Presentation is loading. Please wait.

Presentation is loading. Please wait.

April 14, 2005Sergio Caltagirone The Essence of Sergio Caltagirone April 14, 2005 Active Response.

Published byMelina Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "April 14, 2005Sergio Caltagirone The Essence of Sergio Caltagirone April 14, 2005 Active Response."— Presentation transcript:

1 April 14, 2005Sergio Caltagirone The Essence of Sergio Caltagirone April 14, 2005 Active Response

2 April 14, 2005Sergio Caltagirone To Build A Castle…

3 April 14, 2005Sergio Caltagirone

4 April 14, 2005Sergio Caltagirone

5 April 14, 2005Sergio Caltagirone Where We’re At…

6 April 14, 2005Sergio Caltagirone Where We Want To Be…

7 April 14, 2005Sergio Caltagirone Some Attempts… Clifford Stoll vs. German Hackers (1986) C. Stoll, “Stalking the Wiley Hacker” in Communications of the ACM, vol 31, 1998, pp. 484-497. DoD vs. Electronic Disturbance Theater (1998) http://archives.cnn.com/2000/TECH/computing/04/07/self-defense.idg/ Conxion vs. E-Hippies (2000) http://www.nwfusion.com/research/2000/0529feat2.html FBI vs. Russian Hackers (2001) a.k.a. ‘Invita’ Case http://www.wired.com/news/politics/0,1283,47650,00.html

8 April 14, 2005Sergio Caltagirone Why Do We Want To Do That? Response is not a choice… Insufficient Protection on Imperfect Systems A Policy Is Necessary (even if not utilized) Vulnerable Systems –Air Traffic Control –SCADA Systems –Nuclear Power Safety –Economic and Socially Critical Systems

9 April 14, 2005Sergio Caltagirone Problem Statement Since any action or inaction is a response, what is an appropriate set of actions to take during a security event in order to mitigate the threat given the immense social and technical considerations of response?

10 April 14, 2005Sergio Caltagirone Active Response Time bound Automatically or not Purposeful Subjective timeline Mitigation NOT Elimination Any action sequence deliberately performed by an individual or organization between the time an attack is detected and the time it is determined to be finished, in an automated or non-automated fashion, in order to mitigate the identified threat’s negative effects upon a particular asset set.

11 April 14, 2005Sergio Caltagirone Some Actions At Our Disposal Notify authorities Disconnect – Strategic Separation Control the borders Get ISP to do dirty work Use ping/finger/traceroute/honeypots Hack-back / Passive Strike-back First strike

12 April 14, 2005Sergio Caltagirone A Potential Taxonomy 1.Internal Notification: Using the organizational structure to notify the appropriate persons of an active defense situation 2.Internal Response: Applying active defense actions within an organization's boundaries 3.External Cooperative Response: Employing the assistance of other entities outside of an organization to mitigate a threat 4.Non-cooperative Intelligence Gathering: Using external services (finger, nmap, netstat) to gather intelligence on the attacker 5.Non-cooperative ‘Cease and Desist’ : Shutting down harmful services that do not affect usability on a network or host. 6.Counter-strike: An offensive action designed to deny an attacker the ability to continue an attack. 7.Preemptive Defense: With knowledge of a forthcoming attack, execute active response actions to preempt (and disable) the upcoming attack

13 April 14, 2005Sergio Caltagirone Evaluating a Response Legal –Civil, Criminal, Domestic, International Ethical –Teleological, Deontological Technical –Traceback, Reliable IDS, Confidence Value, Real Time Risk Analysis –Measure ethical, legal risk effectively? Unintended Consequences –Attacker Action, Collateral Damage, Own Resources

14 April 14, 2005Sergio Caltagirone Process Model

15 April 14, 2005Sergio Caltagirone Formal Decision Model Score(Action) − Score(Threat) − Success(Actio n) AR Policy Escalation Ladder Asset Evaluation Action Evaluation Asset Identification Threat Identification Risk Identification Goal Identification Action Identification Action Classification Risk Identification Utility Modifier Success Ordering Contingency Plan { }

16 April 14, 2005Sergio Caltagirone Conclusions Need for Response – Why we need it Definition – What it is Taxonomy – What it is comprised of Issues – What is wrong with it Process Model – What we do Decision Model – How we decide

17 April 14, 2005Sergio Caltagirone http://www.activeresponse.org - serg@activeresponse.org Sergio Caltagirone and Deborah Frincke, “The Response Continuum,” to appear in the 6 th IEEE Information Assurance Workshop, West Point, NY. June 15-17, 2005. Sergio Caltagirone, "Criminal Law Perspectives of Contemporary Issues in Computer Security," University of Idaho, Moscow, ID, Technical Report CSDS-DF-TR-05-28, 2005. Sergio Caltagirone, "Evolving Active Defense Strategies," University of Idaho, Moscow, ID, Technical Report CSDS-DF-TR-05-27, 2005 Sergio Caltagirone, "Questions About Active Response," 4th Workshop on the Active Response Continuum to Cyber Attacks. George Mason University, Fairfax, VA, USA, March 2005. Sergio Caltagirone and Deborah Frincke, "ADAM: Active Defense Algorithm and Model," in Aggressive Network Self-Defense, N.R. Wyler and G. Byrne, Eds. Rockland, MD, USA: Syngress Publishing, 2005, pp. 287-311. Resources – Questions ?

Download ppt "April 14, 2005Sergio Caltagirone The Essence of Sergio Caltagirone April 14, 2005 Active Response."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.

FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.
Introduction to Information Operations Attaché Corps- SEP 09

Introduction to Information Operations Attaché Corps- SEP 09
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.

Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Information Security Policies and Standards

Information Security Policies and Standards
Introducing Computer and Network Security

Introducing Computer and Network Security
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
The Information Systems Audit Process

The Information Systems Audit Process
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google