Professional Documents
Culture Documents
Dr. Stilianos Vidalis Information Security Research Group J133 School of Computing University of Glamorgan 0044 (0)1443 482731 svidalis@glam.ac.uk
Pro-logos
At the beginning there was light then the cosmos then all the species and finally there was WAR!!!
Threat Assessment
A threat assessment is a statement of threats that are related to vulnerabilities, an organisations assets, and threat agents, and also a statement of the believed capabilities that those threat agents possess.
Motivation
Motivation is the degree to which a threat agent is prepared to implement a threat. The motivational factors are the elements that drive a threat agent to consider attacking a computer system:
political, secular, personal gain, religious, revenge, power, terrorism, and curiosity
Q: Can we deceive Them in believing that they do not want to target us?
Capability
The availability of a number of tools and techniques to implement an attack, and the ability to use the tools and techniques correctly. The availability of education and training to support the correct use of various tools and techniques. The level of resource that a threat agent has, or can acquire over a certain time.
Q: Can we deceive Them in believing that they are not able to target us?
Opportunity
The easiest of the 3 to manage? Opportunity can be defined as a favourable occasion for action. Past:
make sure that threat agents will be in no position of creating or exploiting opportunities. Risk is not managed by as but by the threat agents, so concentrate on Motivation
Present:
Threat Agents?
The term threat agent is used to denote an individual or group that can manifest a threat. Hackers are good people!!!
. . . .
Threat Agents
Partners Competitors
Employees
Terrorists
ESA
Organized Crime Gangs (blocks) Gangs (city) Fatria (national) Fatria (international)
Natural Disasters Fire Flood Lightning Vermin Wind Sand Frost Earthquake
Political parties
Media
Enthusiasts Activists Vandals General Public Extremists Religious Followers Governments
Maintenance Staff
It is a game, the aim: achieve information superiority We need to understand what motivates them We need to know of their technical and educational capability We need to know how they think
Threat agent catalogue Historical threat agent data Environmental reports Knowledge of personnel Stakeholder List
Vulnerabilities
Threat Agents
Access to Information Changing Technologies Target Vulnerability Target profile Public Perception
Motivation
InfoSec Requirements
the activities to protect hardware, software and intangible information at the hardware and software levels (E. Waltz) Information has three abstractions: data, information & knowledge When threat agents acquire knowledge then they are able to launch active attacks with high probability of success. Q: How do we ensure information superiority?
IO Taxonomy
IO Layer Offence Defence
Perceptual
Function
Manage perception, Disrupt decision processes
NETWAR
PSYOPS, Deception
Information
Physical
NETOPS
Physical destruction
Perceptual
Information Physical
Intelligence, Counterintelligence
INFOSEC OPSEC
What do we do!!!
Could we possibly deceive threat agents? Through deception we can manage our adversarys perception and disrupt his decision-making processes. The outcome can be twofold:
either the defenders have time to react and deploy the necessary countermeasures (or finely tune the existing ones), or the threat agent will call off the attack and return to the information gathering process in order to re-examine his plan of action.
Is there a limit?
Facts:
Infrastructures follow a certain logic which allows threat agents to easily enumerate them Administrators introduce vulnerabilities to their system in order to make their lives easier The users of a system are its biggest vulnerability Can we use deception techniques on our own users?
Argument:
Simulating showing the false, drawing attention away from the real Dissimulating hiding the real, producing confusion about what is real
Technical Solution
G4DS system that brings enterprises together in virtual communities in order to identify and monitor threat agents Virtual Honeypots system that takes input from G4DS in order to perform near real-time threat agent deception
Deception Methodology
Everything should be dedicated to the execution of the deception Intelligence must be brought fully into the picture Intelligence must be assessed Secrecy must be enforced The deception plan must be designed at the top levels Full implementation & consistency of all elements of deception Deception must be continuous
Epi-logos
Need to move reference point from risk assessment to threat assessment Need to be able to identify and monitor threat agents Hackers are good people!!! G4DS system that brings enterprises together in virtual communities in order to identify and monitor threat agents Virtual Honeypots system that takes input from G4DS in order to perform near real-time threat agent deception
Questions?