Malware Mimics for Network Security Assessment CDR Will Taff LCDR Paul Salevski March 7, 2011 CDR Will Taff LCDR Paul Salevski March 7, 2011.

Slides:



Advertisements
Similar presentations
Building a CFD Grid Over ThaiGrid Infrastructure Putchong Uthayopas, Ph.D Department of Computer Engineering, Faculty of Engineering, Kasetsart University,
Advertisements

Its a new digital world with new digital dangers….
INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Application of Bayesian Network in Computer Networks Raza H. Abedi.
1 Mr. Al M. Slarve Joint Interoperability Test Command Integrated Communications Systems Branch, Chief CML: DSN:
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Department of Defense Information Assurance Range: A Venue for Test and Evaluation In Cyberspace DISA-JITC/JTG1 August 2011 UNCLASSIFIED.
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Network Innovation using OpenFlow: A Survey
فاتن يحيى إسماعيل فاتن يحيى إسماعيل م. مهندس م. مهندس Network Security.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Desktop Computing Strategic Project Sandia National Labs May 2, 2009 Jeremy Allison Andy Ambabo James Mcdonald Sandia is a multiprogram laboratory operated.
Increase Information Assurance Awareness through Secure Operations/Management Training and Certification Percent Trained & Certified Goal = 100% Percentage.
1 PUNCH PUNCH (Purdue University Network Computing Hubs) is a distributed network-computing infrastructure that allows geographically dispersed users to.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Information Security in Real Business Asian Connection and Craig.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Norman SecureSurf Protect your users when surfing the Internet.
SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network.
Introduction to Honeypot, Botnet, and Security Measurement
A First Course in Information Security
Military Open Simulator Enterprise Strategy
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*
Computing on the Cloud Jason Detchevery March 4 th 2009.
COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.
The Open Source Virtual Lab: a Case Study Authors: E. Damiani, F. Frati, D. Rebeccani, M. Anisetti, V. Bellandi and U. Raimondi University of Milan Department.
Peer to Peer Networks November 28, 2007 Jenni Aaker David Mize.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Frankfurt (Germany), 6-9 June 2011 G. Dondossola, F. Garrone, J. Szanto RSE  Research context  Test bed architecture  Attack model  Attack experiments.
WIRELESS NETWORKING TOT AK Agenda Introduction to Wireless Technologies Wireless Networking Overview Non-Technical considerations Other Comparable.
Microsoft Security Response Center Presented by Fan Chiang, Chun-Wei( 范姜竣韋 ) 2015/11/14 1 NTUIM.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
ORGANIZING IT SERVICES AND PERSONNEL (PART 1) Lecture 7.
Secure & Asymmetric Approach for Designing FUTURE INTERNET Presented by Md. Obaidur Rahman Networking Lab, Department of Computer Engineering, Kyung Hee.
Unit 9: Distributing Computing & Networking Kaplan University 1.
Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:
Malicious Software.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Understand Malware LESSON Security Fundamentals.
HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
CLOUD COMPUTING WHAT IS CLOUD COMPUTING?  Cloud Computing, also known as ‘on-demand computing’, is a kind of Internet-based computing,
Security Threats Caela Harris. What is a Virus A computer virus or a computer worm is a malicious software program that can self replicate on computer.
Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.
Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002.
Travis DeBona COSC  What is Malicious Code  Types of Malicious Code  Who’s Behind It  How To Secure My Computer.
Network System Security - Task 2. Russell Johnston.
Chapter 6: Securing the Cloud
Network Operating System Lab
VirtualGL.
eScan Antivirus Technical Support Toll Free Number
CHAPTER 1 INTRODUCTION:
Introduction to Systems Security
Low Level Architecture
Web design for small busniess
Cybersecurity Threat Assessment
Erica Burch Jesse Forrest
An overview over Botnets
Presentation transcript:

Malware Mimics for Network Security Assessment CDR Will Taff LCDR Paul Salevski March 7, 2011 CDR Will Taff LCDR Paul Salevski March 7, 2011

Motivation Introduction Vision Proposal What we did Way Ahead 2 Agenda

3 Motivation

4 Motivation – In the Lab

Currently, DoD relies on Red Teams (trusted adversaries) for Information Assurance (IA) testing and evaluation of military networks This approach is unsatisfactory: Relies on constrained resource (Red Teams) Limited in scope of effects (safety/risk to host network) Non-uniform/inconsistent application OR Confined to laboratory setting (not “Train Like Fight”) 5 Introduction

Introduction - The Way the Navy Is Internet Global Information Grid (GIG) Owned and Operated by DISA Network Operating Centers SIPR NIPR JWICS CENTRIXS

We propose the development of a distributed software system that can be used by either simulated adversaries (such as Red Team) or trusted agents (such as Blue Team) to create scenarios and conditions to which a network management/defense team will need to react and resolve. 7 Proposal

8 Vision STEP Site Northwest, VA Ft. Meade, MD Norfolk, VA MM-Server Global Information Grid (GIG) USS Arleigh Burke MM-Clients

9 Malware Mimic Have the “trainer” sitting anywhere Trainer remotely controls a network of pre- installed software nodes on training network simulating network malware/mal-behaviors Simulate virus Simulate bots Simulate Internet worms Simulate malicious “hackers” “Trainee” reacts to simulated effects in same manner as actual threats

Network nodes consist of Java software packages running on top of pre-existing and unmodified network hosts No (unwanted) impact to users No need for additional hardware Network nodes coordinate effects via Trainer controlled Command and Control Server Local or Offsite Solves problem of “flying in” a red team 10 Architecture

11 Anatomy of an Attack

12 Anatomy of an Attack with MM’s

13 Architecture - Physical Layout

14 Virtual Layout

15 Results

More Complex Network Architecture More complex Malware Mimics Focus on higher security Installation and testing onto larger and operational networks Communication between MM-Clients 16 Way Ahead

Questions CDR Will Taff – LCDR Paul Salevski – CDR Will Taff – LCDR Paul Salevski –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.