1 / 17

Malware Mimics for Network Security Assessment

Malware Mimics for Network Security Assessment. CDR Will Taff LCDR Paul Salevski March 7, 2011. Agenda. Motivation Introduction Vision Proposal What we did Way Ahead. 2. Motivation. 3. Motivation – In the Lab. 4. Introduction.

lynda
Download Presentation

Malware Mimics for Network Security Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malware Mimics for Network Security Assessment • CDR Will Taff • LCDR Paul Salevski • March 7, 2011

  2. Agenda • Motivation • Introduction • Vision • Proposal • What we did • Way Ahead 2

  3. Motivation 3

  4. Motivation – In the Lab 4

  5. Introduction • Currently, DoD relies on Red Teams (trusted adversaries) for Information Assurance (IA) testing and evaluation of military networks • This approach is unsatisfactory: • Relies on constrained resource (Red Teams) • Limited in scope of effects (safety/risk to host network) • Non-uniform/inconsistent application OR • Confined to laboratory setting (not “Train Like Fight”) 5

  6. Introduction - The Way the Navy Is Internet Global Information Grid (GIG) Owned and Operated by DISA SIPR NIPR JWICS Network Operating Centers CENTRIXS

  7. Proposal • We propose the development of a distributed software system that can be used by either simulated adversaries (such as Red Team) or trusted agents (such as Blue Team) to create scenarios and conditions to which a network management/defense team will need to react and resolve. 7

  8. Vision STEP Site Northwest, VA Ft. Meade, MD USS Arleigh Burke MM-Clients Global Information Grid (GIG) Global Information Grid (GIG) Norfolk, VA MM-Server 8

  9. Malware Mimic • Have the “trainer” sitting anywhere • Trainer remotely controls a network of pre-installed software nodes on training network simulating network malware/mal-behaviors • Simulate virus • Simulate bots • Simulate Internet worms • Simulate malicious “hackers” • “Trainee” reacts to simulated effects in same manner as actual threats 9

  10. Architecture • Network nodes consist of Java software packages running on top of pre-existing and unmodified network hosts • No (unwanted) impact to users • No need for additional hardware • Network nodes coordinate effects via Trainer controlled Command and Control Server • Local or Offsite • Solves problem of “flying in” a red team 10

  11. Anatomy of an Attack 11

  12. Anatomy of an Attack with MM’s 12

  13. Architecture - Physical Layout 13

  14. Virtual Layout 14

  15. Results 15

  16. Way Ahead • More Complex Network Architecture • More complex Malware Mimics • Focus on higher security • Installation and testing onto larger and operational networks • Communication between MM-Clients 16

  17. Questions CDR Will Taff – wrtaff@nps.edu LCDR Paul Salevski – pmsalevs@nps.edu

More Related