0 I. c mm. m - = co. a,0 13) c s. il r

Transcription

1 ul T- I < s mm m E t c m c mm mm s m > Q II a, c> s ta> m c s m - = co L 13) cn.- a, s n h tn S m n LI.- a c > c) a c/) 13 c9 r+ E Q il5 s -r CL

2 Form SF298 Citation Data Report Date ("DD MON YYYY") Report Type N/A Dates Covered (from... to) ("DD MON YYYY") Title and Subtitle Managing Information Security Problems Authors Contract or Grant Number Program Element Number Project Number Task Number Work Unit Number Performing Organization Name(s) and Address(es) DISA Sponsoring/Monitoring Agency Name(s) and Address(es) Performing Organization Number(s) Monitoring Agency Acronym Monitoring Agency Report Number(s) Distribution/Availability Statement Approved for public release, distribution unlimited Supplementary Notes Abstract Subject Terms Document Classification unclassified Classification of Abstract unclassified Classification of SF298 unclassified Limitation of Abstract unlimited Number of Pages 34

3 REPORT DOCUMENTATION PAGE Form Approved OMB No Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 124, Arlington, VA , and to the Office of Management and Budget, Paperwork Reduction Project (74-188), Washington, DC AGENCY USE ONLY (Leave blank) 2. REPORT DATE 3. REPORT TYPE AND DATES COVERED 1/1/96 4. TITLE AND SUBTITLE Managing Information Security Problems Briefing 5. FUNDING NUMBERS 6. AUTHOR(S) Clarence Hoop 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) IATAC Information Assurance Technology Analysis Center 319 Fairview Park Drive Falls Church VA SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) Defense Technical Information Center DTIC-IA 8725 John J. Kingman Rd, Suite 944 Ft. Belvoir, VA SUPPLEMENTARY NOTES 8. PERFORMING ORGANIZATION REPORT NUMBER 1. SPONSORING / MONITORING AGENCY REPORT NUMBER 12a. DISTRIBUTION / AVAILABILITY STATEMENT 12b. DISTRIBUTION CODE A 13. ABSTRACT (Maximum 2 Words) This DISA Briefing discusses the topic of Managing Information Security Problems. The areas the briefing covers are: The operational environment; what are some of the problems encountered; what is happening in the community today and what are the community plans for the future. It addresses the issues of insider threat, external threat, how to cope with the threats, use of firewalls and the Defense in Depth strategy. 14. SUBJECT TERMS IA 15. NUMBER OF PAGES 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS PAGE UNCLASSIFIED 19. SECURITY CLASSIFICATION OF ABSTRACT UNCLASSIFIED 2. LIMITATION OF ABSTRACT None

4 Presentation Outline What is the Operational Environment? What are some of the problems encountered? twhat are we doing today? 1 What do we plan for tomorrow?

5 m Mainframe Technology Revolution Point-to-Point - G oba File Ser ve I- Workstation Workstation DISN 4 Transmission 4 Command & Control d Messaging 4 Combat Support 1 Datatase 1 Print Server Host Computer - Workbation Workstation er Print Server Workstation tstatinn /I I 1 / I..-*-r Mamrrame E Print Server Wohtation Workstation

6 C41 for the Warrior I L Network Management Building Codes and Permits Run Time Specs Mainline Commercial Products Engineering Standard Architecture Data Elements Leading Edge Services I DISA: ARCHITECT OF THE FUTURE

7 coa

8 Intruder Technical Knowledge hiah Tools stealth I diamostics 4 back doors Technical Knowledge Required vulnerabilities --II,,-l:,,L:,, sen repwarmy password guessing Attackers 1985

9 Intruders Have Been Observed Destroying data Destroying software Modifying Data Modifying software Stealing data Stealing software Shutting down hosts/networks Using DOD systems as launch points

10 Reported Incidents Intrusions Incident Breakdown il996 - (33) (18) As of 24 hrs 23 May 96

11 What do we see at ASSIST? - Telnetbtp - Password Files/tftp/Crack - Sendmailhmtp - Sweepers - finger - Sniffer r* commands - IP spoofing - Rootkit I Tools & Techniques

12 What do we see at ASSIST? Virus Contenders - Word Marco Virus - Monkey - Form - BUPT - AntiExe - Jack the Ripper

13 Where do they get those toys? Newsgroups FTP Sites WEB Pages BBSs Books Magazines Ezines Trade

14 An Example of DOD Functions Affected Composite Material Research Mathematical Simulations Military Health Systems Structural Research on Ships/Planes Supply and Maintenance Support System High Performance Computing Systems Personnel Management Services Master Clock for l/4 WORLD of the Supercomputer Research Network Ballistic Weapons Research R&D on Health Sciences R&D on Ocean Sciences Inventory and Property Accounting Organizational Service Training Payroll and Business Support Finite Element Analysis of Submarine Structures Command Tasker System Mail Hub for Post-wide Electronic Mail Finance Databases Procurement Scientific Modeling for Battlefield Environment C3 Development Ocean Surveillance Artificial Intelligence Research Knowledge Based Simulation Applied Research in Photonic Technology Force Level Execution Battle Management Decision Aids (Presentation)

15 E IL W w II 2 QJ v) c Q m Q) IIL m c.m ti; 5 Q Q E w E a, E E Q)Ē

16 W PL a IA PL a s z W >

17 INF & :OSEC Engineering, I _ ai Integration DOD MLS Proaram DISA s Multi-Disciplined Security Process -l-l.--. VII Certification Stmvlardi;?ed DOD -A.:-- Integrated Operations, Monitoring, and VAAP olicy & Plans ThreatAMnerabiIitv - Assessments and- 7 Tool Development - AwarenGk

18 Collaborative Work Defend the Dll All Source Assessments INFOSEC Product Development & FOCUS: Get INFOSEC Products to the Warfighter!

19 r s S.mE I- - L a II

20 Standard Certification Process DITSCAP: DOD Information Technology Security Certification and Accreditation Process Current: System-Centric DITSCAP: Infrastructure-Centric

21 co s

22 I Vulnerability Assessments mase I - Network Sweep Identify network elements identify common vulnerabilities Phase II - Vulnerabilities Sweep Exploit initial vulnerabilities pppgw-- h Y Phase Ill - Security Sweep Attain Greater Access install Trojan Horses Exploit trusted relationships Exploit network vulnerabilities -^ Current Focus on UNIX and TCPAP

23 Vulnerability Analysis& Assistance Program Findings Based on 77 assessments on 38,726 Host Computers: 4.4% of DOD unclassified computers tested have easily exploitable front doors 65% 89% of DOD unclassified computers tested can be further penetrated by network trusted relationships (not an indication of overall health of DII) - 96% of VAAP penetrations undetected by host administrators and users +3% of detected penetrations go unreported As of Ott 5, 1996

24 n

25 Defense Intrusion Analysis and Monitoring Desk (DIAMOND) Network Status Data Validated Incidents Response Teams

26 /----- \ I i' / Malicious Code *\., Data Streams Unauthorized usion - Detection Capability Incident Summary ki&nh undu in&+ k Nay M DISA s NID System Monitoring NIPRNet Fixed East Gateway

27 INFOSEC Engineering Fielded MLS Solutions

28 Network Protection * COI Burden On User

29 Current Security Products Opsllntel Interface C2 Guard Two-Level Standard Workstation Mail Guard MISS1 SNS I SECRETLAN h I SECRET LAN UNCLASSIFIED

30 I Tools: How Do they Fit Together I AIMS ability Assessment Infrastructure Management and System Countermeasures and Eradication

31 Automated Infrastructure Management System

32 Managing Vulnerability Assessments: Integrated Tools & Red Teams

33 Mission: Courseware Development and Delivery INFOSEC Awareness Products INFOSEC Professional Development INFOSEC Education, Training &Awareness Army Navy Air Force Marines

34 INFOSEC Technical Services Contract Quick reaction contract support to DOD & other Federal Departments/Agencies Three Contractor Teams Areas of Support Include: Engineering Architecture Certification, evaluation and accreditation Vulnerability assessment tools and techniques Training and Awareness

35 Summary: The Way Ahead Multifaceted Challenge - - No SINGLE Solution