150 likes | 276 Views
Cyberspace - A Global Battlespace?. Joel Ebrahimi Solutions Architect Bivio Networks, Inc. A Hacker’s Opportunity is Target Rich!. Joe Hacker. Enterprise Personal Credit Card Government Military secrets Nuclear Information Medical Records Criminal Records
E N D
Cyberspace - A Global Battlespace? Joel Ebrahimi Solutions Architect Bivio Networks, Inc.
A Hacker’s Opportunity is Target Rich! Joe Hacker • Enterprise • Personal • Credit Card • Government • Military secrets • Nuclear Information • Medical Records • Criminal Records • Classified Secrets and Information • Control of Physical Infrastructure • Power • Electrical • Water
Exploitation Evolution • While we look at the evolution trend, it should be noted that the less severe exploits have not gone away. They still exist today and have even increased in numbers. The problem is that we also have to deal with exploits that now affect our national security. Experimentation / Notoriety Hacktivism / Defacements Criminal Enterprise Espionage / Cyber Terrorism
Hacking Hotspots and Trends WESTERN EUROPE Cyber-activists with anti-global/anti-capitalism goals; some malicious code EASTERN EUROPE/RUSSIA Malicious code development; fraud and financial hacking CHINATargeting Japan, U.S., Taiwan and perceived allies of those countries; Falun Gong targeted also U.S. Multiple hacker/cyber-activist/hacktivist groups; random targets MIDDLE EASTPalestinian hackers target Israeli websites; some pro-Israel activity INDIA-PAKISTANWorldwide targets, Kashmir-related and Muslim-related defacements BRAZIL Multiple hacker groups, many mercenary; random targets
Its Real and Happening Now! Stuxnet Cyber Espionage DDOS attacks in Estonia Attacks on Booz Allen Hamilton Breach of defense contractor computers that let hackers get at information on the Joint Strike Fighter Power grid compromised Repeated attacks on .gov websites Real growing threat of cyber terrorism
The Threats • Malware • Worms • Trojans • Rootkits • Spyware • Remote of local exploitation • Botnets
A Transforming Network • Explosion in usage, applications, devices, protocols • Basic networking problems remain • Security • Information assurance • Cyber defense • Awareness • Control • Network role transition from connectivity to policy • Key Enabling Technology: Deep Packet Inspection
L2 L3 L4 L5 – L7 Ethernet InternetProtocol(IP) TransportLayer(TCP/UDP) • Email, IM • Web • File Transfer • Peer-to-Peer (P2P) • Viruses • Intrusions • Worms Deep Packet Inspection (DPI) • Set of technologies enabling fine-grained processing of network traffic • Common analogy: processing regular mail based on letter contents vs. address • Not a solution or an application!
Why DPI? • L3/4 analysis clearly not granular enough • Source/Destination often irrelevant • Most information is in the payload • Deeply embedded • Context dependent • Dynamic • Tunneling makes outer protocols/headers insufficient • Correlation between flows and payload often crucial • Threats are real-time and dynamic; response can’t be • DPI is real-time networking analog to off-line analysis • Dramatically shortens threat identification and response
The Right Technology • Scalability: variable throughput, computation • Performance: • Computational: full packet inspection • Network: wire-speed • Flexibility: software is king • Customization: each mission different • Adaptability: inherent in space • Active/Passive: monitoring and enforcement • Multi-function: parallel tasks • Standardization: Avoid proprietary environments • Rapid deployment
Protecting The Future • Infrastructure • Focus on high-compute/high-throughput • System design • Semiconductors • Keep pace with networking advances • 40Gb/s • 100Gb/s • Storage integration • Data Retention • Post-processing • Applications • Increased sophistication of protocol analysis • Increased cross-flow analysis • Information sharing between applications • Dynamic threat response
Summary • Threats are already here • Cyber Terrorism is real • The network is changing and growing • DPI technology underlies future networking • Core technology for National Security requirements • Challenges addressed in rapidly advancing market • Significant innovation into the future
Not just a presenter, this is what I do • Special purpose networking devices • 10Gb/s+ • High compute capacity • Throughput and compute scaling • Linux development environment • Multi-application support Thank You! Joel Ebrahimi jebrahimi@bivio.net Bivio Networks, Inc http://www.bivio.net