Internet Continuous Situation Awareness

Similar documents
European Internet Situation Awareness The Global View

IP Reputation Exchange security research

The next step in IT security after Snowden

Cyber Security in Europe

Denial of Service Protection Standardize Defense or Loose the War

4. The transport layer

AMP-Based Flow Collection. Greg Virgin - RedJack

Network Security. Thierry Sans

/08/$ IEEE 630

Introduction and Overview. Why CSCI 454/554?

Introduction to Networks

Valérie Andrianavaly European Commission DG INFSO-A3

DDoS Mitigation & Case Study Ministry of Finance

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

DDOS-GUARD Q DDoS Attack Report

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

3.2 COMMUNICATION AND INTERNET TECHNOLOGIES

HP Instant Support Enterprise Edition (ISEE) Security overview

TLS 1.1 Security fixes and TLS extensions RFC4346

National Cyber Security Strategy 2016

CSCE 715: Network Systems Security

Computer Science 461 Final Exam May 22, :30-3:30pm

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

The professional IT management platform

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Cyber Security Technologies

Network Security Platform 8.1

Innovation policy for Industry 4.0

Network Security Monitoring: An Open Community Approach

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

X-ARF: A Reporting and Exchange Format for the Data Exchange of Netflow and Honeypot Data

Why IPv6? Roque Gagliano LACNIC

Development, Analysis and Evaluation of Cyber Resilience Strategies

Security and resilience in Information Society: the European approach

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Configuring Application Visibility and Control for Cisco Flexible Netflow

IPSec. Overview. Overview. Levente Buttyán

CSCD 433/533 Advanced Networks

WP2 Metrics of Cyber Security

Facing the Challenges of M2M Security and Privacy Phil Hawkes Principal Engineer at Qualcomm Inc. onem2m

Bradford J. Willke. 19 September 2007

A manual for understanding and using the Impex Control Center. SYSCTL AB - version 1.5

How can the Future Internet

Secure management using HP Network Node Manager SPI for SNMPv3

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Lecture 10 Internet. ECE 197SA Systems Appreciation. Internet

EXAMINATION [The sum of points equals to 100]

Network Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:

PCI DSS Compliance. White Paper Parallels Remote Application Server

Security and networks

Access Control. Access Control Overview. Access Control Rules and the Default Action

Symantec Security.cloud

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Cyber Attack Information System CAIS. DI Thomas Bleier, MSc, CISSP, CEH

Networking Basics. EC512 Spring /15/2015 EC512 - Prof. Thomas Skinner 1

Managing the Emerging Semantic Risks

Objectives CINS/F1-01

SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE

Wireless Networks (CSC-7602) Lecture 1 (27 Aug 2007)

Progressively Securing RIOT-OS!

State of Cloud Survey GERMANY FINDINGS

Configuring OpenVPN on pfsense

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

DOWNLOAD PDF CISCO IRONPORT CONFIGURATION GUIDE

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

IMF 2006, October 18 19, 2006 Torsten Voss & Klaus-Peter Kossakowski

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Subscriber Data Correlation

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

AEGIS Advanced Big Data Value Chains for Public Safety and Personal Security

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Network Security and Cryptography. 2 September Marking Scheme

Overview. SSL Cryptography Overview CHAPTER 1

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

M AY 1 8, M E DA N, S U M AT E R A U TA R A

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Chapter 4: Securing TCP connections

ARAKIS An Early Warning and Attack Identification System

Internet Security: Firewall

Access Control. Access Control Overview. Access Control Rules and the Default Action

Contents. Introduction. Prerequisites. Background Information

Virtual Private Network

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Securing Internet Communication

Comprehensive Setup Guide for TLS on ESA

ENISA EU Threat Landscape

Klaus-Michael KOCH TECHNIKON Forschungsgesellschaft mbh DRS-workshop Vienna

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

Trisul Network Analytics - Traffic Analyzer

Monitoring network bandwidth on routers and interfaces; Monitoring custom traffic on IP subnets and IP subnets groups; Monitoring end user traffic;

2015 Online Trust Audit & Honor Roll Methodology

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Transcription:

Internet Continuous Situation Awareness Prof. Dr. Norbert Pohlmann Institute for Internet Security - if(is) University of Applied Sciences Gelsenkirchen http://www.internet-sicherheit.de

Content Structure of the Internet Internet Situation Awareness Internet Analysis System (IAS) Global View Summary 2

Content Structure of the Internet Internet Situation Awareness Internet Analysis System (IAS) Global View Summary 3

Structure of the Internet Example: Analysis Internet Germany Most important Autonomous Systems for Germany 4

Data volume / month in Germany Estimation (2007) A view on data streams exchanged between the networks (AS)! AS AS PRIVATE PEERING 50 Peta Byte (33%) AS AS INTERNAL 30 Peta Byte (20 %) autonomous System (AS) AS AS TRANSIT (Global ISP) 40 Peta Byte (27%) PUBLIC PEERING 30 Peta Byte (20%) TRANSIT (Customer) 150 Peta Byte (100%) AS AS 100 Peta Byte (66 %): private user 50 Peta Byte (33 %): business customer 1 Peta Byte = 1.000.000 Giga Byte 5

Structure of the Internet Conclusion Various stakeholders + =? The Internet is more or less like a black box to the various stakeholders. The Internet has become critical in some parts by now. One reason is the lack of global monitoring and controlling for the distributed infrastructure. When using the Internet today various stakeholders just need trust, that everything will be fine. Situation awareness will help the various stakeholders during their decision-making-process. 6

Content Structure of the Internet Internet Situation Awareness Internet Analysis System (IAS) Global View Summary 7

Internet Situation Awareness Definition The term Situation Awareness (SA) comes from the area of air traffic control and military command & control. Generic definition of the term Situation Awareness (SA) is: Situation Awareness is the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning and the projection of their status in the near future. (Defined by Endsly) 8

Internet Situation Awareness Added value Situation Awareness (SA) is essential not just for the home user to strengthen the trust in using the Internet, but also for representatives of the government for Internet Governance to make strategies for the further development or for enterprises planning to use the Internet as a reliable platform for business. The understanding of the environment is crucial for process of decision making and a perfect Situation Awareness will reflect positively in the actions of the stakeholders. This will already help to reduce the potential disaster risk. 9

Content Structure of the Internet Internet Situation Awareness Internet Analysis System (IAS) Global View Summary 10

Internet Analysis System Idea Observation of the critical infrastructure Internet. Probes are placed in strategically selected spots of the internet communication infrastructure to gather the raw data, made up of counters of header information. Only header information is counted, which is not considered as data privacy relevant. The system gathers information over a long period of time! A centrally managed Evaluation System is used to analyze the raw data and to display the detailed results in an intuitive manner. Internet Evaluation System IAS 11

Internet Analysis System Targets Description of profiles, patterns and coherences, creation of a knowledge base. Outline of the current state of the internet. Detection of attacks and of deflections. Forecast of patterns and attacks. 12

Internet Analysis System Counting of header information (1/2) +1 +1 Number of Counters: - Max: 870.000 - Real-Ø: 60.000 13

Internet Analysis System Counting of header information (2/2) Counter Value All of this information is completely anonymous by design! Time 14

IAS: Current State of Development Result: Knowledge base Distribution of Transport Protocols Profile shaping und trend development TCP UDP ESP IGMP GRE weekend TCP 89% UDP 7% ICMP 15

IAS: Current State of Development Result: Knowledge base SMTP Content Type 60% text Mails 33 % attachments 4%: text/html 26%: text/plain 33%: multipart/mixed 30%: multipart/alternative 16

IAS: Current State of Development Result: Detection of attacks (1/2) SMTP Content Type Temporarily more e-mails with attachments -> Mail-(Wurms/Virus)! multipart/mixed 17

Knowledge Base - IAS Result: Detection of attacks (2/2) PDF Spam Wave Port 25 Application/PDF 18

IAS: Current State of Development Result: Technology trend Distribution of browsers (Technology Trend) Diurnal profile Differences between manual use (e.g., Internet Explorer und Firefox) and automated use (e.g., wget) are detectable. Firefox Internet Explorer Firefox Internet Explorer Others Others (wget, etc) 19

IAS: Current State of Development Result: Awareness (Crypto used TLS)!! 0.1 %: RSA / Export (40) / SHA1 and 0.01 %: RSA / NULL / SHA1!! 60%: RSA / RC4 / MD5 33%: DHE_RSA AES / SHA1 6 %: RSA AES / SHA1 20

IAS: Current State of Development Result: Access-Connection (1/2) Distribution of protocols (sum) P2P HTTPS HTTP 21

IAS: Current State of Development Result: Access-Connection (2/2) Distribution of protocols (over the time) P2P HTTP 22

IAS: Current State of Development Result: Technology trend (Firefox vs. IE) Firefox Internet-Explorer 23

IAS: Current State of Development Result: Technology trend (TCP Dst Port 25) TCP Destination Port 25 (SMTP) 24

IAS: Current State of Development Continuous Situation Awareness 25

Content Structure of the Internet Internet Situation Awareness Internet Analysis System (IAS) Global View Summary 26

Idea of the Global View Overview virtual probe local view local view P1 global view Generation of global view Central System global view global view local view P2 global view local view P3 local view local view probes 27

Idea of the Global View Relation of used protocols Global representation of the relation of different protocols (Example: Web communication) 11% Port 443 (TLS/SSL) 13% Port 443 (TLS/SSL) 89 % Port 80 (HTTP) 87 % Port 80 (HTTP) local view global view 28

Anomaly detection Detection of Malware Dangers on the internet (e.g.: attachment ZIP) local view global view 29

Internet Situation Awareness Project idea Internet Object: Internet Critical Assets This will help to: global data sensors statistics PPP partners improve the stability and trustworthiness of the Internet, raise awareness for critical processes or components, and find out more about the Internet and its users in order to better support to their needs and service demands... 30

Internet Situation Awareness Related work Sensor level: Log-data based Honeypot based Netflow based Analysis level: Pattern recognition Neural network models Data Mining algorithm System level: Symantec - DeepSight Theat Management System DShield.org - Internet Storm Center of the SANS MOMENT, LOBSTER - pan-european platform CarmentiS project of the German CERTs 31

Content Structure of the Internet Internet Situation Awareness Internet Analysis System (IAS) Global View Summary 32

Internet Situation Awareness Summary The internet is a critical infrastructure for our society. We need a trusted infrastructure (Internet) to protect our future. Analogical to natural disaster warning systems, like the Tsunami warning system, we need Continuous Situation Awareness and a Early Warning System for the Internet to be able to issue countermeasures before the actual threat strikes at us. If you can t measure it, you can t manage it! Let us start to measure the Internet together! 33

Internet Continuous Situation Awareness Thank you for your attention! Questions? Prof. Dr. Norbert Pohlmann Institute for Internet Security - if(is) University of Applied Sciences Gelsenkirchen http://www.internet-sicherheit.de

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback