Information System Security and the US Military Ben Mascolo – ISC 300.

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

UNIT 20 The ex-hacker.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

1 3. Data Protection and Privacy Reference: Discovering Computers 2003/2004 Course Technology, Thomson Learning Chapter 12 Note: The privacy laws in HK.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

第十章 1 Chapter 10 Authentication of People. 第十章 2 Introduction This chapter deals with password-related issues like how to force users to choose unguessable.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Threats to I.T Internet security By Cameron Mundy.

1Lecturer: Dalia Mirghani Saadabi. 2 A set of computers connected together so that they can communicate is called a computer network. This involves installing.

Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Operating Systems Protection & Security.

Data Confidentiality. Learning Objectives: By the end of this topic you should be able to: discuss the need to keep data confidential explain how data.

Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.

Best Practices for Protecting Data. Section Overview Mobile Computing Devices Technical Procedures Data Access and Permissions Verbal Communication Paper.

Computer Security Preventing and Detecting Unauthorized Use of Your Computer.

Jan 11 Encryption and Hacking. Your Answer Encryption is used to keep information safe from unauthorised users. The best way to keep the system safe is.

Security Planning and Administrative Delegation Lesson 6.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Information Systems Security

Security Issues and Strategies Chapter 8 – Computers: Understanding Technology (Third edition)

INTERNET SAFETY FOR KIDS

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Network Security & Accounting

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

November 19, 2008 CSC 682 Do Strong Web Passwords Accomplish Anything? Florencio, Herley and Coskun Presented by: Ryan Lehan.

Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks.

Jan 11 Encryption and Hacking Encryption turns normal text into nonsense, and changes it back with a key. To someone who is not authorised to view it,

Keith Bower. What is Internet Security  Internet security is the protection of a computer's internet account and files from intrusion of an outside user.

Authentication What you know? What you have? What you are?

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Operating Systems Concepts 1/e Ruth Watson Chapter 9 Chapter 9 Accounts and Groups Ruth Watson.

Securing A Wireless Home Network. Simple home wired LAN.

Physical security By Ola Abd el-latif Abbass Hassan.

Computer Networks. Computer Network ► A computer network is a group of computers that are linked together.

CSCE 201 Identification and Authentication Fall 2015.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Policies and Security for Internet Access

CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.

SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.

Biometric ATM Created by:. Introduction Biometrics refers to the automatic identification of a person based on his physiological/behavioral characteristics.

Information Management System Ali Saeed Khan 29 th April, 2016.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Lesson Objectives Aims You should be able to:

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Audit Findings: SQL Database

An Introduction to Computer Networking

Unit 1.6 Systems security Lesson 4

Chapter 3: Protecting Your Data and Privacy

REDCap and Data Governance

Faculty of Science IT Department By Raz Dara MA.

Module 2 OBJECTIVE 14: Compare various security mechanisms.

Chapter Goals Discuss the CIA triad

Presentation transcript:

Information System Security and the US Military Ben Mascolo – ISC 300

Terms and Acronyms used AKO – Army Knowledge Online AR – Army Regulation CAC – Common Access Card DKO – Defence Knowledge Online DOD – Department of Defence IED – Improvised Explosive Device

Terms and Acronyms used PIN – Personal Identification Number TFTP – Trivial File Transfer Program UFO – Unidentified Flying Object WAN – Wide Area Network PLA – Peoples Liberation Army of China

Introduction Security Measures currently held by the US military for its information systems are not enough and need to be improved.

Introduction The gathering of intelligence is key in military and paramilitary operations The US Military has consolidated all personal, movement, and intelligence information into a series of inter-connected WANs called DKO. This is a relevant issue because enemies of the US no longer have to conduct reconnaissance, if they can penetrate these information systems.

Case 1 of Attack on US Military April of 1990 Dutch Teenagers Stole Troop movement information and attempted to sell it to the Iraqi government Not a direct exploit of the information system

Case 1 of Attack on US Military Attacked the information system in 3 ways  Dictionary attack to guess passwords  Used loop holes in the operating system  Broke into civilian contractors with access to military systems

Case 1 of Attack on US Military

Case 1 of Attack on the US Military The Military found out about the attack via Dutch television when the teens publicly broadcasted another attack

Case 2 of Attack on US Military British Attacker 40 Years old Looked for accounts with no passwords Simply logged in Left Notes on desktops of users telling them to create a password Deleted security records

Case 2 of Attack on the US Military Cost a total of $700,000 in damages Was discovered by system administrators after they noted many logins from out side the country

Case 3 of Attack on the US Military Conducted by the PLA Specifically attacked Defense Secretary Gates The PLA consistently attacks the US Military The strategy for penetration is different than the two previous groups

Case 3 of Attack on the US Military PLA Created a Trojan virus This type of virus works by having a user authorize the install The user does this because the virus has another seemingly useful virus

Case 3 of Attack on the US Military The virus exploited a well known security loop hole. The virus dwelled in the system for 8 months before it was found.

Current Security Measures Two types  Software Security  Physical security

Current Software Security Measures Passwords – 2 upper case, 2 lower case, 2 numbers, 2 special character, must be changed ever three months Must log in with CAC in order to change password Authorization rules – certain people are allowed access to certain aspects of information Encryption

Current Physical Security Measures CAC ID card – All personnel have a smart card to access military computers Fingerprint ID – Some access requires Fingerprint authentication Separate computers for separate purposes – only certain computer are allowed to access sensitive information

Newest security measures As of 17 NOV 2008 all USB storage devices have been banned

Security Measures Needed Finger print authentication for access to any military computer on top of current security measures

Long term effects Forces the enemy to conduct traditional reconnaissance and expose themselves They wont be able to easily know routes taken by conveys  Reduces ease of placement of IED

Final Thought Security measures in information system in the US military are strong, but not currently strong enough. These information systems track all information including movement, personal information and military secrets.