When Keyboards are drawn - Urban Information Warfare Ofer Shezaf, Xiom February 2003 www..com.

Slides:

Advertisements

Similar presentations

Welcome to the Open Court Business Plan Executive Summary Template!

Advertisements

ETHICAL HACKING A LICENCE TO HACK

© 2006 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration.

1 CHALLENGES Users growing and becoming more demanding –E-learning, electronic registration and other services –Require 24x7 access to learning materials.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.

Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

Achieving online trust through Mutual Authentication.

REQ Drop from Demand Response Programs Process Flow Retail Customer Demand Response Service Provider (DRSP) Distribution Company 1 Drop Request.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.

1 Introducing the Specifications of the Metro Ethernet Forum.

Workshop on Telecommunications for Disaster Relief, February 2003, Geneva Dag Nielsen & Catherine Mulligan Ericsson Response WLAN in Disaster and.

International Telecommunication Union Accra, Ghana, June 2009 Emergency Communications Systems: Nigeria Bashir Gwandu, PhD, MBA, CEng MIEE, MIEEE.

Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.

Public B2B Exchanges and Support Services

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Mid-market server campaign – thru partner presentation: Slide for presenter only: do not show Speaker: Partner Title of Presentation: Giving you the power.

eGenKit Remote Monitoring Solution

SIMS-201 The Telephone System Wired and Wireless.

BT Wholesale October Creating your own telephone network WHOLESALE CALLS LINE ASSOCIATED.

1 Performance Management Challenges and Opportunities Harry P. Hatry The Urban Institute Washington DC.

PRESENTED BY: FATIMA ALSALEH Credit Cards Fraud - skimmers -

Prepared By: A.M. Al-Ashwal Project Advisor OFF GRID 1.

A presentation by Werardt Systemss P Ltd An Online Machine Monitoring System.

TECHNOLOGY ROADMAP FOR CPA FIRMS IN 2011 By: Andrew Spottswood.

Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.

Application Server Based on SoftSwitch

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 6 Introduction to Networks and the Internet.

1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.

1 an online tool for GSM networks Planning and Inventory and others… IMK Consulting Simple tools for complex needs IMK – your IT tailor.

Principles of Information Technology

Chapter 1: Information Technology

The Office Procedures and Technology

O X Click on Number next to person for a question.

© S Haughton more than 3?

1 Directed Depth First Search Adjacency Lists A: F G B: A H C: A D D: C F E: C D G F: E: G: : H: B: I: H: F A B C G D E H I.

Interaction Management in CRM’s Channels and Knowledge.

Energy & Green Urbanism Markku Lappalainen Aalto University.

Information Visualization for an Intrusion Detection System Ching-Lung Fu James Blustein Daniel Silver.

Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.

Page 1 / 18 Internet Traffic Monitor IM Page 2 / 18 Outline Product Overview Product Features Product Application Web UI.

1 Chapter 11: Data Centre Administration Objectives Data Centre Structure Data Centre Structure Data Centre Administration Data Centre Administration Data.

Addition 1’s to 20.

25 seconds left…...

CSTA K-12 Computer Science Standards (rev 2011)

Test B, 100 Subtraction Facts

11 = This is the fact family. You say: 8+3=11 and 3+8=11

Faculty Added Questions: Where do I begin? David Neiss & Laura Sandino.

© Prentice Hall CHAPTER 15 Managing the IS Function.

Connecting LANs, Backbone Networks, and Virtual LANs

André Augustinus 15 March 2003 DCS Workshop Safety Interlocks.

O X Click on Number next to person for a question.

VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.

Lesson 30 Computer Safety and Ethics

Which server is right for you? Get in Contact with us

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Safe’n’Sec IT security solutions for enterprises of any size.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Computer Networks.  Which is the best definition of a circuit switched network?  An electric circuit where the connections get switched based on who.

Virtual Private Servers (VPS): A Case Study

Computer Security Fundamentals

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Presentation transcript:

When Keyboards are drawn - Urban Information Warfare Ofer Shezaf, Xiom February

2 Definition Information Warfare (my definition) The use of digital technologies to damage the critical infrastructure of a state So, Damage – destruction, demolition, devastation. Critical infrastructure - no more Web sites breaking State - no more photo sending analyzers. But, yes, still digital technologies – but not too much. And, yes, politics – but not today.

3 Presentation Headlines How is information warfare different? Information Warfare Targets Attacker capabilities The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?

4 Introduction to IW How is information warfare different from your every day Attack?

5 Targets Who? Infrastructure Companies, including power, water and communication. Financial institutions. Government & Army. What? Destruction of equipments Destruction of control systems How? Time bombs.

6 Attacker Capabilities Financial resources Technical expertise Intelligence Legal flexibility Section: Introduction to IW

7 Financial & Technical Resources Hundreds, thousands… of man-years per project. Duplication of any system at target. Ability to actively seek vulnerabilities, especially in lesser known systems. Usage of custom attack code per target. Security by obscurity is no longer an option

8 Intelligence & legal issues Human intelligence …. Spies Best of bread social engineering: pay, blackmail, steal. Operate spies to access internal systems. Signal intelligence … Communication interception A global sniffer: clear text password. Intelligence about systems and topology. Legal immunity to attacker. License to crack

9 Presentation Headlines How is information warfare different? Attacker capabilities Information Warfare Targets The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?

10 Exposures in Infrastructure Networks The common design of networks in infrastructure organization creates similar Vulnerabilities.

11 Basic Network Topology External Networks Administrative Network Operational Networks

12 Cracking the administrative network Administrative Network Internet 1 Business Partners ? 2 Sockets in public offices 3 Access to a large number of people 4

13 Cracking the Operational network Operational Networks Admin. Network Operations Design 1 Remote Signaling 2 Monitoring 3 Application Security Problem 4 Direct connections to Operational network 5 No Internal Security 6

14 Presentation Headlines Introduction to information warfare Attacker capabilities Information Warfare Targets The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?

15 Examples Is it all for real?

16 Model Case Studies Shutting down communication switches, thus preventing phone services. Destroying power generators. Derailing trains. Exploding refineries and other chemical plants. Crashing air-planes.

17 Solutions So, What can I do to avoid such disasters?

18 Solutions Use layered security. Deploy stronger intra-organization security mechanisms. Strengthen complementary security mechanisms such as physical security and employees assurance. Allocate independent security resources to operational networks. Strive for world peace.