Network Security Traceback Attack and React in the United States Department of Defense Network
()
About this ebook
Related to Network Security Traceback Attack and React in the United States Department of Defense Network
Related ebooks
Certified Ethical Hacker (CEH) Preparation Guide: Lesson-Based Review of Ethical Hacking and Penetration Testing Rating: 5 out of 5 stars5/5Seven Deadliest Web Application Attacks Rating: 0 out of 5 stars0 ratingsMobile Malware Attacks and Defense Rating: 5 out of 5 stars5/5Web Application Vulnerabilities: Detect, Exploit, Prevent Rating: 0 out of 5 stars0 ratingsDesigning and Building Security Operations Center Rating: 3 out of 5 stars3/5Managing Information Security Rating: 0 out of 5 stars0 ratingsHow to Cheat at VoIP Security Rating: 0 out of 5 stars0 ratingsNmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsGIAC Certified Penetration Tester The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection and Prevention Toolkit Rating: 5 out of 5 stars5/5Burp Suite A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsJob Reconnaissance: Using Hacking Skills to Win the Job Hunt Game Rating: 5 out of 5 stars5/5Intrusion Prevention and Active Response: Deploying Network and Host IPS Rating: 3 out of 5 stars3/5Wireless Operational Security Rating: 0 out of 5 stars0 ratingsWireless Reconnaissance in Penetration Testing Rating: 0 out of 5 stars0 ratingsNetwork Designs A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMalware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware Rating: 0 out of 5 stars0 ratingsStealing The Network: How to Own the Box Rating: 4 out of 5 stars4/5Offensive Security A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPenetration Testing A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsXSS Attacks: Cross Site Scripting Exploits and Defense Rating: 3 out of 5 stars3/5Nmap A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsPrivate Investigator A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCybercrime Case Presentation: An Excerpt from Placing The Suspect Behind The Keyboard Rating: 0 out of 5 stars0 ratingsKali Linux 2 – Assuring Security by Penetration Testing - Third Edition Rating: 0 out of 5 stars0 ratingsIntrusion Detection Systems A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsDeveloper's Guide to Web Application Security Rating: 3 out of 5 stars3/5Nmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsTesting intrusion detection Third Edition Rating: 0 out of 5 stars0 ratings
Technology & Engineering For You
The Art of War Rating: 4 out of 5 stars4/5The 48 Laws of Power in Practice: The 3 Most Powerful Laws & The 4 Indispensable Power Principles Rating: 5 out of 5 stars5/5A Night to Remember: The Sinking of the Titanic Rating: 4 out of 5 stars4/5The Systems Thinker: Essential Thinking Skills For Solving Problems, Managing Chaos, Rating: 4 out of 5 stars4/5Ultralearning: Master Hard Skills, Outsmart the Competition, and Accelerate Your Career Rating: 4 out of 5 stars4/5Death in Mud Lick: A Coal Country Fight against the Drug Companies That Delivered the Opioid Epidemic Rating: 4 out of 5 stars4/5Vanderbilt: The Rise and Fall of an American Dynasty Rating: 4 out of 5 stars4/5The Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5The Art of War Rating: 4 out of 5 stars4/5Longitude: The True Story of a Lone Genius Who Solved the Greatest Scientific Problem of His Time Rating: 4 out of 5 stars4/5The Big Book of Hacks: 264 Amazing DIY Tech Projects Rating: 4 out of 5 stars4/5The Big Book of Maker Skills: Tools & Techniques for Building Great Tech Projects Rating: 4 out of 5 stars4/5The Right Stuff Rating: 4 out of 5 stars4/5No Nonsense Technician Class License Study Guide: for Tests Given Between July 2018 and June 2022 Rating: 5 out of 5 stars5/580/20 Principle: The Secret to Working Less and Making More Rating: 5 out of 5 stars5/5The CIA Lockpicking Manual Rating: 5 out of 5 stars5/5Summary of Nicolas Cole's The Art and Business of Online Writing Rating: 4 out of 5 stars4/5How to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsThe Fast Track to Your Technician Class Ham Radio License: For Exams July 1, 2022 - June 30, 2026 Rating: 5 out of 5 stars5/5A History of the American People Rating: 4 out of 5 stars4/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsLogic Pro X For Dummies Rating: 0 out of 5 stars0 ratingsPilot's Handbook of Aeronautical Knowledge (Federal Aviation Administration) Rating: 4 out of 5 stars4/5Understanding Media: The Extensions of Man Rating: 4 out of 5 stars4/5Smart Phone Dumb Phone: Free Yourself from Digital Addiction Rating: 0 out of 5 stars0 ratingsOn War: With linked Table of Contents Rating: 4 out of 5 stars4/5
Reviews for Network Security Traceback Attack and React in the United States Department of Defense Network
0 ratings0 reviews
Book preview
Network Security Traceback Attack and React in the United States Department of Defense Network - Edmond K. Machie
NETWORK SECURITY TRACEBACK ATTACK AND REACT IN THE
UNITED STATES DEPARTMENT OF DEFENSE NETWORK
EDMOND K. MACHIE
Order this book online at www.trafford.com
or email orders@trafford.com
Most Trafford titles are also available at major online book retailers.
©
Copyright 2013 EDMOND K. MACHIE.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the written prior permission of the author.
ISBN: 978-1-4669-8573-5 (sc)
ISBN: 978-1-4669-8575-9 (hc)
ISBN: 978-1-4669-8574-2 (e)
Library of Congress Control Number: 2013905670
Trafford rev. 03/25/2013
7-Copyright-Trafford_Logo.ai www.trafford.com
North America & international
toll-free: 1 888 232 4444 (USA & Canada)
phone: 250 383 6864 ♦ fax: 812 355 4082
CONTENTS
Dedication
Introduction
PART ONE NETWORK SECURITY
CHAPTER I: NETWORK ATTACK TRACEBACK
I. INTRODUCTION
II. ATTACK TRACEBACK IN A NETWORK ATTACK
III. DENIAL OF SERVICES IN THE NETWORK ATTACK—(DoS)
IV. NETWORK FORENSICS
V. INTRUSION DETECTION SYSTEMS (IDS)
VI. CONCLUSION
CHAPTER II: SECURITY ARCHITECTURE AND ANALYSIS
I. INTRODUCTION
II. INTRUSION DETECTION SYSTEM v INTRUSION PREVENTION SYSTEM
III. NETWORK MODULE FOR CISCO ACCESS ROUTERS
IV. INTRUSION DETECTION SYSTEM INTEGRATED INTO THE ROUTER USING CISCO INTRUSION PREVENTION SYSTEM (IPS) SENSOR
V. CONCLUSION
CHAPTER III: CISCO INTRUSION DETECTION SYSTEM (IDS) NETWORK MODULE FOR CISCO ACCESS ROUTERS-INTERGRATES TRADITIONAL INTRUSION DETECTION INTO THE ROUTER USING CISCO INTRUSION PREVENTION SYSTEM (IPS) SENSOR
I. INTRODUCTION
II. INTRUSION DETECTION SYSTEM v INTRUSION PREVENTION SYSTEM
III. NETWORK MODULE FOR CISCO ACCESS ROUTERS
IV. INTRUSION DETECTION SYSTEM INTEGRATED INTO THE ROUTER USING CISCO INTRUSION PREVENTION SYSTEM (IPS) SENSOR
V. CONCLUSION
PART TWO NETWORK VULNERABILITY ASSESSMENT
CHAPTER IV: NETWORK VULNERABILITY ASSESSMENT NETWORK SECURITY THREAT AND VULNERABILITIES
I. INTRODUCTION
II. ATTACK TRACEBACK IN A NETWORK ATTACK
III. DENIAL OF SERVICES IN THE NETWORK ATTACK—(DoS)
IV. NETWORK FORENSIC
V. CONCLUSION
CHAPTER V: DISTRIBUTED DENIAL OF SERVICE DETECT AND REACT IN THE UNITED STATES DEPARTMENT OF DEFENSE NETWORK
I. INTRODUCTION
II. DATABASE SECURITY BEST PRACTICES
III. DATABASE SERVER SECURITY LAYERS
IV. DATABASE—LEVEL SECURITY
V. OTHER DATABASE OBJECTS FOR SECURITY
VI. APPLICATION LEVEL SECURITY
VII. SUPPORTING INTERNET APPLICATIONS
VIII. FORENSICS ANALYSIS OVER DATABASES
IX. DATA MINING USAGE AS ATTACKING
X. DEFENSIVE TOOLS IN COMPUTER AND NETWORK SECURITY
XI. CONCLUSION
PART THREE SOFTWARE SECURITY AND WIRELESS NETWORKS
CHAPTER VI: LIGHTWEIGHT MIDDLEWARE ENVIRONMENT FOR AD-HOC WIRELESS NETWORKS
CHAPTER VII: AUDITING SOFTWARE AND TOOLS—ARCHITECTURAL AND SOURCE-LEVEL
I. INTRODUCTION
II. AUDITING SOFTWARE AND TOOLS
III. AUDITING SOFTWARE CATEGORY
IV. SOFTWARE ARCHITECTURE AND SOURCE-LEVEL
V. SOFTWARE SENTINEL ANTI-TAMPER TECHNIQUE
VI. CONCLUSION
PART FOUR INFORMATION SYSTEM FOR MANAGERS—LEGAL AND ETHICAL MANAGEMENT IN INFORMATION SECURITY
CHAPTER VIII: CYBERSECURITY AND THE TRUST ISSUES
IN THE ONLINE TRANSACTION
CHAPTER IX: THE SARBANES-OXLEY ACT of 2002—LITERATURE REVIEW
I. INTRODUCTION
II. LITERATURE REVIEW
III. COMPARISON AND CONTRAST OF CURRENT LITERATURE
IV. CONCLUSION
CHAPTER X: THE SARBANES-OXLEY ACT of 2002—SECTION 404: MANAGEMENT ASSESSMENT OF THE INTERNAL CONTROL OF ALL PUBLICLY-TRADE COMPANIES
I. INTRODUCTION
II. DESCRIPTION OF LEGAL OR ETHICAL ISSUES TO BE ADDRESSED
III. ANALYSIS OF THE SARBANES-OXLEY ACT OF 2002
III. REVIEW OF RESEARCH ON DATA PROTECTION LAW AND LEGISLATION WITHIN EUROPE AND IN THE UNITED STATES
IV. ETHICS AND COMPLIANCE WITH LAWS
V. CONCLUSIONS AND RECOMMENDATION
CHAPTER XI: SARBANES-OXLEY ACT of 2002
I. INTRODUCTION
II. INFORMATION SECURITY PROGRAM
III. APPLICABILITY OF SARBANES-OXLEY
IV. CONCLUSION
CHAPTER XII: DATA PROTECTION LAW AND
LEGISLATION IN THE UNITED STATES
AND THE EUROPEAN UNION
I. INTRODUCTION AND DESCRIPTION OF REGULATORY ENVIRONMENT
II. DESCRIPTION OF LEGAL OR ETHICAL ISSUE TO BE ADDRESSED
III. REVIEW OF CURRENT RESEARCH
IV. CONCLUSIONS AND RECOMMENDATIONS
CHAPTER XIII: INFORMATION ASSURANCE POLICY PLANNING & ANALYSIS
I. STEPS REQUIRED TO INTRODUCE THE E-MAC POLICY
II. TRAINING REQUIRED AND THE DELIVERY PLAN
III. PROCESS FOR RECORDING ACKNOWLEDGEMENT
IV. HOW THE POLICY WILL BE MONITORED AND ENFORCED
V. MAJOR TASKS ASSOCIATED WITH THE E-MAC POLICY IMPLEMENTATION
VI. TIMELINE FOR POLICY IMPLEMENTATION
VII. PROCESS FOR ENFORCEMENT AND PERIODIC REVIEW
PART FIVE SECURITY FORENSICS
CHAPTER XIV: COMPANIES SPECIALIZING IN COMPUTER FORENSICS SUMMARY REPORT
I. INTRODUCTION
Advanced Surveillance Group, Inc. (ASG)
DriveCrash.com
Forensic Computer Service (FSC)
II. Conclusion
CHAPTER XV: AFFIDAVIT CRITIQUE—REVIEW OF THE HANSSEN AFFIDAVIT—CRITIQUE OF
ITS CONTENT AS IT PERTAINS TO
COMPUTER EVIDENCE
I. INTRODUCTION
II. SUMMARY PRESENTATION AND CRITIQUE OF AFFIDAVIT
III. FORENSIC EVIDENCE
IV. THE SEARCH AND SEIZE WARRANT FOR FAMILY OR RELATIVE PROPERTY
V. CONCLUSION
PART SIX GUIDING PRINCIPLES OF SECURITY OF WEB APPLICATION AND SAMPLES TEST QUESTIONS AND ANSWERS
CHAPTER XVI: GUIDING PRINCIPLES OF SECURITY
OF WEB APPLICATION
1. Practice Defense-In-Depth
2. Secure the Weakest Link
3. Fail Securely
4. Follow the Principle of Least Privilege
5. Compartmentalize
6. Keep It Simple
7. Promote Privacy
8. Hiding Secrets is Hard
9. Be Reluctant to Trust
10. Use Your Community Resources
CHAPTER XVII: SAMPLE TEST QUESTIONS AND ANSWERS
1. Initial review
2. Definition phase: Threat modeling
3. Design phase: Design review
4. Development phase: Code review
5. Deployment phase: Risk assessment
6. Risk mitigation
7. Benchmark
8. Maintenance phase: Maintain
DEDICATION
In Memory of my mother, Kameni Francisca-Edmond
My uncle, Doctor Jean-Bosco Tchiemessom
My grandfather, Edmond Kameni
INTRODUCTION
Network Security and how to traceback, attack and react to network vulnerability and threats. Concentration on traceback techniques for attacks launched with single packets involving encrypted payloads, chaff and other obfuscation techniques. Due to the development of various tools and techniques to increase the source of network attacks, our interest will include network forensics, with the goal of identifying the specific host which launched the attack and cause denial of services (DoS). Also we will include tracing an attack that would compromise the confidentiality and integrity of information on the Intelligence Community (IC) network, which includes the NIPRNET, SIPRNET, JWICS, and IC enclaves. Deliverables will be technical reports, software, demonstrations, and results of experiments, which will provide evidence and metrics.
The emergence of hybrid worm attacks utilizing multiple exploits to breach security infrastructures has forced enterprises to look into solutions that can defend their critical assets against constantly shifting threats.
The Intrusion Detection System (IDS) has been used as the traditional security solution. This includes such things as firewalls and anti-virus software, as they are necessary to identify and prevent many attacks that have plagued the network. Unfortunately, IDS has been insufficient in addressing the new generation of networks propagating malware or targeted DoS attacks.
An Intrusion Prevention System (IPS), like an IDS, was designed to detect malicious activities running on a host or hiding in normal network traffic. But rather than simply raising an alert, an IPS is intended to block the intrusion before it has a chance to inflict any damage similar to a firewall. Where Cisco’s purpose-built IPS appliances and IDS/IPS expansion card for its Catalyst 6500 switches, the newer networking products running IOS are now capable of providing in-line intrusion prevention. Studies have found that Cisco has embedded a limited, but effective, amount of IPS functionality in its routers and firewalls, as the IOS IPS provides an additional layer of protection.
Network security issues, including network vulnerability and threats, consider as an attack treaceback, Trace-back attack to a network with the goal of identifying the specific host, which launched the attack.
Auditing software and tools, at the architectural and source level, will try to apply this by investigating and improving software sentinel anti-tamper (AT) technique using secure inter-process communications for the U.S. Department of Army. According to this department, software sentinel(s) (or software agents) monitor system timing, the contents of computer files and binaries to verify the integrity of the software and the sentinels. Thus, multiple software sentinels are being used to make defeating the software protection more difficult. Furthermore, The Department of Defense, in SBIR topic, supports that the software sentinel’s protection mechanism is the ability to communicate between sentinels to monitor and verify the integrity of the sentinels. The goal is to allow all the software sentinels to communicate with each other through a single shared memory variable concurrently (simultaneously). Review has included evaluation of audit software and tools, including auditing software at the architectural and source level.
Edmond K. Machie
PART ONE
NETWORK SECURITY
CHAPTER I
NETWORK ATTACK TRACEBACK
I. INTRODUCTION
While increasing in number, sophistication, and severity, the network attacks on governmental, business, academic, and critical infrastructure networks need immediate attention. In this research, prevention, detection and reaction are the truism of the network security vulnerability and assessment. Variable aspects or processes are addressed with regard to attacks. Investigated attacks include, data collection, which refers to the collection of data from multiple operating systems. Vatis states that, Investigators also need tools to automate the collection of data files from multiple operating systems in the victims’ network or the network being attacked.
¹
II. ATTACK TRACEBACK IN A NETWORK ATTACK
The UNIX System is more complex than Windows, and is necessary for the digital evidence examiner. Usually UNIX is configured to print, log, and store user data (e.g. files, e-mail, passwords) on remote location systems.
One of the options to trace back the attack in the network is Mapping Network Topology. This provides a solution to automate the process of developing the map of the network quickly and accurately. It maps the victim’s network during the preliminary stage of a network-attack traceback to assess the extent of the attack.
What follows are the specific network attack data recovery tools to automate the digital evidence recovery process; capturing resident memory data is also part of network attack traceback, as well as analyzing excessively large media storage devices.
Michael A. Vatis described Log Analysis and Reporting as automated log file analysis and developing graphical reporting. Furthermore, he defined Log Compilation as recognizing and importing preliminary investigation data, recognizing and importing logs across a network, reconstructing altered or damaged logs, placing log data into an organized timeline, organize output to a common and portable format. Thus, Vitas presents IP Tracing and Real-Time Interception as critical for tracking cyber attackers. According to the reporting, the distributed denial of service attacks or (DDoS) origin and location of the attacker remain hidden. Non-technical issues such as underemployed technologies to counter attacks utilizing spoofing and lack of record keeping by Internet Service Providers (ISP) hamper the tracing of IP addresses. The real-time interception of digital data is a use of specialized forensic solutions for retrieving, storing, and analyzing very large media storage devices compromised by network attacks.
The other important point is that data collection from multiple operating systems is demonstrated because of computers’ usage of several different operating systems to perform different tasks. Data collections from several computers are relevant to understand how a network was compromised. It happens that Windows operating systems dominated their caseloads in the use of the types of operating systems encountered in the traceback attack. UNIX and Linux operating systems were encountered less frequently. Mac OS (through version 9) and Mac OSX were seen the least during the last three years, but still on occasion by some investigators. Solutions that can automate the collection of data from multiple operating systems are still needed, as well as solutions to identify and report system configurations and file locations.
There is a need of tools that will help analyze the attack data across multiple platforms, regardless of the platform that the investigator is working on. After data collection, this tool will reduce time and focus on analysis rather than collection.
III. DENIAL OF SERVICES IN THE NETWORK ATTACK—(DOS)
Symantec Security Response supports the thought that Denial of Service (DoS) attack is not a virus, but a method hackers use to prevent or deny legitimate users access to a computer. In order to traceback an attack in the network better, we should know how the attack occurred. In so doing, Symantec Security Response indicates that DoS attacks are some type of execution using DoS tools that send many request packets to a targeted Internet server (usually Web, FTP, or Mail server), which floods the server’s resources,