emerging threats -2

Chapter 2

In today’s world, both government and the private sector are struggling to provide a secure, efficient, timely, and separate means of delivering essential services internationally. As a result, these critical national infrastructure systems remain at risk from potential attacks via the Internet.

Don't use plagiarized sources. Get Your Custom Essay on

emerging threats -2

Just from $13/Page

Order Essay

It is the policy of the United States to prevent or minimize disruptions to the critical national information infrastructure in order to protect the public, the economy, government services, and the national security of the United States.The Federal Government is continually increasing capabilities to address cyber risk associated with critical networks and information systems.

Please explain how you would reduce potential vulnerabilities, protect against intrusion attempts, and better anticipate future threats.

*

Copyright © 2012, Elsevier Inc. All Rights Reserved
Chapter 2
Deception
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Copyright © 2012, Elsevier Inc. All Rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Introduction
Deception is deliberately misleading an adversary by creating a system component that looks real but is in reality a trap
Sometimes called a honey pot
Deception helps accomplish the following security objectives
Attention
Energy
Uncertainty
Analysis

Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
If adversaries are aware that perceived vulnerabilities may, in fact, be a trap, deception may defuse actual vulnerabilities that security mangers know nothing about.
Introduction
Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Fig. 2.1 – Use of deception in computing
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Copyright © 2012, Elsevier Inc. All rights Reserved

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Introduction
Four distinct attack stages:
Scanning
Discovery
Exploitation
Exposing

Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.2 – Stages of deception for national infrastructure protection

*

Adversary is scanning for exploitation points
May include both online and offline scanning
Deceptive design goal: Design an interface with the following components
Authorized services
Real vulnerabilities
Bogus vulnerabilities
Data can be collected in real-time when adversary attacks honey pot
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Scanning Stage

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.3 – National asset service interface with deception

*

Deliberately inserting an open service port on an Internet-facing server is the most straightforward deceptive computing practice
Adversaries face three views
Valid open ports
Inadvertently open ports
Deliberately open ports connected to honey pots
Must take care the real assets aren’t put at risk by bogus ports
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Deliberately Open Ports

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.4 – Use of deceptive bogus ports to bogus assets

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.5 – Embedding a honey pot server into a normal server complex

*

The discovery stage is when an adversary finds and accepts security bait embedded in the trap
Make adversary believe real assets are bogus
Sponsored research
Published case studies
Open solicitations
Make adversary believe bogus assets are real
Technique of duplication is often used for honey pot design
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Discovery Stage

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.6 – Duplication in honey pot design

*

Creation and special placement of deceptive documents can be used to trick an adversary (Especially useful for detecting a malicious insider)
Only works when content is convincing and
Protections appear real
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Deceptive Documents

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.7 – Planting a bogus document in protected enclaves

*

This stage is when an adversary exploits a discovered vulnerability
Early activity called low radar actions
When detected called indications and warnings
Key requirement: Any exploitation of a bogus asset must not cause disclosure, integrity, theft, or availability problems with any real asset
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Exploitation Stage

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Chapter 2 – Deception
Fig. 2.8 – Pre- and post-attack stages at the exploitation stage
Copyright © 2012, Elsevier Inc. All rights Reserved

*

Related issue: Intrusion detection and incident response teams might be fooled into believing trap functionality is real. False alarms can be avoided by
Process coordination
Trap isolation
Back-end insiders
Process allowance
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Exploitation Stage

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Understand adversary behavior by comparing it in different environments.
The procurement lifecycle is one of the most underestimated components in national infrastructure protection (from an attack perspective)
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Procurement Tricks

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.9 – Using deception against malicious suppliers

*

The deception lifecycle ends with the adversary exposing behavior to the deception operator
Therefore, deception must allow a window for observing that behavior
Sufficient detail
Hidden probes
Real-time observation
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Exposing Stage

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.10 – Adversary exposing stage during deception

*

Interfaces Between
Humans and Computers
Gathering of forensic evidence relies on understanding how systems, protocols, and services interact
Human-to-human
Human-to-computer
Computer-to-human
Computer-to-computer
Real-time forensic analysis not possible for every scenario
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
Fig. 2.11 – Deceptively exploiting the human-to-human interface

*

Programs for national deception would be better designed based on the following assumptions:
Selective infrastructure use
Sharing of results and insights
Reuse of tools and methods
An objection to deception that remains is that it is not effective against botnet attacks
Though a tarpit might degrade the effectiveness of a botnet
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 2 – Deception
National Deception Program

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

Order Now Talk to Us

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

Most Qualified Writer $10FREE
Plagiarism Scan Report $10FREE
Unlimited Revisions $08FREE
Paper Formatting $05FREE
Cover Page $05FREE
Referencing & Bibliography $10FREE
Dedicated User Area $08FREE
24/7 Order Tracking $05FREE
Periodic Email Alerts $05FREE

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

On-time Delivery
24/7 Order Tracking
Access to Authentic Sources

Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Sign Up Talk to Us

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

Categories

All samples

Essay (any type)

Essay (any type)

The Value of a Nursing Degree

Undergrad. (yrs 3-4)

Nursing

2

View this sample

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

Call Us +1 (877) 657-8180 Discuss Order Details Now

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

Clear elicitation of your requirements.
Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

Proactive analysis of your writing.
Active communication to understand requirements.

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

Thorough research and analysis for every order.
Deliverance of reliable writing service to improve your grades.

Place an Order Start Chat Now