Major Event Response Time Declining

Slides:



Advertisements
Similar presentations
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
Advertisements

A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
1 Telstra in Confidence Managing Security for our Mobile Technology.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE , Fall Security Strategies.
Course Instructor: Aisha Azeem
Network security policy: best practices
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
APA of Isfahan University of Technology In the name of God.
SEC835 Database and Web application security Information Security Architecture.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
1  Carnegie Mellon University Protecting Information Infrastructures Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh,
Information Systems Security Operations Security Domain #9.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
7-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Chapter 7 IT Infrastructures.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
Chapter 5 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.
Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t.
Structured Intrusion Scenario Analysis
Chap1: Is there a Security Problem in Computing?.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Carnegie Mellon University Software Engineering Institute Lecture 3a The Survivable Network Analysis Method: Evaluating Survivability of Critical Systems.
Carnegie Mellon University Software Engineering Institute Lecture 4 The Survivable Network Analysis Method: Evaluating Survivability of Critical Systems.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Forms of Network Attacks Gabriel Owens COSC 352 February 24, 2011.
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Principles Identified - UK DfT -
Information Systems Security
Chapter 1 Computer Technology: Your Need to Know
Threat Modeling for Cloud Computing
Chapter 19: Network Management
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Computer Security Incidents
ISSeG Integrated Site Security for Grids WP2 - Methodology
Discovering Computers 2010: Living in a Digital World Chapter 14
Security Engineering.
CHAPTER 2 CREATING AN ARCHITECTURAL DESIGN.
Frequently asked questions about software engineering
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
IT INFRASTRUCTURES Business-Driven Technologies
Shifting from “Incident” to “Continuous” Response
Chapter 6 – Architectural Design
Computer Security Incidents
Chapter 1: The Database Environment
The Database Environment
Intrusion Detection system
BACHELOR’S THESIS DEFENSE
Chapter 5 Architectural Design.
System architecture, Def.
Software Development Process Using UML Recap
Presentation transcript:

Major Event Response Time Declining March 1999 May 2000

Automated Incident Reporting (AIR-CERT) updated 2000-07-31 Automated Incident Reporting (AIR-CERT) Motivation Ability to recognise and respond faster Collect better incident data Provide better information on activity/trends Central repository being developed CERT/CC KnowledgeBase (KB) Defining incident data exchange format Working with IETF working group on standards

AIR-CERT Vision updated 2000-07-31 Data Exchange Standards

Survivable Systems Initiative

Internet-based System Realities • Open, highly distributed systems • Unknown perimeters • No central administrative control • No global visibility • Unknown components (COTS, Java, etc.) • Unknown participants • Untrusted insiders • Large-scale coordinated attacks

Survivable Systems Initiative

Initiative Goal Ensure that appropriate technology, systems management practices, and supporting infrastructures are used to limit damage and to ensure continuity of critical services in the presence of attacks, accidents, and failures

Survivability Definition: The ability of a system to fulfill its mission, in a timely manner, in the presence of attacks, accidents, and failures Assumption: No individual component of a system is immune to all attacks, accidents, and failures. Goal: The mission must survive.

3 R’s of Survivability Resistance — ability of a system to deter attacks Recognition — ability to recognize attacks and the extent of damage Recovery — ability to restore services in a timely manner

Survivability Methods Conventional security techniques (access control, encryption, authentication) Diversity, redundancy Deception Trust validation Rapid Recovery and Adaptation Mission-specific risk management Contingency (disaster) planning Success criterion: graceful degradation & essential services maintained

Intrusion-Aware Design (IAD)

IAD Problem Addressed Sophisticated intruders can and do Share tools and knowledge to amplify capability Escalate attack with intensity of political conflicts Target people (perceptions), resources, workflows Hide their tracks, fly under the radar of existing IDS Engineers not using security failure data Same security mistakes continually repeated Properties must emerge from architectural interaction Survivability considered too late, if at all

Objective Develop cost-effective methods for using our understanding of known and hypothesized patterns of attack to build more survivable systems.

Definitions intrusion scenario description of people, systems interacting characterizes malicious behavior causes harm to enterprise survivability scenario in way that resists, recognizes, recovers from attacks on enterprise

IAD Approach (abstract) generic knowledge real-world failures Structured, reusable attack and survivability information real-world successes apply to enterprise development enterprise constraints, mission, architecture Incremental, risk-driven refinement of enterprise survivability architecture

IAD Approach (expanded) generic knowledge real-world failures Intrusion Scenarios Survivability Scenarios real-world successes abstraction, parameterization abstraction, parameterization Survivability Strategies Attack Patterns instantiation, composition instantiation, composition enterprise development Attack Tree Weighted Attack Tree enterprise constraints, mission, architecture Enterprise Survivability Architecture threat/impact analysis mitigation analysis

Structured Intrusion Analysis attack  effect action  target  effect attacks may or may not be completely successful attackers execute some action on some target intrusions compromise enterprise survivability sequence of attacks that result in compromise only critical actions need to be included * adapted from Howard, Longstaff, “A Common Language for Computer Security Incidents,” Sandia Report SAND98-8667, 1998.

Computer & Network Attacks intrusion attack  effect action  target  effect probe scan flood authenticate bypass spoof read copy steal modify delete account process data component computer network internetwork

Mitnick Attack T S A attacker (A) wants to attack target site (T) Tsutomu Shimomura trusted server A Kevin Mitnick attacker (A) wants to attack target site (T) 1. Identify server site (S) trusted by target - not sure how Mitnick did it (web site scanning, dumpster diving, etc.) 2. Verify sufficiency of trust relationship between T and S - probe T using finger, showmount, rpcinfo 3. Determine means to masquerade as S - identify predictable TCP sequence numbers 4. Shut down S’s ability to communicate with T - anonymous DoS on S (SYN Flood) 5. Masquerading as S, use trust to access T’s assets - hijack TCP connection 6. Extend trust to A

Parsed Mitnick Attack T S A Tsutomu trusted Shimomura server Kevin Mitnick

Classes of Enterprise Attacks Enterprise Survivability Technology People Context Target computing and networking technology information gathering information corrupting malicious agents disabling Attacks can exploit data/service corrupt data/service disrupt/deny service Target peoples’ wants, needs, capabilities, perceptions social-engineering semantic attacks extortion disabling Attacks can exploit greed, fear, gullibility corrupt morals incapacitate Target context in which people perform their jobs work support customer demand enterprise stocks legal constraints Attacks can exploit resources damage market, capability, assets deny resources We have developed an attack specification vocabulary.

Trojan Horse Attack Trojan Horse (P) B A Secrets

Attack Trees Provide a means of organizing related intrusion scenarios Decompose attacker goal AND decomposition describes time-ordered sequence of sub-goals graphical: textual: Goal G0 AND G1 G2 OR decomposition describes alternative sub-goals OR G1 G0 G1 G2 G0 G1 G2

Generating Intrusion Scenarios from Attack Trees    G4 ,G5   G6   G2   G8 ,G9   G3 ,G5 ,G6   G4 ,G5 ,G6 

ACME, Inc. Enterprise Fenced Perimeter Dumpster Guard Front Gate ACME HQ Parking Backbone Network Services Remote Dial-up Users Internet Users ACME Firewall ACME Web Server

ACME High-Level Attack Tree Survivability Compromise: Disclosure of ACME proprietary secrets OR 1. Physically scavenge discarded items from ACME OR 1. Inspect dumpsters content on-site 2. Inspect refuse after removal from site 2. Monitor emanations (e.g., electromagnetic, visual) from ACME machines AND 1. Survey physical perimeter 2. Acquire necessary monitoring equipment 3. Setup monitoring site 4. Monitor emanations from site 3. Recruit help of trusted ACME insider OR 1. Plant spy as trusted insider 2. Use existing trusted insider 4. Physically access ACME networks or machines OR 1. Get physical, on-site access to Intranet 2. Get physical access to external machines 5. Attack ACME Intranet using its connections with Internet OR 1. Monitor communications over Internet for leakage 2. Get trusted process to send secrets to attacker over Internet 3. Gain privileged access to ACME Web Server 6. Attack ACME Intranet using its connections with PTN OR 1. Monitor communications over PTN for secrets 2. Gain privileged access to machines on Intranet connected via Internet

Additional Information CERT/CC and Survivable Systems Initiative General: http://www.cert.org/ Incident/vulnerability trends http://www.cert.org/present/cert-overview-trends/ Intrusion-Aware Design General: http://www.cert.org/sna/ Attack pattern specification, reuse, composition: http://www.cert.org/archive/pdf/01tn001.pdf Attack Tree analysis http://www.cert.org/archive/pdf/intrusion-aware.pdf

CERT® Contact Information CERT Coordination Center Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh PA 15213-3890 USA Hotline: +1 412 268 7090 CERT personnel answer 8:00 a.m. — 8:00 p.m. EST(GMT-5) / EDT(GMT-4), and are on call for emergencies during other hours. Fax: +1 412 268 6989 Web: http://www.cert.org/ Email: cert@cert.org