Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malware Mimics for Network Security Assessment CDR Will Taff LCDR Paul Salevski March 7, 2011 CDR Will Taff LCDR Paul Salevski March 7, 2011.

Published byBasil Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "Malware Mimics for Network Security Assessment CDR Will Taff LCDR Paul Salevski March 7, 2011 CDR Will Taff LCDR Paul Salevski March 7, 2011."— Presentation transcript:

1 Malware Mimics for Network Security Assessment CDR Will Taff LCDR Paul Salevski March 7, 2011 CDR Will Taff LCDR Paul Salevski March 7, 2011

2 Motivation Introduction Vision Proposal What we did Way Ahead 2 Agenda

3 3 Motivation

4 4 Motivation – In the Lab

5 Currently, DoD relies on Red Teams (trusted adversaries) for Information Assurance (IA) testing and evaluation of military networks This approach is unsatisfactory: Relies on constrained resource (Red Teams) Limited in scope of effects (safety/risk to host network) Non-uniform/inconsistent application OR Confined to laboratory setting (not “Train Like Fight”) 5 Introduction

6 Introduction - The Way the Navy Is Internet Global Information Grid (GIG) Owned and Operated by DISA Network Operating Centers SIPR NIPR JWICS CENTRIXS

7 We propose the development of a distributed software system that can be used by either simulated adversaries (such as Red Team) or trusted agents (such as Blue Team) to create scenarios and conditions to which a network management/defense team will need to react and resolve. 7 Proposal

8 8 Vision STEP Site Northwest, VA Ft. Meade, MD Norfolk, VA MM-Server Global Information Grid (GIG) USS Arleigh Burke MM-Clients

9 9 Malware Mimic Have the “trainer” sitting anywhere Trainer remotely controls a network of pre- installed software nodes on training network simulating network malware/mal-behaviors Simulate virus Simulate bots Simulate Internet worms Simulate malicious “hackers” “Trainee” reacts to simulated effects in same manner as actual threats

10 Network nodes consist of Java software packages running on top of pre-existing and unmodified network hosts No (unwanted) impact to users No need for additional hardware Network nodes coordinate effects via Trainer controlled Command and Control Server Local or Offsite Solves problem of “flying in” a red team 10 Architecture

11 11 Anatomy of an Attack

12 12 Anatomy of an Attack with MM’s

13 13 Architecture - Physical Layout

14 14 Virtual Layout

15 15 Results

16 More Complex Network Architecture More complex Malware Mimics Focus on higher security Installation and testing onto larger and operational networks Communication between MM-Clients 16 Way Ahead

17 Questions CDR Will Taff – wrtaff@nps.edu LCDR Paul Salevski – pmsalevs@nps.edu CDR Will Taff – wrtaff@nps.edu LCDR Paul Salevski – pmsalevs@nps.edu

Download ppt "Malware Mimics for Network Security Assessment CDR Will Taff LCDR Paul Salevski March 7, 2011 CDR Will Taff LCDR Paul Salevski March 7, 2011."

Similar presentations

Building a CFD Grid Over ThaiGrid Infrastructure Putchong Uthayopas, Ph.D Department of Computer Engineering, Faculty of Engineering, Kasetsart University,

Building a CFD Grid Over ThaiGrid Infrastructure Putchong Uthayopas, Ph.D Department of Computer Engineering, Faculty of Engineering, Kasetsart University,
Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.

INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
1 Mr. Al M. Slarve Joint Interoperability Test Command Integrated Communications Systems Branch, Chief CML: 520-538-5362 DSN:

1 Mr. Al M. Slarve Joint Interoperability Test Command Integrated Communications Systems Branch, Chief CML: DSN:
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Department of Defense Information Assurance Range: A Venue for Test and Evaluation In Cyberspace DISA-JITC/JTG1 August 2011 UNCLASSIFIED.

Department of Defense Information Assurance Range: A Venue for Test and Evaluation In Cyberspace DISA-JITC/JTG1 August 2011 UNCLASSIFIED.
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Network Innovation using OpenFlow: A Survey

Network Innovation using OpenFlow: A Survey
فاتن يحيى إسماعيل فاتن يحيى إسماعيل م. مهندس م. مهندس Network Security.

فاتن يحيى إسماعيل فاتن يحيى إسماعيل م. مهندس م. مهندس Network Security.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Desktop Computing Strategic Project Sandia National Labs May 2, 2009 Jeremy Allison Andy Ambabo James Mcdonald Sandia is a multiprogram laboratory operated.

Desktop Computing Strategic Project Sandia National Labs May 2, 2009 Jeremy Allison Andy Ambabo James Mcdonald Sandia is a multiprogram laboratory operated.
Increase Information Assurance Awareness through Secure Operations/Management Training and Certification Percent Trained & Certified Goal = 100% Percentage.

Increase Information Assurance Awareness through Secure Operations/Management Training and Certification Percent Trained & Certified Goal = 100% Percentage.
1 PUNCH PUNCH (Purdue University Network Computing Hubs) is a distributed network-computing infrastructure that allows geographically dispersed users to.

1 PUNCH PUNCH (Purdue University Network Computing Hubs) is a distributed network-computing infrastructure that allows geographically dispersed users to.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Information Security in Real Business Asian Connection and Craig.

Information Security in Real Business Asian Connection and Craig.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.

Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Similar presentations

Ads by Google