1 / 36

USMA Information Warfare Analysis and Research (IWAR) Laboratory

Explore the USMA's Information Warfare Analysis and Research Laboratory, providing an isolated, realistic environment for studying offensive and defensive information operations. Learn about its structure, purpose, cost-saving measures, and legal constraints.

ctommy
Download Presentation

USMA Information Warfare Analysis and Research (IWAR) Laboratory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. USMA Information Warfare Analysis and Research (IWAR) Laboratory Presented to the 13th Annual Federal Information System Security Education Association (FISSEA) Conference • Lt. Colonel Daniel Ragsdale • Major Joseph Schafer

  2. Lab Organization CS485 Information Security Rules of Engagement Upcoming Events Challenges Conclusion IWAR Hall of Fame Purpose Background Issues Lab Design Goals Lab Overview Cost Saving and Cost Avoidance Techniques to Minimize Risk Legal Constraints Agenda

  3. Reasonable Questions • Ain’t this a cool time to be involved in Information Security? • Can/Should this type of lab be built in other Environments? • Can this be done on the cheap? • Can we trust our system administrators if we give them knowledge of hacker tools and hacker methods? • Will the construction of a security lab generate greater interest in security? To all, an emphatic Yes!!

  4. Purpose • The Information Warfare Analysis and Research (IWAR) Laboratory is an initiative of the USMA Information Technology and Operations Center (ITOC) • The purpose of the lab is to provide a realistic, but isolated, environment for research, analysis, and instruction on topics relevant to information warfare and information operations. • Infusion of security-relevant topic throughout the USMA curriculum

  5. Background Issues • Funded, in part by the DISC4, C2 Protect Directorate • IWAR Lab design is inspired by the Network Security Lab at Texas A&M University and the ISOLAB at UC Davis • Instruction focuses on both offensive and defensive information operations including (but not limited to): • Techniques that intruders use to exploit system vulnerabilities • Techniques to prevent, detect, respond to exploitation attempts

  6. Lab Design Goals • Realistic, Sophisticated Environment • Shared Resources • “Normal” Services • Targets inside and outside the local domain • Heterogeneous Systems • Varying levels of security • Easy System Rebuilds • Ghost Images • Full Tape Backups • Admin Server • Centralized Lab reconfiguration • Minimize vulnerability to local (USMA) and external attacks • Minimize likelihood of local and external disruption • Maximize Reuse and Minimize Expenditures

  7. Lab Overview • 40+ “systems” • 10 networking Components • 2 Firewalls • Various Intrusion Detection and Vulnerability Scanning Software • 8 Distinct Operating Systems and Versions • $270K Lab Facility

  8. Cost Saving and Cost Avoidance Expenditures $11,300 Cost Avoidance • “Rescued” Equipment $48,200 • “Repositioned” Equipment $96,900 • KVM Switch $6,000 • Virtual Machines $14,000 • Site Licenses $20,000 • GNU/Linux Software 0 • Loaned Equipment $70,000 Total Valuation $266,400

  9. Techniques to Mitigate Risk • Fully isolated, fully capable Network • Locked-Down Search Boxes provide safe access to global resources • Bare minimum services • Removable Storage • Write permission only on /tmp and Zip Drive • Netscape Only • Detailed and Remote Logging • Local and Remote Scanning • Cipher-locked Doors • Ethics and Legal Briefing

  10. Legal Constraints • Privacy Act of 1974 • Computer Fraud Waste and Abuse Act of 1987 • US Code Title 18 Sections 1030 Fraud and related activity in connection with computers • US Code Title 18 Sections 2701 Unlawful access to stored communications • US Code Title 18 Sections 2511 Interception and disclosure of wire, oral, or electronic communications prohibited • DoD Directive 5200.27 Acquisition of Information Concerning Persons and Organizations not Affiliated with the Department of Defense • Numerous Department of the Army Regulations

  11. Advantages of Isolated Network • We’re legal!! • Unlikely that activities in the lab affect others • Not a production environment • Supports study, analysis, and investigation of the security aspects of Hardware and Software • Supports controlled experimentation • Types of Software that cadets and faculty will use in the lab: Port Scanners, Trojan Horses, Root Kits, Network Sniffers, Password Crackers, Viruses Creators, Vulnerability Scanners, Integrity Checker, Encryption, Firewalls, Intrusion Detection, etc. • We’re legal!!

  12. Lab Organization • Black Systems (Attack) • Up to 20 Systems • Gray Systems (Research) • 3-5 Systems for Research and Instructor Use • Gold Systems (Targets) • 15-20 Systems • Potential Targets • Green Systems • 2-5 Army Battle Command Systems • For Security Analysis • Network Components • Various hubs, switches, and routers to simulate a sophisticated production environment

  13. Shared HP 5000 Printer Projector Search Systems Systems Hardware 400MHz AMD Processor 196MB RAM 3GB Hard drives Zip Drives Linux Software Red Hat 6.1 GNU Software Numerous Software Development Tools NT Software NT 4.0 (Service pack 6) MS Office 97, SR2 Outlook 98 GNAT Netscape Tcl/Tk Visual Studio RAPID Emacs MSDN TechNet Solaris Software (User accounts) Solaris 2.5/2.7 GNU Software Team Resources WAS SLIDE 23

  14. Black Components

  15. Search Systems

  16. Gold Systems I

  17. Gray Systems

  18. Gold Systems II

  19. Networking Components

  20. CS485 Information Security • 8 CS Faculty volunteered to assist with the instruction • 40 Lessons • Hands-on and technically-oriented • Guest Lecturers • Class Trip • Topic projects • Research Paper • Course Project (2-person teams)

  21. Typical Topic Class(es) • Duration: 1-4 lessons • Assigned Reading(s) • Active Learning Lecture(s) • Hands–on Exercise(s) • Topic Project

  22. Course Project • Conduct Offensive Information Operation Missions • Gain resources and secure data • No intentionally destructive actions • Employment of offensive information operations methodology • Identify countermeasures • Continuous web-based reporting using attack reports (SITREPs) • Final Report and Presentation

  23. 1998 USMA Graduate Comments (CS Major) “The Information Security course will also be an excellent [addition to the curriculum]. That is the one area I really wish I had a better knowledge of. I can usually get servers and applications set up, but when it comes to security, I’m not too sure about it.” “When I go toBosnia, I might see some security issues. It sounds like they will be handled by civilian contractors, but it sure would help to know how well they are doing their job.” 1LT Stephen Hamilton G-6, Battlefield Information Systems 123d Signal Battalion

  24. IWAR Rules of Engagement • Always remember, you are a representative of USCC, USMA and the US Army. Act accordingly. • You must not use any of techniques that you learn to commit unlawful or unethical acts • You are given specific authorization to access all of the nonpublic DoD-owned computer systems in the lab • Never attempt to connect any of the systems in the isolated IWAR lab network to the any other network, including the USMA network • Never hide the fact that you are a service member in the United States Army • Do not boast to others about your activities in the IWAR lab • Always remember -- you are a representative of USCC, USMA and the US Army. Act accordingly

  25. Course projects for initial Information Security class CS105, Introduction to Computing Science, Tech Tour 1200+ Cadets Early exposure to security relevant topics Demonstration Site for IEEE SMC Information Assurance Workshop in June 1999 Primary Lab for at least 2 IW Courses Ongoing research for: DISC4 C2 Protect Program PM for an Army Battle Control System (ABCS) Support for numerous other CS Courses, including: Operating Systems Computer Networks Computer Systems Artificial Intelligence Information Systems Design Upcoming Events Infusion of security relevant topics throughout the USMA curriculum

  26. Challenges • Heterogeneous nature of the lab increase the difficulty of: • Initial Lab Setup • Ongoing network and system administration • Important tradeoff consideration for all lab components: • Provide necessary functionality • Serve as a target • Demand for lab use might exceed lab capacity

  27. Reasonable Questions • Ain’t this a cool time to be involved in Information Security? • Can/Should this type of lab be built in other Environments? • Can this be done on the cheap? • Can we trust our system administrators if we give them knowledge of hacker tools and hacker methods? • Will the construction of a security lab generate greater interest in security? To all, an emphatic Yes!!

  28. Conclusion • We have achieved our initial goals • Research • Analysis • Instruction • Generating tremendous interest among cadets, faculty, and outside agencies • Provides a facility to evaluate and “test drive” software before putting it into a production environment • To the best of our knowledge, this is one of the best equipped information security labs for undergraduate-level instruction • Challenges ahead include: • System administration • Incorporation of new offensive and defensive techniques

  29. IWAR Hall of Fame • Mr. Gaylen Wong • LTC Curt Carver • MAJ Joseph Schafer • LTC David Nash • Dr. Tommy Wagner • Ms. Laura Heed • Ms. Karen Sullivan • Mr. Tim Spreer

  30. Backup SlidesNot for distribution

  31. Information Operations Stages Offense Defense • Intelligence Gathering • Conditions Establishment • Exploitation • Privilege Elevation • Denial of Service • Detection Avoidance • Consolidation • Prevention • Detection • Response • Recovery • Adaptation

More Related