Networking Aspects in the DPASA Survivability Architecture: An Experience Report Michael Atighetchi BBN Technologies.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Firewall Configuration Strategies

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Randomized Failover Intrusion- Tolerant Systems (RFITS) Ranga Ramanujan, Maher Kaddoura, John Wu, Clint Sanders, Doug Harper, David Baca Architecture Technology.

IS Network and Telecommunications Risks

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Detecting SYN-Flooding Attacks ＡａｒｏｎＢｅａｃｈＣＳ３９５ＮｅｔｗｏｒｋＳｅｃｕｒｉｔｙＳｐｒｉｎｇ２００４.

Service Providers & Data Link & Physical layers Week 4 Lecture 1.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

Firewall Slides by John Rouda

MTA Networking Fundamentals

NW Security and Firewalls Network Security

Signature Based and Anomaly Based Network Intrusion Detection

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

MILCOM 2001 October page 1 Defense Enabling Using Advanced Middleware: An Example Franklin Webber, Partha Pal, Richard Schantz, Michael Atighetchi,

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

WDMS 2002 June page 1 Middleware Policies for Intrusion Tolerance QuO Franklin Webber, Partha Pal, Chris Jones, Michael Atighetchi, and Paul Rubel.

Securing Wired Local Area Networks(LANs)

1 APOD 10/19/2015 DOCSEC 2002Christopher Jones Defense Enabling Using QuO: Experience in Building Survivable CORBA Applications Chris Jones Partha Pal,

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

The DPASA Survivable JBI- A High- water Mark in Intrusion Tolerant Systems Partha Pal On Behalf of the Entire DPASA* Team BBN Technologies, Adventium Labs,

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

1 Figure 10-4: Intrusion Detection Systems (IDSs) IDSs  Event logging in log files  Analysis of log file data  Alarms Too many false positives (false.

Module 11: Designing Security for Network Perimeters.

Security fundamentals Topic 10 Securing the network perimeter.

Objectives Blue Color VLAN’s Should reach Message Server from all locations Red Color VLAN’s Should not Reach Message Server In Each L2 Switch Blue Color.

G53SEC 1 Network Security Hijacking, flooding, spoofing and some honey.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

SRS Architecture Study Partha Pal Franklin Webber.

Survivability Metrics- A View From the Trenches Partha Pal Rick Schantz, Franklin Webber, Michael Atighetchi DSN METRICS CHALLENGE WORKSHOP 2007 June 27,

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

© ITT Educational Services, Inc. All rights reserved.Page 1 IS3220 Information Technology Infrastructure Security Class Agenda 1  Learning Objectives.

IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.

1 Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Architecture Technology Corporation Odyssey Research Associates DARPA OASIS PI.

IS3220 Information Technology Infrastructure Security

Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally

Automating Cyber- Defense Management By: Zach Archer COSC 316.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Network Architecture Characteristics  Explain four characteristics that are addressed by.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Defining Network Infrastructure and Network Security Lesson 8.

أمن وحماية المعلومات المحاضرة الثانية إعداد/عبدالرحمن محجوب حمد.

Security fundamentals

CompTIA Security+ Study Guide (SY0-401)

Lab A: Planning an Installation

Middleware Policies for Intrusion Tolerance

Click to edit Master subtitle style

CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-501)

امنیت در شبکه NetSecurity

Локалне мреже.

Presentation transcript:

Networking Aspects in the DPASA Survivability Architecture: An Experience Report Michael Atighetchi BBN Technologies

Presentation Overview Overview of DPASA The undefended JBI Application Network Oriented Defenses The defended JBI Application Red Team Results

Overview of DPASA* * DPASA stands for Designing Protection and Adaptation into a Survivability Architecture DPASA is a 2 year DARPA project led by BBN Technologies, to design and implement an architecture for building next generation survivable systems that can Survive 12 hours of sustained attacks from a class A Red Team Achieve 1000-fold alarm reduction and 1% false alarm rate DPASA strategically combines protection, detection, and adaptive reaction following the principles of Multiple Layers of Protection Redundancy and Static Diversity Use of Physical Constraints to Impose Containment Design based on Weak Assumptions Detection and Correlation Adaptive Response Base of Intrusion Tolerant DARPA Technologies: OASIS ( , 20+ projects) FTN ( , 20+ projects)

The Undefended JBI Application

The Undefended JBI – Schematic View PSQ Server Client1 Hub Client1 Emulated WAN Client LAN X Core LAN DB Server Client LAN 1

Network Oriented Defenses VPN Firewalls - use of Cisco PIX VPNs as a first line of defense on the WAN Network Hardening - TCP/IP settings, no ARP, OS patches Autonomic Distributed Firewall Cards (ADF) - only allow necessary communication encrypted over VPGs Network Detection - Signature based monitoring via Emerald NIDS appliances - Heartbeats to monitor liveliness Automatic adaptive network reconfiguration - isolate machines via ADFs - rate limiting and Access Proxy selection Core: Quadrant Isolation Switches - isolate power to corrupted core quads Core: Crumble Zone with Access Proxies - first line of host defense (like a DMZ) Core: Managed Switches - restrict communication via source port filtering

The Defended JBI

Results from the Red Team Exercise (3/05) Main objective: Determine whether the defense-enabled JBI could survive 12 hours of sustained attacks and complete its mission. Red Teams had high privilege access to the WAN switch and full access to the DPASA code. Red Team A - Flood of replayed ISAKMP causes DoS at the VPN router - However, the red team had no insight into the effectiveness of the attack and continues with unsuccessful attacks. Red Team B - Zero day attack involving the high-privileged trunk access on the WAN switch to cause DoS at the VPN router. Besides the availability of the VPN routers, neither confidentiality nor integrity were breached.