Post on 20-Jan-2016
23 July 2003PM-ITTS
TSMO
Information Assessment Test Tool (IATT)Information Assessment Test Tool (IATT)
for IO/IWfor IO/IW
Briefing by:Briefing by:
Darrell L QuarlesDarrell L Quarles
Program DirectorProgram Director
U.S. Army Threat Systems Management OfficeU.S. Army Threat Systems Management Office
PEO STRIPEO STRI
256-876-9656 ext 268 (DSN: 746)256-876-9656 ext 268 (DSN: 746)
darrell.quarles@tsmo.redstone.army.mildarrell.quarles@tsmo.redstone.army.mil
UNCLASSIFIED
UNCLASSIFIED
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
NET 3 Conference & ExhibitionNET 3 Conference & Exhibition23 July 200323 July 2003
23 July 2003PM-ITTS
TSMO
Program Background
Program Description
OTIA Methodology
Concept of Operations
Capabilities
On-Going Development
Tool Configuration
Summary
AGENDAAGENDA
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
23 July 2003PM-ITTS
TSMO
BackgroundBackground
This program was developed to supply
Information Assurance Analysis to the
Intelligence Electronic Warfare Test
Directorate (IEWTD) of ATEC/OTC for
Operational Testing
UNCLASSIFIED
UNCLASSIFIED
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
23 July 2003PM-ITTS
TSMO
Program Background (Cont’d)Program Background (Cont’d)
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
Program was started in FY 01.
Task joins the capabilities of two Contractors: Dynetics and General Dynamics (GD)
Test Methodology, Threat Definition, and Scenario Development is provided by Dynetics
IATT development and IA threat integration by GD
23 July 2003PM-ITTS
TSMO
Program DescriptionProgram Description
A multi-step Operational Test Information Assurance (OTIA) Assessment Methodology
Identification and certification of the IA related DIA validated threat
A test tool that can perform penetration testing on the System under Operational test
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
This project consists of three tasks to aid in the Information Assurance Assessment:
23 July 2003PM-ITTS
TSMO
System IS/IA Analysis:
• System SSAA• Previous IS/IA Analysis• System Documentation -Topology -Information Flow
Vulnerability Analysis
IS/IA System Scan Conducted to:
•Verify IS/IA goals met• Identify additional Routes of Intrusion• Determine OS and Hardware/Software Configuration
Create an Internal &External Port Map
IS/IA System Penetration Test conducted to:
Stress System IS/IA (Penetration Tailored to System)
Penetrate and Mark
Penetration Analysis Conducted to determine if IS/IA
System:
• Identified penetration attacks•Stopped penetration attacks
Impact of Penetration on Mission
System IS/IA Risk/Impact Matrix:
• Identifies Operational risks of IS/IA Configuration• Confirms ISSA goals are met
Assessment of System IS/IA Status
15
2
4
3
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
OTIA MethodologyOTIA Methodology
23 July 2003PM-ITTS
TSMO
IATT Concept of OperationsIATT Concept of Operations
UNCLASSIFIED
UNCLASSIFIED
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
IATT is an easily transportable IA threat launch IA threat launch platform.platform.
IATT is to be populated with a DIA validated set of IA DIA validated set of IA ThreatsThreats that are specific to the target system/test Configuration.
IATT is to provide ATEC-OTC and test community the capability to measure the IA health of systems against actual IA threatsactual IA threats exercised in realistic scenariosrealistic scenarios.
23 July 2003PM-ITTS
TSMO
IATT CAPABILITIES IATT CAPABILITIES
UNCLASSIFIED
UNCLASSIFIED
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
Information Gathering- Stealthy and non-stealthy scanning of network assets to find a entry point vulnerability to exploit.
Network Monitoring - Passive tools to map the network, steal critical communications.Infiltration
- Gain access to a local/remote system by exploiting a vulnerability in COTS software.
Password Guessing/Cracking- Guess common passwords / break systems password files.
Nefarious Data Manipulation- Intercept/inject mission data transmissions on the network.
Denial of Service- Prevent communications through computer service disruption or elimination.
23 July 2003PM-ITTS
TSMO
ON-GOING DEVELOPMENTSON-GOING DEVELOPMENTS
UNCLASSIFIED
UNCLASSIFIED
C2IATT/NOVAC2IATT/NOVA- Automated scenario execution across multiple IATT units for complex tests.
Counter-Counter Measure DevelopmentCounter-Counter Measure Development- Provides a more realistic approach of attack scenarios.
Automated Decision AidesAutomated Decision Aides- Develop capabilities to enhance users decision making process.
Wireless IA CapabilityWireless IA Capability- Current information attack systems evaluate wired networks against random and intentional threats. The military requires a capability to test military wireless networks against the same types information attack threats. Knowing the susceptibility of military wireless networks to wireless information attack threats increases overall system security. Information assurance on all data links is essential to mission success, force protection, and information dominance.
23 July 2003PM-ITTS
TSMO
Live Test Configuration
Replicate Target Network in a Test Environment
IATT Hub
Firewall /Guard
SUT 1 SUT 2 SUT 3
23 July 2003PM-ITTS
TSMO
Mass Scan• Actively scans for
hosts on target network
• Determines Operating System & Port Information
23 July 2003PM-ITTS
TSMO
Passive Detection• Passively
detects hosts on target network
• Quantifies incoming and outgoing traffic
23 July 2003PM-ITTS
TSMO
Target Relationship Tool
• Identifies communication relationships between computers on the network
• Identifies data generators / receivers
23 July 2003PM-ITTS
TSMO
Demonstration Configuration• Singled out target on
the network
• The impact of neutralizing the right target is immeasurableIATT / Illuminate
RWS V6
Simulated
23 July 2003PM-ITTS
TSMO
System Operations – Information Panel
• Display results of scan for target
• Provides access to attacks for target
23 July 2003PM-ITTS
TSMO
System Operations – Snoop
• Collects network traffic in multiple protocols, ports, directions.
• Collects data to libcap files for review / analysis
23 July 2003PM-ITTS
TSMO
System Operations – Attack
• Conducts attack operations
• Standardized test configurations
• Attack status indicators
23 July 2003PM-ITTS
TSMO
Scan Reports
Network Reconnaissance logged for After Action Reviews (AAR)
23 July 2003PM-ITTS
TSMO
Target Reports
Every Activity Logged Against Every Target
23 July 2003PM-ITTS
TSMO
Attack Reports
Every Attack Characterized and Logged
23 July 2003PM-ITTS
TSMO
Threat Scenario RequirementsThreat Scenario Requirements
SUT 2 SUT 3
SUT 4 SUT 5
Illuminate
NOVA
FirewallRouter
RouterHub
Illuminate
Illuminate
SUT 1
Hub
Test / Scenario Conductor
Threat Execution
Threat Execution
Threat Execution
23 July 2003PM-ITTS
TSMO
SUMMARYSUMMARYThe methodology and tools being developed is laying the ground work and the essential tools necessary for the T&E community to properly assess the Information Assurance issues associated with our digitized forces.
Program foundation success for future development in IA.
Program is on schedule.
UNCLASSIFIED
UNCLASSSIFIED
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
23 July 2003PM-ITTS
TSMO
QUESTIONS?QUESTIONS?