1 / 18

When Keyboards are drawn - Urban Information Warfare

www . . com. When Keyboards are drawn - Urban Information Warfare. Ofer Shezaf, Xiom February 2003. Definition. Information Warfare (my definition) “The use of digital technologies to damage the critical infrastructure of a state ” So, Damage – destruction, demolition, devastation.

suchi
Download Presentation

When Keyboards are drawn - Urban Information Warfare

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www..com When Keyboards are drawn - Urban Information Warfare Ofer Shezaf, Xiom February 2003

  2. Definition • Information Warfare (my definition) • “The use of digital technologies to damage the critical infrastructure of a state” • So, • Damage – destruction, demolition, devastation. • Critical infrastructure - no more Web sites breaking • State - no more photo sending “analyzers”. • But, yes, still digital technologies – but not too much. • And, yes, politics – but not today.

  3. Presentation Headlines How is information warfare different? Information Warfare Targets Attacker capabilities The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?

  4. Introduction to IW How is information warfare different from your every day Attack?

  5. Targets • Who? • Infrastructure Companies, including power, water and communication. • Financial institutions. • Government & Army. • What? • Destruction of equipments • Destruction of control systems • How? • Time bombs.

  6. Attacker Capabilities • Financial resources • Technical expertise • Intelligence • Legal flexibility Section: Introduction to IW

  7. Financial & Technical Resources • Hundreds, thousands… of man-years per project. • Duplication of any system at target. • Ability to actively seek vulnerabilities, especially in lesser known systems. • Usage of custom attack code per target. Security by obscurity is no longer an option

  8. Intelligence & legal issues • Human intelligence …. Spies • Best of bread “social engineering”: pay, blackmail, steal. • Operate spies to access internal systems. • Signal intelligence … Communication interception • A global sniffer: clear text password. • Intelligence about systems and topology. • Legal immunity to attacker. License to crack

  9. Presentation Headlines How is information warfare different? Attacker capabilities Information Warfare Targets The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?

  10. Exposures in Infrastructure Networks The common design of networks in infrastructure organization creates similar Vulnerabilities.

  11. Basic Network Topology Operational Networks External Networks Administrative Network

  12. Access to a large number of people Sockets in public offices 3 4 Business Partners ? 2 Internet 1 Cracking the administrative network Administrative Network

  13. Application Security Problem Direct connections to Operational network 4 5 Monitoring 3 Remote Signaling 2 6 Operations Design No Internal Security 1 Cracking the Operational network Operational Networks Admin. Network

  14. Presentation Headlines Introduction to information warfare Attacker capabilities Information Warfare Targets The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?

  15. Examples Is it all for real?

  16. Model Case Studies • Shutting down communication switches, thus preventing phone services. • Destroying power generators. • Derailing trains. • Exploding refineries and other chemical plants. • Crashing air-planes.

  17. Solutions So, What can I do to avoid such disasters?

  18. Solutions • Use layered security. • Deploy stronger intra-organization security mechanisms. • Strengthen complementary security mechanisms such as physical security and employees assurance. • Allocate independent security resources to operational networks. • Strive for world peace.

More Related