Quetion

Each student will write an APA paper with no less than 6 peer reviewed references and no less than 3 pages of findings on one aspect of the weekly readings.

Don't use plagiarized sources. Get Your Custom Essay on

Quetion

Just from $13/Page

Order Essay

For this week you can choose any topic that is in our material to write on

Subject Name:

Emerging Threats & Countermeas

1

Copyright © 2012, Elsevier I

n

c.

All Rights Reserved

Chapter

2

Deceptio

n

Cyber Attacks
Protecting National Infrastructure, 1st ed.

2

Copyright © 2012, Elsevier Inc.

All rights Reserved

C
h
a
p
te

r 2
–

D
e
c
e
p
tio

n

Introduction

• Deception is deliberately misleading an adversary by
creating a system component that looks real but is in
reality a trap
– Sometimes called a honey pot

• Deception helps accomplish the following security
objectives
– Attention

– Energy

– Uncertainty

– Analysis

3

Copyright © 2012, Elsevier Inc.

All rights Reserved

C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

• If adversaries are aware that perceived vulnerabilities
may, in fact, be a trap, deception may defuse actual
vulnerabilities that security mangers know nothing
about.

Introduction

4

Fig. 2.1 – Use of deception in
computing

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

5

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Introduction

• Four distinct attack stages:
– Scanning

– Discovery

– Exploitation

– Exposing

6

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.2 – Stages of deception for
national infrastructure protection

7

• Adversary is scanning for exploitation points
– May include both online and offline scanning

• Deceptive design goal: Design an interface with the
following components
– Authorized services

– Real vulnerabilities

– Bogus vulnerabilities

• Data can be collected in real-time when adversary
attacks honey pot

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Scanning Stage

8

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.3 – National asset service
interface with deception

9

• Deliberately inserting an open service port on an
Internet-facing server is the most straightforward
deceptive computing practice

• Adversaries face three views

– Valid open ports

– Inadvertently open ports

– Deliberately open ports connected to honey pots

• Must take care the real assets aren’t put at risk by
bogus ports

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Deliberately Open Ports

10

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.4 – Use of deceptive bogus
ports to bogus assets

11

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.5 – Embedding a honey pot
server into a normal server complex

12

• The discovery stage is when an adversary finds and
accepts security bait embedded in the trap

• Make adversary believe real assets are bogus
– Sponsored research

– Published case studies

– Open solicitations

• Make adversary believe bogus assets are real
– Technique of duplication is often used for honey pot

design

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Discovery Stage

13

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.6 – Duplication in honey pot
design

14

• Creation and special placement of deceptive
documents can be used to trick an adversary
(Especially useful for detecting a malicious insider)
– Only works when content is convincing and

– Protections appear real

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Deceptive Documents

15

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.7 – Planting a bogus document
in protected enclaves

16

• This stage is when an adversary exploits a discovered
vulnerability
– Early activity called low radar actions

– When detected called indications and warnings

• Key requirement: Any exploitation of a bogus asset
must not cause disclosure, integrity, theft, or
availability problems with any real asset

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Exploitation Stage

17

C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.8 – Pre- and post-attack stages
at the exploitation stage

Copyright © 2012, Elsevier Inc.
All rights Reserved

18

• Related issue: Intrusion detection and incident
response teams might be fooled into believing trap
functionality is real. False alarms can be avoided by
– Process coordination

– Trap isolation

– Back-end insiders

– Process allowance

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n
Exploitation Stage

19

• Understand adversary behavior by comparing it in
different environments.

• The procurement lifecycle is one of the most
underestimated components in national
infrastructure protection (from an attack
perspective)

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Procurement Tricks

20

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.9 – Using deception against
malicious suppliers

21

• The deception lifecycle ends with the adversary
exposing behavior to the deception operator

• Therefore, deception must allow a window for
observing that behavior
– Sufficient detail

– Hidden probes

– Real-time observation

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Exposing Stage

22

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.10 – Adversary exposing stage
during deception

23

Interfaces Between
Humans and Computers

• Gathering of forensic evidence relies on
understanding how systems, protocols, and services
interact
– Human-to-human

– Human-to-computer

– Computer-to-human

– Computer-to-computer

• Real-time forensic analysis not possible for every
scenario

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

24

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

Fig. 2.11 – Deceptively exploiting the
human-to-human interface

25

• Programs for national deception would be better
designed based on the following assumptions:
– Selective infrastructure use

– Sharing of results and insights

– Reuse of tools and methods

• An objection to deception that remains is that it is
not effective against botnet attacks
– Though a tarpit might degrade the effectiveness of a

botnet

Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 2
–
D
e
c
e
p
tio
n

National Deception Program

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

Order Now Talk to Us

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

Most Qualified Writer $10FREE
Plagiarism Scan Report $10FREE
Unlimited Revisions $08FREE
Paper Formatting $05FREE
Cover Page $05FREE
Referencing & Bibliography $10FREE
Dedicated User Area $08FREE
24/7 Order Tracking $05FREE
Periodic Email Alerts $05FREE

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

On-time Delivery
24/7 Order Tracking
Access to Authentic Sources

Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Sign Up Talk to Us

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

Categories

All samples

Essay (any type)

Essay (any type)

The Value of a Nursing Degree

Undergrad. (yrs 3-4)

Nursing

2

View this sample

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

Call Us +1 (877) 657-8180 Discuss Order Details Now

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

Clear elicitation of your requirements.
Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

Proactive analysis of your writing.
Active communication to understand requirements.

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

Thorough research and analysis for every order.
Deliverance of reliable writing service to improve your grades.

Place an Order Start Chat Now