Active-Defenses-to-Cyber-Attacks--University-of-Washington:主动防御网络攻击-课件.ppt
- 【下载声明】
1. 本站全部试题类文档,若标题没写含答案,则无答案;标题注明含答案的文档,主观题也可能无答案。请谨慎下单,一旦售出,不予退换。
2. 本站全部PPT文档均不含视频和音频,PPT中出现的音频或视频标识(或文字)仅表示流程,实际无音频或视频文件。请谨慎下单,一旦售出,不予退换。
3. 本页资料《Active-Defenses-to-Cyber-Attacks--University-of-Washington:主动防御网络攻击-课件.ppt》由用户(晟晟文业)主动上传,其收益全归该用户。163文库仅提供信息存储空间,仅对该用户上传内容的表现方式做保护处理,对上传内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知163文库(点击联系客服),我们立即给予删除!
4. 请根据预览情况,自愿下载本文。本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
5. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007及以上版本和PDF阅读器,压缩文件请下载最新的WinRAR软件解压。
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Active Defenses to Cyber Attacks University of Washington 主动 防御 网络 攻击 课件
- 资源描述:
-
1、Active Defenses to Cyber AttacksUW Information School/Agora Workshop09/12/03Supported by a research grant from Cisco Systems Critical Infrastructure Assurance GroupAgenda Three floating moderators“Three hour tour”format Background(45 minutes)Open discussion of issues(1 hour)Attack Scenario(20 minute
2、s)9 potential AD actions(2 hours)10-15 minutes eachDesired outcome Get feedback on current outline of Active Defense Get ideas on pros/cons of AD actions Identify avenues of legal/ethical/technical research Identify alternatives and possible changes in laws,public/private CompSec policies Have a fun
3、 time!Background Topic discussed in Pre-Agora meeting June 8,2001 and again in Q1 2003 Current USG interest Ongoing private sector interest Lack of common definitions Potential impact on national&international debateSenate debateIf we can find some way to do this without destroying their machines,we
4、d be interested in hearing about that.If thats the only way,then Im all for destroying their machines.If you have a few hundred thousand of those,I think people would realize the seriousness of their actions.Theres no excuse for anyone violating copyright laws.”Utah Senator Orrin HatchInformation As
5、surance Information Assurance(IA)concerns information operations that protect and defend information and information systems by ensuring availability,integrity,authentication,confidentiality,and non-repudiation.This includes providing for restoration of information systems by incorporating protectio
6、n,detection,and reaction capabilities.Source:National Security Telecommunications and Information Systems Security Instruction(NSTISSI)No.4009,January 1999Attacks(Strategic level)Denial of Service Theft/alteration of data Web page defacement Industrial espionage Theft of services/resources“Stepping
7、stones”/anonymity Caching data/malware Violation of copyright(“warez”)Attacks(Tactical level)Remote service exploitation Log alteration/rootkits Sniffers Covert channel comms Stepping stones Encryption Address forgery/hijacking Distributed attacks Reflected attacksAttack Specifics(example)Denial of
8、Service Resource consumption HostProcessorMemoryNetwork services NetworkBandwidthRouter Resources(see Host above)Crashing RedirectionYou are hereYou are hereDefenses(Strategic level)Firewalls IDS Logging/monitoring Host(e.g.,accounts,processes,services)Network(flows,connections,data)Honeypots/Honeyn
9、ets Augment FW/IDS DeceptionDefenses(Tactical level)Topological/Access control changes Sniffing/keystroke logging Scanning Traffic redirection Traffic analysis Honeypots/Honeynets Remote exploitation Denial of ServiceBig loss over timeWarbucks lost commissions on stock tradesSmall loss over timeIndi
10、vidual selling used books on AmazonStages of Response 0-Unconscious 1-Involved 2-Interactive 3-Cooperative Response 4-Non-cooperative(AD)Response“Unconscious”Stage 0:“Right out-of-the-box”“The firm/system owner/operator takes no active role,either directly or through proxy,to modify,improve,enhance,
11、or alter defensive capabilities inherent in the hardware,firmware,and/or software as delivered from the manufacturer or installer.”“Involved”Stage 1:“Doing Business”“The firm/system owner/operator establishes(either directly or via proxy)a baseline,tailored,day-to-day defensive posture involving onl
12、y resources directly owned or operated by that owner/operator.The posture is maintained/kept current.”“Interactive”Stage 2:“Weve Got a Problem”“The firm/system owner/operator applies measures,in response to warning or evidence of malfeasance,to resources directly owned or operated by them.The measur
13、es are beyond the baseline because they cause some loss of flexibility,capability,or ease of use and the owner/operator does not want/intend them to become routine business practice.”“Cooperative Response”Stage 3:“Reach out”“The firm/system owner/operator engages other organizations/firms/systems to
14、 take measures intended to attribute,mitigate,or eliminate the threat through cooperative efforts beyond the ability of the owner/operator to effect but within the lawful authority of the cooperating other party or parties.”“Non-cooperative Response”Stage 4:“.and Touch Someone.”“The firm/system owne
15、r/operator takes measures,with or without cooperative support from other parties,to attribute,mitigate,or eliminate the threat by acting against an uncooperative perpetrator or against an organization/firm/system that could(if cooperative)attribute,mitigate,or eliminate the threat.”Active Defense Ag
16、ora workshop on June 8,2001 defined“Active Defense”to be activity at Stage 4 Stage 4 has levels,though Less intrusive to more intrusive Less risky to more risky Less disruptive to more disruptive Justification for and defense of your actions may depend on how well you progress through all 4 stagesLe
17、vels of Active Defense 4.1-Non-cooperative intelligence collection External services(finger,netstat,nbtstat)Back doors/remote exploit to access internal services 4.2-Non-cooperative cease&desist 4.3-Retribution or counter-strike 4.4-Preemptive defenseWhat Do We Need to Know?Are your losses and the p
18、otential risk to you at least equal to the benefit gained if you are successful?Who is it?Or“Attribution;the$64,000 question.”What are you contemplating doing?What effect do you intend to achieve?What blow back could occur?What Do We Need to Know?What are your personal and organizational risks?Who c
展开阅读全文
链接地址:https://www.163wenku.com/p-4229789.html