appropriate places and employees should be aware of the type of notes and records that are kept so that these pieces of information can be protected or destroyed properly. • Reports of information requests should be tracked and analyzed. Information compromise threads should be determined early and matching patterns of information access investigated.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 18 Information System Security Security Safeguards Software Security • Software security begins with proper software engineering principals being applied at the conception of an information system and followed throughout the life of that system. • You cannot easily protect something unless you know whether you have it or not and where it is! • Virus scanning software should be used and updated regularly. Firewalls should be employed on all outside connections. Security software to detect, monitor, and record additions, deletions, and modifications (down to single bit flips) should be integrated into system security measures. • Conduct regular security audits of the system software and compare results back to log files and/or hardcopies that are certified by configuration controlled engineering documentation such as user requirements, system architecture, and detail design documents.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 19 Information System Security Security Safeguards Personal Security • The best technology safeguards available are useless if the people operating them can not be trusted. • Here again the best safeguards begin with proper software engineering practices. It is important to know the value of the information within your system and software but it is equally important to understand how your software interacts with the world. The easiest place to introduce a information warfare weapon is often commercial software developed for general public use that will ultimately be linked directly or indirectly to the targeted system. • Check the backgrounds of the people you have working on your software, use documented engineering; quality, and configuration practices. These mechanism will expose most attempts to embed a software weapon and also catch inadvertent programming errors that can be as damaging as a bomb.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 20 Information System Security Compromise Scenarios • What are the Scenarios? – Netwar – Cyber War – Exercises
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 21 Information System Security Scenarios Netwars • Netwar is a whole new type of war far that involves conflicts of culture, with the loosing culture being assimilated or totally eliminated. In a way netwar is high-tech genocide, where you keep the body and kill the thoughts. • This type of warfare is focused on the domination of a group, which is some how linked together by cultural ideas. Thus it may not be nation against nation. It can be rival companies, religions, or social organizations. • Netwars are fought by slowly introducing ideals into the rival culture by using the rival cultures trusted information systems. This could be the internet, television, radio, newspapers, or other mechanisms such as school books and courses. It is apparent all netwar doesn't occur over the electronic media. This is its deceptive nature. In the end it is the electronic ,media that makes the coup de grâce possible. • It may be said that a netwar is not a real war? Yet the ultimate intended goal of a net war is as real in complete as any traditional war of history. It is the complete domination of one cultural group and their resources by another.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 22 Information System Security Scenarios Cyberwars • Cyberwar unlike netwars is the use of information's systems to physically destroy the opponents resources, people, and culture. • Cyberwar first begins before any shoots are fired and focuses on the acquiring of as much information about the enemy as possible and building information networks to best be able to analyze and exploit that information faster, better, and cheaper then the enemy. • The next phase of cyberwar is targeting of enemy resources. This includes the enabling of friendly command and control systems, positioning of intelligent tactical and strategic weapons, penetration of information systems and interception, and configuration of disruptive weapons (jammers, automailers; viruses). • The third phase of cyberwar is the attack. But unlike traditional warfare the attack can be almost instantly modified or cancelled to the extend that the enemy may never know the attack occurred. Cyber attacks when carried through most effectively will leave the enemy command believing they are in victory as your weapons annihilate them.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 23 Information System Security Scenarios A Netwar Scenario Franco Technologies wants to dominate the market they now have to share with Cauria Industries. Franco believes that they can best weaken Cauria's business capabilities by a netwar attack. Phase 1) Franco uses Information Exploitation to find Cauria's weaknesses • Distribution and demographics of customers are determined by hiring a marketing company to do internet and telephone surveys and based on shipping records of Cauria's products from a transportation company that Franco maintains information systems for. – Franco learns that most customers live in two regions and have strong cultural & religions connections. – Franco learns that new products are always shipped two months before they are released and purchase orders for shipping are issued six months in advance. Commitment to go to market with a product must be made at least 7 to 8 months before they are shipped. – Franco learns that the two largest buying groups will not buy products that are biased against their cultural and religious norms.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 24 Information System Security Scenarios A Netwar Scenario (cont.) Phase 2) Franco uses active industrial espionage to learn Cauria's development plan. • Franco develops a virus that when embedded in the host system auto-activates when ever purchase orders for shipping are issued, it searches the host system for design data and transmits the design files with the purchase order data. Franco is able to upload the virus into Cauria's system when it introduces at no cost a transportation management application to the transportation company for a trial period. – Franco learns the design and marketing strategy for a new line of Cauria's products. – Franco gets periodic updates from Cauria concerning the new product. Phase 3) Franco utilizes the internet and advanced multimedia techniques to suggest they be developing a product similar to Cauria's. – Franco causes Cauria to increase investments into product development, production, and pricey advertising out of fear that Franco is producing a similar competing product. – Franco using suggestive phasing and imaging begins to exploit the cultural and religious bias of consumer base for Cauria's products.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 25 Information System Security Scenarios A Netwar Scenario (cont.) Phase 4) Franco begins using a form of info-terrorism to turn market against Cauria . • Franco develops an advertising campaign that links Cauria's new product to cultural and religious taboos. Using the internet and automailers Franco targets a potential customers by email with negative verbal and graphical message that link the use of the yet unreleased product to known customer taboos. Franco finances printed media and public interest television programming for a human relief support campaign. Through out the financed articles and documentaries are graphical, audio, and textual imagery related to Cauria's product. – Franco has been able to plant in customer minds rejection of a product not yet released. – Franco has prevented Cauria from effectively selling the product in the targeted market. – Franco has created a need in customers mind for product alternatives to the Curia's product that Franco is now producing.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 26 Information System Security Scenarios A Netwar Scenario (cont.) Outcome – Cauria's product is a failure, its advertising campaign for the product fell pray to the subliminal poisoning of market done by Franco (if it looks like this and does this look at the bad it produces). – Because of the early stress placed on Cauria's finances to beet Franco to market with the product, Cauria doesn't have the resources to recover. – Franco buys the complete stock of unshipped product at 10% of its value, repackages the product and sells it in a different market at a substantial profit. – Cauria stock plummets and is eventually bought out by Franco. Note: This type of scenario may resemble a traditional propaganda campaign that has been used for years. The difference here is the timing and overall success. Using netwar techniques Franco was able to quickly learn a competitor's business strategy. Implement social-economic changes in the market place, evaluate impact and make adjustments in real time. What could you have done as Cauria's CIO to prevent this attack from being successful?
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 27 Information System Security Scenarios A Cyberwar Scenario A small country Morano with a determined leader decides to take over a neighboring and larger country Pugno which has a sizable army. Morano's purpose is to gain access to unexploited resources, to expand its population base and to acquire the well developed urban areas of Pugno. Phase 1) Morano using common industrial components, clandestinely builds an information warfare infrastructure, capable of conducting an international Cyberwar and supporting aggression. • Establishes a distributed network of Cyberwar centers, each completed shielded from outside monitoring and electronic detection. Each center has self-contained power generation and filtered communications and external power. – Morano is worried about electronic monitoring by the international community and protects against it. – Morano is worried that a single center may be detected because of high communications traffic volumes, or that a single center may be crashed by a virus or other external attack.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 28 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 1) (cont.) • Using its diplomatic services Morano successfully establishes several centers in European, Asian, and South American countries that have few laws concerning electronic activities. – Morano wants to have external centers that if located can be denied and will serve to provide capabilities in case of severance of communications to Morano. – Morano needs access to information experts "Hackers" and technology not available in Morano and doesn't want to attract international attention by importing these to Morano. Phase 2) Moran using information exploitation techniques begins monitoring Pugno and Pugno's allies to gain needed information about strategic and tactical targets. • Using van Eck Monitoring techniques Morano is able to learn MAC and DAC information for many of Pugno's military and civil authority information systems. – Morano is now able to remotely access Pugno's systems using stolen user ID's and passwords. – Morano is able to gather vital information about military and civil communications and public utilities. –
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 29 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 2) (cont.) • Morano begins active monitoring and periodic probing of Pugno's information systems. – Morano needs to identify and map all key strategic and tactical targets. – Morano continues to gather and analyze information about Pugno's automated systems and inter-dependencies with manual systems and back-up capabilities. – Using its centers established in foreign countries Morano is able to launch limited probes and attacks against Pugno's information systems to test their security limitation. Phase 3) Morano begins infiltrating Pugno's information systems from numerous points of entry. • Morano using various hacking techniques is able to create backdoors in many of Pugno's sitemaps. Learning that Pugno is planning on upgrading its information system security by buying new software and hardware from a company in the United States, Morano arranges to have one of its foreign experts hired for the project. – Morano needs undetectable access to Pugno's systems to monitor activities and take over system administration when necessary. – Morano foreign expert is able to build into the security software several backdoors, and is able to code in several viruses and worms that will be activated when needed.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 30 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 3) (cont.) • Morano after analyzing communications of Pugno finds that many government users access certain categories of web-sites frequently. Morano begins creating similar web sites through foreign service providers and at foreign public education sites. Each site has specially developed viruses, macro viruses, bombs, and payloads embedded in it. – Morano needs to have multiple weapon types introduced in to Pugno's information systems to conduct specific attacks and to prevent failure by detection of one weapon type by Pugno's security monitoring. – Morano uses foreign owned and created sites to so they can deny accountability. – Because these sites will be accessed by users from around the world general purpose virus and other weapons included in these sites will cause wider scale confusion when activated. Only Morano' centers are inoculated against them.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 31 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 4) Morano initiates a structured Cyberwar attack against Pugno. • Moran first initiates limited attacks on foreign information links to Pugno and activates a number of hidden bombs and virus distributed months before, creating confusion on an international basis. – Morano needs to create the impression of an random international hacker activity. – Morano needs Pugno to activate all of its information security measures at one time so that the activation sequence for auto activating the next phase of the assault. • Moran then initiates its attacks on military and civil authority targets. First worms and viruses are activated to disrupt communications and distract security and system administrators, while control of networks is established vie other measures. – Morano needs neutralize all military systems and civil authority systems to prevent organized resistance. – Morano needs to take control of military and civilian command and control systems to be able to direct Pugno's military to attack their own units. – Morano needs to be able to direct civilian police to arrest individuals with false charges. – With total control of the official information systems Morano is able to issue orders that appear to field units to be coming from legitimate Pugno authorities. With all other communications systems under Morano control and disrupted there is no other mechanisms to verify orders are official or not.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 32 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 5) Morano occupies Pugno. • Moran troops move into Pugno encountering little military resistance as most military units are confused and disoriented and follow what they believe to be official orders to surrender. Within 72 hours Morano has completely – Morano used advanced cinematic special effects to create propaganda films showing the Pugno government capitulating to Morano. These were displayed to the Pugno population. – Morano immediately distributed Morano currency to financial institutions and new credit and ATM cards that operated with the Morano controlled financial network. These credit and cash cards were selectively issued to the population. – Morano monitored, intercepted and maintained control of all international communications.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 33 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 4) (cont.) • Morano activates EMP/T Devices and Hertz Guns which are directed specific Pugno military targets such as armored vehicles, aircraft, and radar sites. – Morano needs to deactivate all means of military resistance as soon as possible. – Without having a large conventional military force of its own Morano has demobilized an army's entire war machine. – Morano will be able to take possession of all military equipment and repair damaged electronic components at minimal costs. • Moran then continues its electronic attacks on civilian targets taking control of all electric power grid and all other public utilities. Morano selectively shuts down utilities to the Pugno population. – Morano needs keep Pugno population confused in disoriented by shutting down alarm systems, electrical power and jamming or shutting down all radio and Television transmissions. – Morano is careful to avoid international ridicule by not effecting hospitals and other humanitarian facilities. – Morano will later return services selectively as in gains physical control of areas.
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 34 Information System Security Scenarios A Cyberwar Scenario (cont.) Outcome – Morano successfully attacked and conquered a neighboring country with minimal physical damage and loss of life. – Morano used the power and speed of information warfare weapons to disable most military and civil authority weapons within hours of the attack beginning.t – By using the now totally controlled media and telecommunications systems Morano was able to convince the majority of the Pogno population that the transfer of government administration was at the request of the Pogno government's request and was totally legal. – By being able to control all public utilities and financial systems Morano was able to maintain control of the civil population with little resistance by allowing full access to these services to those who accepted the transfer of government. What could you have done as Pongo's Minister of Defense to prevent this attack from being initiated or being successful?
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 35 Information System Security Scenarios Netwar Exercise A major American manufacture of equipment for the transportation industry is competing against a third world syndicate of manufactures mostly from Asia for the same contracts for a new airliner being built in Europe. The contracts are valued at over 1 Billion Dollars US. The Asian syndicate needs the contracts to survive. Group A) Works for the Asian Syndicate and has been instructed to wage a NetWar campaign against the American Firm. Your group has been told to take whatever action is necessary, legal or illegal to disrupt the American company’s ability to compete for these contracts. You are told not to get caught as the Syndicate would be disqualified from the competition. What will you do to successfully attack ? Group B) Works for the American Manufacturer where they are responsible for security of the information services of the company and for the automated manufacturing system. Your group is aware of the ongoing competition and believe that this same syndicate has successfully wage a Netwar against other companies in the past. What will you do to protect your companies information network?
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 36 Information System Security Scenarios Cyberwar Exercise A small country lead by a radical dictator has convince several of it neighboring countries that if they allied themselves together they could wage a successful war in their region and take control of and plunder all of the non-allied countries. The major problem is a significant presence of French and American business and military units in the region. Group A) Your group has been ordered by the dictator with support of allied leaders to use Cyberwar techniques to defeat the enemy and to render American and French forces helpless by direct attack against their systems or by creating political resistance in France, America, and the United Nations against any intervention. How will you ensure victory for your leader by destroying your enemy's defenses? Group B) You work for a joint French and American special unit responsible for maintaining peace in the region. Your commanders have learned from intelligence agents that this dictator is planning a war and realize that because his limited military resource he may plan on using Cyberwar weapons. Both France and America have been under pressure and ridicule from the world community to remove their troops and stop accusing the dictator of causing problems without evidence. You can not use conventional weapons against the dictator unless he launches conventional weapons directly at you forces in the region. How will you defend against a Cyberwar attack and defeat the attacker?
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 37 Information System Security Discussions Discussions • What Risks Do you think exists locally for you? • What risks do you think your country might face? • What risks do you think we all face globally? • What can you do to reduce the risks? • What can you do to minimize the impacts to you?
Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 38 Some popular infowar weapons • Trojan Horses • Bombs & Time Bombs • Worms • Viruses • Fragmented Packets • Faked IP source addresses • Binary Virus • Multi-tasking • Propagation; migration, obscurity • Payloads & Master Payloads • Backdoors • BOTs & Kill BOTs • Web crawlers • Macro Viruses • EMP/T Bomb • HERF Gun • van Eck monitoring Some Popular Security Mechanisms • Firewalls • Routers • Virus Scanners • Level 1, 2, 3 systems • IP Packet Filtering • Discretionary Access Controls • Mandatory Access Controls

More Related Content

PPTX
Introduction to cyber security
AliyuMuhammadButu
 
PPT
network security lec2 ccns
Danish Mahmood
 
PDF
Balancing Your Internet Cyber-Life with Privacy and Security
evolutionaryit
 
POT
Chapter11
Izaham
 
PDF
Whitepaper-When-Admins-go-bad
banerjeea
 
PDF
Staying Safe and Secure Online
evolutionaryit
 
PPSX
Insider threats and countermeasures
KAMRAN KHALID
 
PDF
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
Introduction to cyber security
AliyuMuhammadButu
 
network security lec2 ccns
Danish Mahmood
 
Balancing Your Internet Cyber-Life with Privacy and Security
evolutionaryit
 
Chapter11
Izaham
 
Whitepaper-When-Admins-go-bad
banerjeea
 
Staying Safe and Secure Online
evolutionaryit
 
Insider threats and countermeasures
KAMRAN KHALID
 
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 

What's hot (19)

PDF
DNS Cybersecurity in 2012-2015
Andrzej Bartosiewicz
 
PDF
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
PDF
Network monitoring white paper
Imaging Network Technology, LLC
 
PDF
First Union Bank Report
Yogesh Kumar
 
PDF
5 Critical Steps to Handling a Security Breach
Seculert
 
PPT
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
UISGCON
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
PPT
Computer Security
Vaibhavi Patel
 
PPTX
Internet and Global Connectivity – Security Concerns
Akshay Jain
 
PPTX
Types of cyber attacks
krishh sivakrishna
 
PDF
Why Risk Management Fails
Richard Stiennon
 
PPTX
Insider threat v3
Lancope, Inc.
 
PPT
Information Technology Security Basics
Mohan Jadhav
 
PPTX
Basic Security Concepts of Computer
Faizan Janjua
 
PPT
Security Lifecycle Management Process
Bill Ross
 
PPT
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
PDF
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
PPT
Introduction To Computer Security
Vibrant Event
 
DOCX
Computer security and privacy
eiramespi07
 
DNS Cybersecurity in 2012-2015
Andrzej Bartosiewicz
 
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
Network monitoring white paper
Imaging Network Technology, LLC
 
First Union Bank Report
Yogesh Kumar
 
5 Critical Steps to Handling a Security Breach
Seculert
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
UISGCON
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
Computer Security
Vaibhavi Patel
 
Internet and Global Connectivity – Security Concerns
Akshay Jain
 
Types of cyber attacks
krishh sivakrishna
 
Why Risk Management Fails
Richard Stiennon
 
Insider threat v3
Lancope, Inc.
 
Information Technology Security Basics
Mohan Jadhav
 
Basic Security Concepts of Computer
Faizan Janjua
 
Security Lifecycle Management Process
Bill Ross
 
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ni
 
Introduction To Computer Security
Vibrant Event
 
Computer security and privacy
eiramespi07
 
Ad

Viewers also liked (15)

PDF
Matemáticas Financieras. Ley financiera de capitalización compuesta. problemas
JUAN ANTONIO GONZALEZ DIAZ
 
PPTX
Presentación de resultados Entrevista de Satisfaccion Cosplayer. (Oleada Dic ...
Sunaked
 
PDF
Lettre Françoise Rancan
Raphael Bastide
 
PDF
4
Ghassan Atari
 
PDF
DVD copy
Roddybains54
 
PPTX
00249 copy 8
justindl97
 
DOCX
TripAdvisor guest comment
Louise Dauphin
 
PPTX
Clarahominidoscyt
Colegio Almedina
 
PDF
A quick introduction to The Things Network
Mark Stanley
 
RTF
Fox Resume Regional Sales Manager 012016
Steve Fox
 
PDF
Feldman Feldman & Associates PC
Ollie W. Billy
 
PDF
Destilación de crudo
samanthaalig
 
PDF
PORTIONING MACHINE MDO. AZZURRITE
Gelmini S.r.l.
 
PPTX
Mmo для консолей
prechfourthesi1978
 
DOCX
Sean English - Resume
Sean English
 
Matemáticas Financieras. Ley financiera de capitalización compuesta. problemas
JUAN ANTONIO GONZALEZ DIAZ
 
Presentación de resultados Entrevista de Satisfaccion Cosplayer. (Oleada Dic ...
Sunaked
 
Lettre Françoise Rancan
Raphael Bastide
 
4
Ghassan Atari
 
DVD copy
Roddybains54
 
00249 copy 8
justindl97
 
TripAdvisor guest comment
Louise Dauphin
 
Clarahominidoscyt
Colegio Almedina
 
A quick introduction to The Things Network
Mark Stanley
 
Fox Resume Regional Sales Manager 012016
Steve Fox
 
Feldman Feldman & Associates PC
Ollie W. Billy
 
Destilación de crudo
samanthaalig
 
PORTIONING MACHINE MDO. AZZURRITE
Gelmini S.r.l.
 
Mmo для консолей
prechfourthesi1978
 
Sean English - Resume
Sean English
 
Ad

Similar to Information_Security_Class (20)

PDF
Security.pdf
Karthick Panneerselvam
 
PPTX
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
PPT
Information security and compliance areas
rahulshah641439
 
PPT
Security practivce and their best way to lear
rahulshah641439
 
PDF
How secure are your systems
City Unrulyversity
 
PPT
Information System Security(lecture 1)
Ali Habeeb
 
PPT
Iss lecture 1
Ali Habeeb
 
PDF
IA 124 Lecture 01 2022 -23-1.pdf hahahah
flyinimohamed
 
PDF
Justifying IT Security: Managing Risk
judythornell
 
PPTX
Security and control in Management Information System
Satya P. Joshi
 
PPT
Example of threats to the security of systems.ppt
hellasassin
 
PPT
its a computer security based ppt which is very useful
SantoshChintawar
 
PPT
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
VinayKumarYB
 
PPT
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
VinayKumarYB
 
PPT
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
VinayKumarYB
 
PPT
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
VinayKumarYB
 
PPT
hel1systemsecurityinfomationsecurity.ppt
prathmesh3878
 
PPT
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
Itzsonya
 
PPT
hel1.ppt
ssuserfdf7272
 
PPT
Introduction to Computer Security.ppt
KojaSb
 
Security.pdf
Karthick Panneerselvam
 
Management Information Systems ( Security and Control.pptx
NamugenyiBetty
 
Information security and compliance areas
rahulshah641439
 
Security practivce and their best way to lear
rahulshah641439
 
How secure are your systems
City Unrulyversity
 
Information System Security(lecture 1)
Ali Habeeb
 
Iss lecture 1
Ali Habeeb
 
IA 124 Lecture 01 2022 -23-1.pdf hahahah
flyinimohamed
 
Justifying IT Security: Managing Risk
judythornell
 
Security and control in Management Information System
Satya P. Joshi
 
Example of threats to the security of systems.ppt
hellasassin
 
its a computer security based ppt which is very useful
SantoshChintawar
 
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
VinayKumarYB
 
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
VinayKumarYB
 
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
VinayKumarYB
 
Cybercrime Definition and Origins of the Word, Cybercrime and Information Sec...
VinayKumarYB
 
hel1systemsecurityinfomationsecurity.ppt
prathmesh3878
 
PBL PROJECT - B2- (54,56,50,40) (2) (1).ppt
Itzsonya
 
hel1.ppt
ssuserfdf7272
 
Introduction to Computer Security.ppt
KojaSb
 

More from Dr. Robert L. Straitt (6)

PPSX
Energy System Resilience
Dr. Robert L. Straitt
 
PPSX
Energy Management for the Information Age
Dr. Robert L. Straitt
 
PDF
Software Engineering Course
Dr. Robert L. Straitt
 
PDF
SQA_Class
Dr. Robert L. Straitt
 
PDF
LRAFB_Project Profile
Dr. Robert L. Straitt
 
PDF
Zuni_WasterWaterIdeas
Dr. Robert L. Straitt
 
Energy System Resilience
Dr. Robert L. Straitt
 
Energy Management for the Information Age
Dr. Robert L. Straitt
 
Software Engineering Course
Dr. Robert L. Straitt
 
SQA_Class
Dr. Robert L. Straitt
 
LRAFB_Project Profile
Dr. Robert L. Straitt
 
Zuni_WasterWaterIdeas
Dr. Robert L. Straitt
 

Information_Security_Class

  • 1. Corsica - USACorsica - USA IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com Information System SecurityInformation System Security University of Corsica, Corte, Corsica 5 January 2000 Robert L. Straitt Organizational Performance Architect 965 West Highway 36, Suite 301, Roseville, MN 55113, USA Tel 651-766-8579 Fax 651-765-6344 rstraitt@indotectsolutions.com
  • 2. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 2 Information System Security Agenda Topics for Today – Types of Threats – Types of Vulnerabilities – Types of Safeguards – Compromise Scenarios & Exercises – Discussions
  • 3. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 3 What are the Threats? – Vandalism – Criminal – Terrorist – Military Information System Security Types of Threats
  • 4. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 4 Information System Security Types of Threats Vandalism •Is a destructive attack on an information system for vengeance or the pleasure of the attacker. •Vandalism involves the penetration of an information system to browse or search data; download or change data, disrupt service to others; or in some way cause damage or harm to the information system. •Vandalism is equivalent to what was traditionally known as "Hacking" in that it always causes some form of physical or emotional damage to the property owner. We will see that today hacking is thought of as much more than just vandalism.
  • 5. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 5 Information System Security Types of Threats Criminal Activities •Objectives for criminal attacks usually are intended to result in direct financial gain. However, many other criminal activities such as malicious destruction and invasion of privacy are committed. These are usually performed in conjunction with or in support of some financial or personal gain. •The difference between computer vandalism and other computer crimes is the intent of the actor. Although the cost of vandalism can be high, it is the systematic and the intent of financial gain of the criminal attack that makes it devastating to it victims. •Criminal activities are most often related to bank frauds, credit frauds, industrial espionage, invasion of privacy; and theft of services.
  • 6. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 6 Information System Security Types of Threats Terrorist Activities •Unlike other forms of warfare which has the goal to defeat an enemy physically, terrorism is designed to defeat an enemy psychologically. By attacking the enemies believe in their own status of security, terrorist are able to destroy an enemy's ability to function normally and defend itself. •Information terrorist can reduce a population's ability to function normally or even paralyze a whole nation through the fear of being helpless against a terrorist attacks. •Today almost every aspect of our lives is somehow dependent on information systems, from food processing and education, to medical treatment and purchasing. Terrorist attacks against financial systems and transportation systems alone can cause wide scale panic of a population. •Interruption of on systems, as common as point of sale systems, across wide areas of a country can result in significant political pressures to be placed on a government's decision and ability to act or not act against a terrorist group.
  • 7. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 7 Information System Security Types of Threats Military Activities •The ability to destroy an enemy's capability to wage war or defend itself without suffering any collateral damage has long been a dream of military leaders. •Internet connections and information warfare techniques now make it possible for enemies armed with less equipment and weapons to gain a decisive advantage over their adversaries at a small price. Sophisticated computer viruses and automated attack routines, allow adversaries to launch untraceable attacks from anywhere in the world against sensitive information and systems. Service from vital communications backbones or power systems which could disrupt military operations and readiness can be denied. An enemy's weapon systems can even be retargeted against their own or friendly forces. •The United States Department of Energy and NSA estimate that more than 120 countries have established computer attack capabilities and most countries are believed to be planning some degree of information warfare as part of their overall security strategy.
  • 8. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 8 Information System Security The Vulnerabilities What are the Vulnerabilities? – Commercial Software – Poorly Engineered Software – Inadequately Protected Systems – Inexperienced or Negligent Workers – Open Communications Systems
  • 9. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 9 Information System Security The Vulnerabilities Commercial Software •Commercial software is one of the most important weapons in the information warfare arsenal. Because it is used by most sectors and it encompasses all forms of software from operating systems, communications systems, applications software, to even the anti-virus and security software designed to protect an information system. •Commercial software is usually prone security traps like: backdoors, viruses, bombs, and Trojan horses to name a few. •The ability to enter a financial institutions information system by accessing a hidden back door that is opened by a Time Bomb that also releases a Worm(visible process) and activates a dormant virus to bring down system components and cause confusion while the back door is being used for its intended purpose. •Because commercial software is mostly sold without source code and engineering documentation an organization's security measures may be useless to protect against these hidden dangers.
  • 10. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 10 Information System Security The Vulnerabilities Poorly Engineered Software •Poor software engineering methods have left an open door of invitation to hackers, terrorist, and enemy agents to infiltrate industrial, financial, public service, and military systems around the world. •Original user requirements are seldom adequately documented, reviewed, and approved by end users' technical experts. Formal software architectures, and technical requirements are rarely developed. Leaving no baseline to review finished projects against. •As-built software documentation and basic configuration control techniques in most software organizations are nonexistent or haphazard at best. •Software engineering that is done is usually accomplished by software analyst and programmers that are competent technicians but have little if any at all engineering education or training.
  • 11. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 11 Information System Security The Vulnerabilities Inadequately Protected Systems •Systems that are connected directly to the outside-world without any forms of security: It may be expected that these would usually be personal systems for home use. However many business system especially those owned in operated by small non-information type companies are regularly connected to the internet without even minimal security measures in place. •Systems which have obsolete or insufficient security measures. Such systems may be found even in large organizations that do not have a sufficiently trained and properly managed information technology department. •Inadequately protected systems become breeding grounds for the spread of virus and can create a direct conduit into systems that are otherwise secure. •Systems with some but poorly implemented protection are the worst because their owners think they are safe, when they are now in fact at the highest risk.
  • 12. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 12 Information System Security The Vulnerabilities Inexperienced or Negligent Workers •Inexperience and negligent workers are a very high risk to system security. An inexperienced worker may provide sensitive data to an attacker, may access internet sites designed by an attacker, and may delete or disable safeguards unknowingly. •Inexperienced and negligent workers also introduce a human factors issue into the problem, in that once they have created a security compromise and they become fearful of being discovered in ridiculed or possibly fired, they will often try to cover up their mistakes or fail to tell someone of a known problem while the system continues operating at risk or is under attack. Then it is too late. •Attackers target these individuals within organizations to give them information about systems, actually gain access to systems. In many instances the attacker can get these individuals to unknowingly plant viruses, software bombs, or other tools of information warfare within the targeted system.
  • 13. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 13 Information System Security The Vulnerabilities Open Communications Systems •Open or unsecured communications systems is the easiest way for attackers to gain access to information systems or sensitive information being transmitted by an organization. •E-commerce has grown substantially in the last two years and safeguards to protect financial information being transmitted are available. Yet many organizations and individuals fail to use these safeguards. Attackers monitoring data lines and internet sites collecting information needed to commit financial crimes, support terrorists activities and even neutralize national defenses. •Communications can be intercepted even before they leave an individual terminal through van Eck monitoring. This done through the use of sensitive radio receivers which monitor the low level electromagnetic emissions computer and other electronic equipment associated with an information system.
  • 14. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 14 Information System Security Security Safeguards What are the Methods of Safeguards? – Physical Security – Communications Security – Information Security – Software Security – Personal Security
  • 15. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 15 Information System Security Security Safeguards Physical Security • Physical security involves the protection of the information system hardware, facilities, power and communications systems, and personnel. • Threats to physical security can include: – Fire, Smoke, and Explosion Damage – Water, Storm, or Earthquake Damage – Vandalism, Theft, and Physical Damage – Assaults, Threats, and Kidnapping of Personnel – Electronic Attacks, EMP, van Eck Monitoring, and Power-Line Carrier Invasion • Depending on the value of the information contained within the system complex physical safeguard in the way of structures, backup power, communications and powerline filters; alarm systems, emergency response mechanisms, and even guards may be required. Perform electronic and physical sweeps for bugging and monitoring devises.
  • 16. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 16 Information System Security Security Safeguards Communications Security • Communications security involves the protection of information between nodes of an information system and transmission of information between systems. • Not connecting most vital systems (Level 1 & 2) to outside networks. • Encryption of information between nodes and between systems. Can greatly reduce the risk of communications being intercepted. • Use of secure communications technologies such as dedicated fiber optic cables, spread spectrum communications, and frequency hopping techniques. • Passwords and encryption keys should be changed regularly and selection of these should be random without obvious patterns or based on a single selection criteria.
  • 17. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 17 Information System Security Security Safeguards Information Security • Information security involves mechanisms to protect sensitive or valued information from being disclosed or exploited. • Hard copy waste should be shredded before disposal. • Advertisement and public release information should be reviewed to ensure that over time sensitive information is not be released in otherwise unnoticeable discreet packages. • Discussions of work issues should be done in appropriate places and employees should be aware of the type of notes and records that are kept so that these pieces of information can be protected or destroyed properly. • Reports of information requests should be tracked and analyzed. Information compromise threads should be determined early and matching patterns of information access investigated.
  • 18. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 18 Information System Security Security Safeguards Software Security • Software security begins with proper software engineering principals being applied at the conception of an information system and followed throughout the life of that system. • You cannot easily protect something unless you know whether you have it or not and where it is! • Virus scanning software should be used and updated regularly. Firewalls should be employed on all outside connections. Security software to detect, monitor, and record additions, deletions, and modifications (down to single bit flips) should be integrated into system security measures. • Conduct regular security audits of the system software and compare results back to log files and/or hardcopies that are certified by configuration controlled engineering documentation such as user requirements, system architecture, and detail design documents.
  • 19. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 19 Information System Security Security Safeguards Personal Security • The best technology safeguards available are useless if the people operating them can not be trusted. • Here again the best safeguards begin with proper software engineering practices. It is important to know the value of the information within your system and software but it is equally important to understand how your software interacts with the world. The easiest place to introduce a information warfare weapon is often commercial software developed for general public use that will ultimately be linked directly or indirectly to the targeted system. • Check the backgrounds of the people you have working on your software, use documented engineering; quality, and configuration practices. These mechanism will expose most attempts to embed a software weapon and also catch inadvertent programming errors that can be as damaging as a bomb.
  • 20. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 20 Information System Security Compromise Scenarios • What are the Scenarios? – Netwar – Cyber War – Exercises
  • 21. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 21 Information System Security Scenarios Netwars • Netwar is a whole new type of war far that involves conflicts of culture, with the loosing culture being assimilated or totally eliminated. In a way netwar is high-tech genocide, where you keep the body and kill the thoughts. • This type of warfare is focused on the domination of a group, which is some how linked together by cultural ideas. Thus it may not be nation against nation. It can be rival companies, religions, or social organizations. • Netwars are fought by slowly introducing ideals into the rival culture by using the rival cultures trusted information systems. This could be the internet, television, radio, newspapers, or other mechanisms such as school books and courses. It is apparent all netwar doesn't occur over the electronic media. This is its deceptive nature. In the end it is the electronic ,media that makes the coup de grâce possible. • It may be said that a netwar is not a real war? Yet the ultimate intended goal of a net war is as real in complete as any traditional war of history. It is the complete domination of one cultural group and their resources by another.
  • 22. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 22 Information System Security Scenarios Cyberwars • Cyberwar unlike netwars is the use of information's systems to physically destroy the opponents resources, people, and culture. • Cyberwar first begins before any shoots are fired and focuses on the acquiring of as much information about the enemy as possible and building information networks to best be able to analyze and exploit that information faster, better, and cheaper then the enemy. • The next phase of cyberwar is targeting of enemy resources. This includes the enabling of friendly command and control systems, positioning of intelligent tactical and strategic weapons, penetration of information systems and interception, and configuration of disruptive weapons (jammers, automailers; viruses). • The third phase of cyberwar is the attack. But unlike traditional warfare the attack can be almost instantly modified or cancelled to the extend that the enemy may never know the attack occurred. Cyber attacks when carried through most effectively will leave the enemy command believing they are in victory as your weapons annihilate them.
  • 23. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 23 Information System Security Scenarios A Netwar Scenario Franco Technologies wants to dominate the market they now have to share with Cauria Industries. Franco believes that they can best weaken Cauria's business capabilities by a netwar attack. Phase 1) Franco uses Information Exploitation to find Cauria's weaknesses • Distribution and demographics of customers are determined by hiring a marketing company to do internet and telephone surveys and based on shipping records of Cauria's products from a transportation company that Franco maintains information systems for. – Franco learns that most customers live in two regions and have strong cultural & religions connections. – Franco learns that new products are always shipped two months before they are released and purchase orders for shipping are issued six months in advance. Commitment to go to market with a product must be made at least 7 to 8 months before they are shipped. – Franco learns that the two largest buying groups will not buy products that are biased against their cultural and religious norms.
  • 24. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 24 Information System Security Scenarios A Netwar Scenario (cont.) Phase 2) Franco uses active industrial espionage to learn Cauria's development plan. • Franco develops a virus that when embedded in the host system auto-activates when ever purchase orders for shipping are issued, it searches the host system for design data and transmits the design files with the purchase order data. Franco is able to upload the virus into Cauria's system when it introduces at no cost a transportation management application to the transportation company for a trial period. – Franco learns the design and marketing strategy for a new line of Cauria's products. – Franco gets periodic updates from Cauria concerning the new product. Phase 3) Franco utilizes the internet and advanced multimedia techniques to suggest they be developing a product similar to Cauria's. – Franco causes Cauria to increase investments into product development, production, and pricey advertising out of fear that Franco is producing a similar competing product. – Franco using suggestive phasing and imaging begins to exploit the cultural and religious bias of consumer base for Cauria's products.
  • 25. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 25 Information System Security Scenarios A Netwar Scenario (cont.) Phase 4) Franco begins using a form of info-terrorism to turn market against Cauria . • Franco develops an advertising campaign that links Cauria's new product to cultural and religious taboos. Using the internet and automailers Franco targets a potential customers by email with negative verbal and graphical message that link the use of the yet unreleased product to known customer taboos. Franco finances printed media and public interest television programming for a human relief support campaign. Through out the financed articles and documentaries are graphical, audio, and textual imagery related to Cauria's product. – Franco has been able to plant in customer minds rejection of a product not yet released. – Franco has prevented Cauria from effectively selling the product in the targeted market. – Franco has created a need in customers mind for product alternatives to the Curia's product that Franco is now producing.
  • 26. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 26 Information System Security Scenarios A Netwar Scenario (cont.) Outcome – Cauria's product is a failure, its advertising campaign for the product fell pray to the subliminal poisoning of market done by Franco (if it looks like this and does this look at the bad it produces). – Because of the early stress placed on Cauria's finances to beet Franco to market with the product, Cauria doesn't have the resources to recover. – Franco buys the complete stock of unshipped product at 10% of its value, repackages the product and sells it in a different market at a substantial profit. – Cauria stock plummets and is eventually bought out by Franco. Note: This type of scenario may resemble a traditional propaganda campaign that has been used for years. The difference here is the timing and overall success. Using netwar techniques Franco was able to quickly learn a competitor's business strategy. Implement social-economic changes in the market place, evaluate impact and make adjustments in real time. What could you have done as Cauria's CIO to prevent this attack from being successful?
  • 27. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 27 Information System Security Scenarios A Cyberwar Scenario A small country Morano with a determined leader decides to take over a neighboring and larger country Pugno which has a sizable army. Morano's purpose is to gain access to unexploited resources, to expand its population base and to acquire the well developed urban areas of Pugno. Phase 1) Morano using common industrial components, clandestinely builds an information warfare infrastructure, capable of conducting an international Cyberwar and supporting aggression. • Establishes a distributed network of Cyberwar centers, each completed shielded from outside monitoring and electronic detection. Each center has self-contained power generation and filtered communications and external power. – Morano is worried about electronic monitoring by the international community and protects against it. – Morano is worried that a single center may be detected because of high communications traffic volumes, or that a single center may be crashed by a virus or other external attack.
  • 28. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 28 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 1) (cont.) • Using its diplomatic services Morano successfully establishes several centers in European, Asian, and South American countries that have few laws concerning electronic activities. – Morano wants to have external centers that if located can be denied and will serve to provide capabilities in case of severance of communications to Morano. – Morano needs access to information experts "Hackers" and technology not available in Morano and doesn't want to attract international attention by importing these to Morano. Phase 2) Moran using information exploitation techniques begins monitoring Pugno and Pugno's allies to gain needed information about strategic and tactical targets. • Using van Eck Monitoring techniques Morano is able to learn MAC and DAC information for many of Pugno's military and civil authority information systems. – Morano is now able to remotely access Pugno's systems using stolen user ID's and passwords. – Morano is able to gather vital information about military and civil communications and public utilities. –
  • 29. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 29 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 2) (cont.) • Morano begins active monitoring and periodic probing of Pugno's information systems. – Morano needs to identify and map all key strategic and tactical targets. – Morano continues to gather and analyze information about Pugno's automated systems and inter-dependencies with manual systems and back-up capabilities. – Using its centers established in foreign countries Morano is able to launch limited probes and attacks against Pugno's information systems to test their security limitation. Phase 3) Morano begins infiltrating Pugno's information systems from numerous points of entry. • Morano using various hacking techniques is able to create backdoors in many of Pugno's sitemaps. Learning that Pugno is planning on upgrading its information system security by buying new software and hardware from a company in the United States, Morano arranges to have one of its foreign experts hired for the project. – Morano needs undetectable access to Pugno's systems to monitor activities and take over system administration when necessary. – Morano foreign expert is able to build into the security software several backdoors, and is able to code in several viruses and worms that will be activated when needed.
  • 30. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 30 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 3) (cont.) • Morano after analyzing communications of Pugno finds that many government users access certain categories of web-sites frequently. Morano begins creating similar web sites through foreign service providers and at foreign public education sites. Each site has specially developed viruses, macro viruses, bombs, and payloads embedded in it. – Morano needs to have multiple weapon types introduced in to Pugno's information systems to conduct specific attacks and to prevent failure by detection of one weapon type by Pugno's security monitoring. – Morano uses foreign owned and created sites to so they can deny accountability. – Because these sites will be accessed by users from around the world general purpose virus and other weapons included in these sites will cause wider scale confusion when activated. Only Morano' centers are inoculated against them.
  • 31. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 31 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 4) Morano initiates a structured Cyberwar attack against Pugno. • Moran first initiates limited attacks on foreign information links to Pugno and activates a number of hidden bombs and virus distributed months before, creating confusion on an international basis. – Morano needs to create the impression of an random international hacker activity. – Morano needs Pugno to activate all of its information security measures at one time so that the activation sequence for auto activating the next phase of the assault. • Moran then initiates its attacks on military and civil authority targets. First worms and viruses are activated to disrupt communications and distract security and system administrators, while control of networks is established vie other measures. – Morano needs neutralize all military systems and civil authority systems to prevent organized resistance. – Morano needs to take control of military and civilian command and control systems to be able to direct Pugno's military to attack their own units. – Morano needs to be able to direct civilian police to arrest individuals with false charges. – With total control of the official information systems Morano is able to issue orders that appear to field units to be coming from legitimate Pugno authorities. With all other communications systems under Morano control and disrupted there is no other mechanisms to verify orders are official or not.
  • 32. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 32 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 5) Morano occupies Pugno. • Moran troops move into Pugno encountering little military resistance as most military units are confused and disoriented and follow what they believe to be official orders to surrender. Within 72 hours Morano has completely – Morano used advanced cinematic special effects to create propaganda films showing the Pugno government capitulating to Morano. These were displayed to the Pugno population. – Morano immediately distributed Morano currency to financial institutions and new credit and ATM cards that operated with the Morano controlled financial network. These credit and cash cards were selectively issued to the population. – Morano monitored, intercepted and maintained control of all international communications.
  • 33. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 33 Information System Security Scenarios A Cyberwar Scenario (cont.) Phase 4) (cont.) • Morano activates EMP/T Devices and Hertz Guns which are directed specific Pugno military targets such as armored vehicles, aircraft, and radar sites. – Morano needs to deactivate all means of military resistance as soon as possible. – Without having a large conventional military force of its own Morano has demobilized an army's entire war machine. – Morano will be able to take possession of all military equipment and repair damaged electronic components at minimal costs. • Moran then continues its electronic attacks on civilian targets taking control of all electric power grid and all other public utilities. Morano selectively shuts down utilities to the Pugno population. – Morano needs keep Pugno population confused in disoriented by shutting down alarm systems, electrical power and jamming or shutting down all radio and Television transmissions. – Morano is careful to avoid international ridicule by not effecting hospitals and other humanitarian facilities. – Morano will later return services selectively as in gains physical control of areas.
  • 34. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 34 Information System Security Scenarios A Cyberwar Scenario (cont.) Outcome – Morano successfully attacked and conquered a neighboring country with minimal physical damage and loss of life. – Morano used the power and speed of information warfare weapons to disable most military and civil authority weapons within hours of the attack beginning.t – By using the now totally controlled media and telecommunications systems Morano was able to convince the majority of the Pogno population that the transfer of government administration was at the request of the Pogno government's request and was totally legal. – By being able to control all public utilities and financial systems Morano was able to maintain control of the civil population with little resistance by allowing full access to these services to those who accepted the transfer of government. What could you have done as Pongo's Minister of Defense to prevent this attack from being initiated or being successful?
  • 35. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 35 Information System Security Scenarios Netwar Exercise A major American manufacture of equipment for the transportation industry is competing against a third world syndicate of manufactures mostly from Asia for the same contracts for a new airliner being built in Europe. The contracts are valued at over 1 Billion Dollars US. The Asian syndicate needs the contracts to survive. Group A) Works for the Asian Syndicate and has been instructed to wage a NetWar campaign against the American Firm. Your group has been told to take whatever action is necessary, legal or illegal to disrupt the American company’s ability to compete for these contracts. You are told not to get caught as the Syndicate would be disqualified from the competition. What will you do to successfully attack ? Group B) Works for the American Manufacturer where they are responsible for security of the information services of the company and for the automated manufacturing system. Your group is aware of the ongoing competition and believe that this same syndicate has successfully wage a Netwar against other companies in the past. What will you do to protect your companies information network?
  • 36. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 36 Information System Security Scenarios Cyberwar Exercise A small country lead by a radical dictator has convince several of it neighboring countries that if they allied themselves together they could wage a successful war in their region and take control of and plunder all of the non-allied countries. The major problem is a significant presence of French and American business and military units in the region. Group A) Your group has been ordered by the dictator with support of allied leaders to use Cyberwar techniques to defeat the enemy and to render American and French forces helpless by direct attack against their systems or by creating political resistance in France, America, and the United Nations against any intervention. How will you ensure victory for your leader by destroying your enemy's defenses? Group B) You work for a joint French and American special unit responsible for maintaining peace in the region. Your commanders have learned from intelligence agents that this dictator is planning a war and realize that because his limited military resource he may plan on using Cyberwar weapons. Both France and America have been under pressure and ridicule from the world community to remove their troops and stop accusing the dictator of causing problems without evidence. You can not use conventional weapons against the dictator unless he launches conventional weapons directly at you forces in the region. How will you defend against a Cyberwar attack and defeat the attacker?
  • 37. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 37 Information System Security Discussions Discussions • What Risks Do you think exists locally for you? • What risks do you think your country might face? • What risks do you think we all face globally? • What can you do to reduce the risks? • What can you do to minimize the impacts to you?
  • 38. Corsica - USACorsica - USA 12/15/99 IndoTech Solutions, Inc., LLC, 711 S. Carson, Suite 4, Carson City, NV 89701, USA Tel 775-881-3436 IndoTech@indotechsolutions.com 38 Some popular infowar weapons • Trojan Horses • Bombs & Time Bombs • Worms • Viruses • Fragmented Packets • Faked IP source addresses • Binary Virus • Multi-tasking • Propagation; migration, obscurity • Payloads & Master Payloads • Backdoors • BOTs & Kill BOTs • Web crawlers • Macro Viruses • EMP/T Bomb • HERF Gun • van Eck monitoring Some Popular Security Mechanisms • Firewalls • Routers • Virus Scanners • Level 1, 2, 3 systems • IP Packet Filtering • Discretionary Access Controls • Mandatory Access Controls