Cyberspace - A Global Battlespace?
description
Transcript of Cyberspace - A Global Battlespace?
Cyberspace - A Global Battlespace?
Joel EbrahimiSolutions ArchitectBivio Networks, Inc.
©2010 Bivio Networks, Inc.
A Hacker’s Opportunity is Target Rich!
Enterprise– Personal – Credit Card
Government– Military secrets– Nuclear Information– Medical Records– Criminal Records– Classified Secrets and Information– Control of Physical Infrastructure
• Power• Electrical• Water
2
Joe Hacker
©2010 Bivio Networks, Inc.
Exploitation EvolutionWhile we look at the evolution trend, it should be noted that the less severe exploits have not gone away. They still exist today and have even increased in numbers. The problem is that we also have to deal with exploits that now affect our national security.
Experimentation / Notoriety
Hacktivism / Defacements
Criminal Enterprise
Espionage / Cyber Terrorism
©2010 Bivio Networks, Inc.
Hacking Hotspots and Trends
CHINATargeting Japan, U.S., Taiwan and perceived
allies of those countries; Falun Gong targeted also
INDIA-PAKISTANWorldwide targets,
Kashmir-related and Muslim-related defacements
MIDDLE EASTPalestinian hackers
target Israeli websites; some pro-Israel
activity
WESTERN EUROPE
Cyber-activists with
anti-global/anti-capitalism goals; some malicious
code
BRAZILMultiple hacker groups, many mercenary;
random targets
EASTERN EUROPE/RUSSIA
Malicious code development; fraud and
financial hacking
U.S.Multiple
hacker/cyber-activist/hacktivist groups; random
targets
©2010 Bivio Networks, Inc.
Is the threat real?
5
©2010 Bivio Networks, Inc.
Its Real and Happening Now!Stuxnet
Cyber Espionage
DDOS attacks in Estonia
Attacks on Booz Allen Hamilton
Breach of defense contractor computers that let hackers get at information on the Joint Strike Fighter
Power grid compromised
Repeated attacks on .gov websites
Real growing threat of cyber terrorism
6
©2010 Bivio Networks, Inc.
The Threats
Malware– Worms– Trojans– Rootkits– Spyware
Remote of local exploitation
Botnets
©2010 Bivio Networks, Inc.
A Transforming Network
Explosion in usage, applications, devices, protocolsBasic networking problems remain– Security– Information assurance– Cyber defense– Awareness– Control
Network role transition from connectivity to policyKey Enabling Technology: Deep Packet Inspection
©2010 Bivio Networks, Inc.
Deep Packet Inspection (DPI)
Set of technologies enabling fine-grained processing of network traffic
Common analogy: processing regular mail based on letter contents vs. address
Not a solution or an application!
L2 L3 L4 L5 – L7
EthernetInternetProtocol
(IP)
TransportLayer
(TCP/UDP)
• Email, IM• Web
• File Transfer• Peer-to-Peer (P2P)
• Viruses
• Intrusions
• Worms
©2010 Bivio Networks, Inc.
L3/4 analysis clearly not granular enough– Source/Destination often irrelevant
Most information is in the payload– Deeply embedded– Context dependent– Dynamic
Tunneling makes outer protocols/headers insufficient
Correlation between flows and payload often crucial
Threats are real-time and dynamic; response can’t be– DPI is real-time networking analog to off-line analysis– Dramatically shortens threat identification and response
Why DPI?
©2010 Bivio Networks, Inc.
The Right Technology
Scalability: variable throughput, computation
Performance: – Computational: full packet inspection– Network: wire-speed
Flexibility: software is king
Customization: each mission different
Adaptability: inherent in space
Active/Passive: monitoring and enforcement
Multi-function: parallel tasks
Standardization: Avoid proprietary environments
Rapid deployment
©2010 Bivio Networks, Inc.
Protecting The FutureInfrastructure– Focus on high-compute/high-throughput
• System design• Semiconductors
– Keep pace with networking advances• 40Gb/s • 100Gb/s
– Storage integration• Data Retention• Post-processing
Applications– Increased sophistication of protocol analysis– Increased cross-flow analysis– Information sharing between applications– Dynamic threat response
©2010 Bivio Networks, Inc.
SummaryThreats are already here
Cyber Terrorism is real
The network is changing and growing
DPI technology underlies future networking
Core technology for National Security requirements
Challenges addressed in rapidly advancing market
Significant innovation into the future
©2010 Bivio Networks, Inc.
Not just a presenter, this is what I do
Special purpose networking devices
10Gb/s+
High compute capacity
Throughput and compute scaling
Linux development environment
Multi-application support
Joel [email protected] Networks, Inchttp://www.bivio.net
Thank You!