Done, your profile is created.Finish your profile by filling in the following fields
Forgot Password Earn Money,Free Notes
Password sent to your Email Id, Please Check your Mail
Updating Cart........ Please Wait........
Architectures and Technologies supporting Internet-related computer network operations
Architectures and Technologies supporting Internet-related computer network operations 18
June 2012 The views expressed in this presentation are those of the authors (CSFI
managers and Paul de Souza, CSFI founder) and do not reflect the official
policy or position of any US government agency, department, or service,
or any other entity operating under the authorities or statutes of the U.S.
government or any other government the U.S. does or does not
This presentation's facts, information, and data contained herein are
sourced from the public domain.
Logos, slogans, trademarks, service marks, pictures, images, or any other
form of intellectual property contained herein is protected from
duplication without proper and legal consent from the data owner(s) for
permission of use. The student will be introduced to the concept of “Cyberspace”
The course will introduce the student to the concepts,
architectures and technologies supporting Internetrelated
computer network operations.
This course covers computer network defense and attack
vectors that could be utilized by an adversary.
The student will expect to learn about DefenseInDepth
strategy and how this can be applied to computer network
defense by exploring real life and historical examples.
The student will also study the various layers that comprise the
DefenseInDepth strategy To increase understanding about the underlying concepts, architectures, and
technologies that enable computer network operations.
To increase understanding about computer network defense as it relates to
computer network operations from monitoring to analysis, detection and
To increase knowledge about computer network attacks in regards to
computer network operations.
To increase knowledge of the layered approach of DefenseInDepth based
on the principles of a solid information assurance posture.
To increase understanding in regards to information assurance as it pertains
to network attacks and network defense measures. What is “Cyberspace”
Cyberspace and computer network operations
Introduction to networking concepts, architectures and technologies supporting Internetrelated
computer network operations
Computer network operations and computer network defense
Various Layers/Elements of DID
Integrating Information Assurance into Environment
Summary and Sources
“Cyberspace. A consensual hallucination
experienced daily by billions of legitimate
operators, in every nation, by children being
taught mathematical concepts... A graphic
representation of data abstracted from banks
of every computer in the human system.
Unthinkable complexity. Lines of light ranged
in the nonspace of the mind, clusters and
constellations of data. Like city lights,
William Gibson, Neuromancer , 1984
Operations (i.e., computer network operations (CNO)) analogous to
operating in air or maritime domain
Cyberspace is “a global domain within the information environment whose
distinctive and unique character is framed by the use of electronics and the
electromagnetic spectrum to create, store, modify, exchange, and exploit
information via interdependent and interconnected networks using
Daniel T. Kuehl
“From Cyberspace to Cyberpower: Defining the Problem”
Cyberpower and National Security, NDU Press, 2009
Networks, including hardware software are militarily relevant their
counterparts in other domains: ships, vehicles, airplanes satellites
Cyberspace traverses the physical domains or land, sea, air, and
space through interconnected technological devices. Applications (Data)
Hub (Bit) Confidentiality
Availability Tier1: transitfree
network that peers w/
every other Tier1
Tier2: a network
that peers w/ some
purchases IP transit
or pays settlements to
reach some portion of
Tier3: a network
that solely purchases
transit form other
networks to reach the
CNA “Comprised of computer network attack,
computer network defense, and related
computer network exploitation enabling
operations.” “Actions taken through the use of computer
networks to disrupt, deny, degrade, or destroy
information resident in computers and computer
networks, or the computers and networks
Outside of the Scope of this Course “Enabling operations and intelligence collection
capabilities conducted through the use of
computer networks to gather data from target
or adversary automated information systems or
Outside of the Scope of this Course “Actions taken to
analyze, detect and
computer networks” Why Why Is a network/system a weapon
What are the ramifications of using nonlethal
systems in a way that could BE lethal “The sitting of mutually supporting defense
positions designed to absorb and progressively
weaken attack, prevent initial observations of
the whole position by the enemy, and to allow
the commander to maneuver the reserve”
Source: Department of Defense
Putting that idea into a cyber context... Three Core Components
Not the same as redundant elements
Having multiple firewalls does not provide DID
▪ Just like having a single firewall does not equate to CND
Each element in a DID strategy must compliment the other
elements Using more than one of the following layers constitutes
defense in depth.
Authentication and password security
Anti virus software
Firewalls (hardware or software)
DMZ (demilitarized zones)
CND Operations Staff
This is the most critical mission of
IA Evaluated products Proxy Servers
systems Authentication system
Access control systems Security policy Incident response
procedures Forensics capabilities
Business continuity Security training
Security as a culture
Continuity of Operations
X “DID can provide robust information assurance
properties; however, we must consider whether
layers of defense may result in delaying
potential compromise without providing any
guarantee that compromise will be completely
Networking and Information Technology Research
and Development (NITRD) Program “It is not accurate to say 'more depth equals
Robb Reck, CISSP, CRISC “Measures that protect and defend information and
information systems by ensuring their availability, integrity,
authentication, confidentiality, and nonrepudiation.”
Compare that to Computer Security
“The protection resulting from all measures to deny unauthorized
access and exploitation of friendly computer systems.”
Commonalities Why is CND considered critical but CNA is not
Is a security policy control fall into the people or
the operations category
What is the weakest link in the CND triad EndUser Data
Internet Grid WAN LAN
Environment Integrity Routers Copper
Servers Fiber Optic
Cables Fiber Optic
Hashing What different controls are in place between
routers in the LAN space versus the Grid space
How have open standards improved the security
of networks and systems
Which approach presents the best scenario for
Why Epsilon (2011)
Michael Calce (2000)
Titan Rain (2004)
"10 Most Costly Cyber Attacks in History Business Pundit."
Business Pundit. SeaWaves Technology, 15 Aug. 2011. Web. 26
Oct. 2011. http://www.businesspundit.com/10mostcostlycyber
attacksinhistory/. Data Breach of firm that provides marketing
and email handling for Fortune 500
companies MafiaBoy Designation by FBI for series of computer
intrusions for US Government/Defense
Industrial Base (DIB) systems Cellular Expansion
Industry drives cyberspace technology
We operate and defend on the same
platform(s) as the adversaries
Threat characterization and
attribution are challenging
Offense and defense have similar
Public, high profile adversary successes
will breed additional actors
Inexpensive, anonymous and
effective How could a solid DID foundation have
prevented each of these examples
Is it even possible to prevent them
General Discussion, e.g., Cyber Truisms To increase understanding about the underlying concepts,
architectures, and technologies that enable computer network
To increase understanding about computer network defense as it
relates to computer network operations from monitoring to
analysis, detection and response.
To increase knowledge about computer network attacks in
regards to computer network operations.
To increase knowledge of the layered approach of DefenseIn
Depth based on the principles of a solid information assurance
To increase understanding in regards to information assurance
as it pertains to network attacks and network defense measures. William Gibson, “Neuromancer”, Ace Science Fiction, 1984
Daniel T. Kuehl. “From Cyberspace to Cyberpower: Defining the Problem”Cyberpower and National
Security, NDU Press, 2009
“Tier 1 network." Wikipedia, the Free Encyclopedia. Web. 26 Mar 2012.
Batie, Robert B. "Requirements Analysis and Security Standards/Guidelines Criteria." Official (ICS2)
Guide to the CISSPISSAP Access Control Systems and Methodologies. Print.
"Cyberspace Operations." DTIC Online. Web. 30 Mar. 2011.
"Cyberwarfare." Wikipedia, the Free Encyclopedia. Web. 30 Mar. 2011.
Price, Sean. "Access Control Systems." Official (ICS2) Guide to the CISSPISSAP Access Control
Systems and Methodologies. Print.
Reck, Robb. "Defense in Depth Is Necessary, but Not Sufficient." InfoReck. Web. 30 Mar. 2011.
Covert, Edwin B. “GIAC Advance Incident Handling and Hacker Exploits Track Practical for Option 1 –
Illustrate an Incident”. Published for SANS certification. Print.
Powner, David A. "Cyber Analysis and Warning: DHS Faces Challenges in Establishing a
Comprehensive National Capability." U.S. Government Accountability Office. U.S. Government
Accountability Office, 31 July 2008. Web. 30 Mar. 2011. http://www.gao.gov/products/GAO08588. "Taxonomy of the Computer Security Incident Related Terminology." TERENA. Web. 20 Mar. 2011.
"Cyber Solutions." Global InfoTek, Inc. (GITI). Web. 30 Mar. 2011.
Forrest, Stephanie, Anil Somayaji, and David Ackley. "Building Diverse Computer Systems."