Download pptx - Malware Mimics for Network Security Assessment

Transcript
Page 1: Malware Mimics for Network Security Assessment

Malware Mimics for Network Security

AssessmentCDR Will Taff

LCDR Paul SalevskiMarch 7, 2011

Page 2: Malware Mimics for Network Security Assessment

• Motivation• Introduction• Vision• Proposal• What we did• Way Ahead

2

Agenda

Page 3: Malware Mimics for Network Security Assessment

3

Motivation

Page 4: Malware Mimics for Network Security Assessment

4

Motivation – In the Lab

Page 5: Malware Mimics for Network Security Assessment

• Currently, DoD relies on Red Teams (trusted adversaries) for Information Assurance (IA) testing and evaluation of military networks

• This approach is unsatisfactory:• Relies on constrained resource

(Red Teams)• Limited in scope of effects

(safety/risk to host network)• Non-uniform/inconsistent

applicationOR• Confined to laboratory setting

(not “Train Like Fight”)5

Introduction

Page 6: Malware Mimics for Network Security Assessment

Introduction - The Way the Navy Is

Internet

Global Informatio

n Grid (GIG)

Owned and

Operated by DISA

Network Operating Centers

SIPR

NIPRJWICS

CENTRIXS

Page 7: Malware Mimics for Network Security Assessment

• We propose the development of a distributed software system that can be used by either simulated adversaries (such as Red Team) or trusted agents (such as Blue Team) to create scenarios and conditions to which a network management/defense team will need to react and resolve.

7

Proposal

Page 8: Malware Mimics for Network Security Assessment

8

Vision

STEP SiteNorthwest, VAFt. Meade, MD

Norfolk, VAMM-Server

Global Information Grid (GIG)

Global Information Grid (GIG)

USS Arleigh BurkeMM-Clients

Page 9: Malware Mimics for Network Security Assessment

9

Malware Mimic

• Have the “trainer” sitting anywhere• Trainer remotely controls a network of

pre-installed software nodes on training network simulating network malware/mal-behaviors• Simulate virus• Simulate bots• Simulate Internet worms• Simulate malicious “hackers”

• “Trainee” reacts to simulated effects in same manner as actual threats

Page 10: Malware Mimics for Network Security Assessment

• Network nodes consist of Java software packages running on top of pre-existing and unmodified network hosts• No (unwanted) impact to users• No need for additional hardware

• Network nodes coordinate effects via Trainer controlled Command and Control Server• Local or Offsite

• Solves problem of “flying in” a red team

10

Architecture

Page 11: Malware Mimics for Network Security Assessment

11

Anatomy of an Attack

Page 12: Malware Mimics for Network Security Assessment

12

Anatomy of an Attack with MM’s

Page 13: Malware Mimics for Network Security Assessment

13

Architecture - Physical Layout

Page 14: Malware Mimics for Network Security Assessment

14

Virtual Layout

Page 15: Malware Mimics for Network Security Assessment

15

Results

Page 16: Malware Mimics for Network Security Assessment

• More Complex Network Architecture• More complex Malware Mimics• Focus on higher security• Installation and testing onto larger and

operational networks• Communication between MM-Clients

16

Way Ahead

Page 17: Malware Mimics for Network Security Assessment

Questions

CDR Will Taff – [email protected] Paul Salevski – [email protected]


Recommended

Smartphone Security Malware und Sicherheit für Android 1
Smartphone Security Malware und Sicherheit für Android 1 Documents
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure
I.G.N. Mantra - Mobile Security, Mobile Malware,and Countermeasure Technology
Lecture Computer Security Ports, Firewalls, Passwords, and Malware
Lecture Computer Security Ports, Firewalls, Passwords, and Malware Documents
Advanced Systems Security: Malware Detectiontrj1/cse544-s18/slides/cse544-malware.pdfSystems and Internet Infrastructure Security (SIIS) Laboratory Page Malware • Attack code supplied
Advanced Systems Security: Malware Detectiontrj1/cse544-s18/slides/cse544-malware.pdfSystems and Internet Infrastructure Security (SIIS) Laboratory Page Malware • Attack code supplied Documents
클라우드의환경의지속적변화 - CLOUDSEC · 2019-08-30 · Analysis Network Security Firewall Vulnerability Scanning Anti-Malware System Security Malware Prevention Application
클라우드의환경의지속적변화 - CLOUDSEC · 2019-08-30 · Analysis Network Security Firewall Vulnerability Scanning Anti-Malware System Security Malware Prevention Application Documents
A9 Mobile Security - · PDF file– Malware-Analyse – Forensics ... “Examining the recent Android malware”, ... “A Look at a Modern Mobile Security Model:
A9 Mobile Security - · PDF file– Malware-Analyse – Forensics ... “Examining the recent Android malware”, ... “A Look at a Modern Mobile Security Model: Documents
Network security threats – malware
Network security threats – malware Technology
Economics of malware: Security decisions, incentives and externalities
Economics of malware: Security decisions, incentives and externalities Documents
How Intel Security Defends Against Malware
How Intel Security Defends Against Malware Technology
Mobile security mobile malware countermeasure academic csirt
Mobile security mobile malware countermeasure academic csirt Education
White Paper: Mobile Malware and Enterprise Security
White Paper: Mobile Malware and Enterprise Security Mobile
Malware Security
Malware Security Documents
CSCE 790 Computer Systems Security Malware
CSCE 790 Computer Systems Security Malware Documents
Tools and techniques for cleaning malware incidents · Tools and techniques for cleaning malware incidents Martin Overton – IBM Security Services Malware/Anti-Malware SME, Forensics,
Tools and techniques for cleaning malware incidents · Tools and techniques for cleaning malware incidents Martin Overton – IBM Security Services Malware/Anti-Malware SME, Forensics, Documents
Introduction to Computer Security - Introduction to Malware€¦ · Introduction to Computer Security Introduction to Malware Pavel Laskov Wilhelm Schickard Institute for Computer
Introduction to Computer Security - Introduction to Malware€¦ · Introduction to Computer Security Introduction to Malware Pavel Laskov Wilhelm Schickard Institute for Computer Documents
Malware Mimics for Network Security Assessment CDR Will Taff LCDR Paul Salevski March 7, 2011 CDR Will Taff LCDR Paul Salevski March 7, 2011
Malware Mimics for Network Security Assessment CDR Will Taff LCDR Paul Salevski March 7, 2011 CDR Will Taff LCDR Paul Salevski March 7, 2011 Documents
DWP Security Standard – Malware Protection (SS-015) · Malware software will not necessarily have these in place by default). *When reviewing Anti-Malware software and Anti-Malware
DWP Security Standard – Malware Protection (SS-015) · Malware software will not necessarily have these in place by default). *When reviewing Anti-Malware software and Anti-Malware Documents
SMART HOME APPLIANCE and SECURITY AND MALWARE · smart home appliance security and malware oh 296 virus bulletin conference september 2014 smart home appliance security and malware
SMART HOME APPLIANCE and SECURITY AND MALWARE · smart home appliance security and malware oh 296 virus bulletin conference september 2014 smart home appliance security and malware Documents