Internet Drivers LicenseCSS411/BIS421 Computing Technology & Public PolicyMark KochanskiSpring 2010

IssuesProtection of InfrastructureProtection of Resources

◦Governments◦Industry◦Individuals

Protection of Intellectual PropertyIdentity TheftEnabling Criminal Investigation

MalwareMalicious Software

◦Viruses◦Worms◦Trojans◦Root Kits◦Spyware

Malware

US-CERT Incident CategoriesCAT 1: Unauthorized AccessCAT 2: Denial of Service (DoS)CAT 3: Malicious CodeCAT 4: Improper Usage (based on

Policy)CAT 5: Scans, Probes, or

Attempted AccessCAT 6: Under Investigation

US-CERT Reported Cyberspace Security Incidents by Category

Quarterly Trends FY09 Q1 (June 2009)

Quarterly Trends FY06 Q3 (June 2006)

US-CERT Reported Cyberspace Security Incidents

Quarterly Trends FY09 Q1 (June 2009)

Quarterly Trends FY07 Q4 (December 2007)

DDoS Attacks

DDoS Attacks (Last Two Years)http://www.shadowserver.org/wiki/pmwiki.php/Stats/DDoSCharts

Infection RatesCode Red

◦150,000 computers in 14 hoursNIMDA

◦Nationwide in 1 hour

Example: Spread of the Witty Worm

Figure 2: The exponential spread of the Witty worm. The number of active machines in five minutes (green line) stabilized after 45 minutes, indicating that almost all of the vulnerable machines had been compromised. After that point, dynamic addressing (e.g. DHCP) caused the cumulative IP address total (the red line) to continue to rise. We estimate the total number of hosts infected by the Witty worm to be 12,000 hosts at most.

Shannon, Colleen and David Moore. “The Spread of the Witty Worm”, CAIDA, 2008.

http://www.caida.org/research/security/witty/

Uses of BotnetsDistributed Denial of Service

AttacksSpammingSniffing TrafficKeyloggingSpreading New MalwareLeveraging AdvertisingManipulating Polls and GamesMass Identity Theft

Spam by Botnet Type

Example: Rustock

Botnet StatisticsSeptember 2006: Botnets capable of

generating10-20Gbps of junk dataDavos 2007: Up to 25% (150 million

hosts) may be participants in a botnetLast two year trends [ShadowServer]

Hosts on the Internet

Quality of Software

1996

1997

1998

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

*0

2,000

4,000

6,000

8,000

Total Vulnerabilities Catalogued (US CERT)

US CERT [http://www.cert.org/stats/] Through Q3 2008

Zero AV Detection

IPV4 Network Routing

http://www.eventhelix.com/realtimemantra/networking/ip_routing.htm

IPV4 Packet Fields

IPV4 Infrastructure

RIPE NCC (January 2010)http://www.ripe.net/is/hostcount/stats/all/2010-01

National PolicyNational Strategy to Secure Cyberspace,

2003◦Public-private engagement through DHS◦Federal Priorities

I. A National Cyberspace Security Response SystemII. A National Cyberspace Security Threat and

Vulnerability Reduction ProgramIII. A National Cyberspace Security Awareness and

Training ProgramIV. Securing Governments’ CyberspaceV. National Security and International

Federal Information Security Management Act, 2002 (FISMA)

National Strategy to Secure Cyberspace, 2003. p. 9

Guiding PrinciplesA national effect

Use government to facilitate / communicate

Protect privacy and civil libertiesRegulations and market forces

Leverage market forcesAccountability and responsibilityEnsure flexibilityMultiyear planning

Government InvolvementII. A National Cyberspace Security Threat

and Vulnerability Reduction ProgramInclude efforts to◦ Identify and remediate existing

vulnerabilities◦Develop systems with fewer vulnerabilitiesWith goals and objectives including◦Securing mechanisms of the internet◦ Improving the security and resilience of key

internet protocols◦Promoting improved internet routing◦ Improve management (of the internet)

DHS NIPP-Cyber Security(National Infrastructure Protection Plan)Industry-specific partnership: IT Sector

◦IT SCCSector Coordinating Council

◦IT GCCGovernment Coordinating Council

◦IT ISACInformation Sharing and Analysis Center

◦US-CERTU.S. Computer Emergency Readiness Team

Security Industry

53.60%

18.80%

13.80%

13.80%

2005 Anti-Virus Industry

SymantecMcAfeeTrend MicroOther

2005: $4 billion with 13.6% Growth (Gartner)