1 / 60

Information Warfare Tactics

Review. Global Information Infrastructure Data NetworkWhat is ProtocolVoice NetworkCable NetworkInternet Benefits and Threats. Content. What is battlefield?Information Age BattlefieldInformation Warfare Tactics Process. Where is the battlefield?. In the agricultural age, battles were fought largely on land and sea.In agrarian societies, battlefields were largely limited to small areas at the front lines or specific targets such as port cities.In the industrial age, the enemy targeted i9459

salena
Download Presentation

Information Warfare Tactics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    4. Where is the battlefield? In the agricultural age, battles were fought largely on land and sea. In agrarian societies, battlefields were largely limited to small areas at the front lines or specific targets such as port cities. In the industrial age, the enemy targeted infrastructure, war making capabilities, and large cities. In the information age, the battlefield is in some sense everywhere, but in another sense, more focused.

    16. SYN Floods (DoS) The SYN command initiates a network connection. The SYN request is acknowledged and then the client acknowledges receipt of the acknowledgement (3 way handshake). TCP only supports a limited number of SYN requests. If too many fraudulent requests are sent, subsequent (and perhaps legitimate) requests are discarded.

    17. Spoofing Spoofing usually involves modifying packet headers so that it appears messages are coming from a trusted source. This can be one way to gain access to a system without account name or password and bypass a firewall. Can be used in “man in the middle” attacks. This is where a hacker sniffs a network connection and spoofs the IP address of one the end points and/or substitute his/her own encryption key

    20. HTTP Commands GET POST HEAD asks server to leave requested object out of response PUT uploads file in entity body to path specified in URL field DELETE deletes file specified in the URL field

    21. Accessing HTTP server without a Browser Telnet to mason Web server telnet www.gmu.edu 80 Opens TCP connection to port 80 Type in a GET command to request the class website GET /~msherif/IT353/fall03/it353.html Look at response message sent by HTTP server!

    22. Forged Email Compromised accounts Some mail systems will allow you to set the outgoing email address Forge email headers (What is SMTP)

    23. Accessing SMTP server The following syntax allow you to send email without using email client (reader) telnet server name 25 see 220 reply from server enter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands

    25. TEMPEST Transient Electromagnetic Pulse Surveillance Standard (acronym definition varies). Computer systems emit electromagnetic radiation that can be detected and recorded by van Eck receptors (named after a Dutch scientist who wrote a landmark paper on the subject.) TEMPEST technology is used to shield equipment and facilities to prevent such eavesdropping.

    28. Social Engineering The term is thought to have been first used in Nazi Germany to describe means of controlling an entire population. The term has been used in recent decades to describe using some form of non-technical deception or impersonation to violate security. Social Engineering is a widely used hacker tool. Examples Student who send messages to AOL subscribers telling him that he was the SysAdmin and asking to verify their password and credit card numbers. (“Phishing”)

    34. Steganography You can replace information in an image, which can be extracted with a key. You can add information to a file. Applications Digital Watermarking Secret Communication Steganography Tools: wbStego (html, pdf, text and bitmap files) MP3Stego StegFS (Linux) Snow (uses white space at the end of lines) DetectionTools: Steganography Detection and Removal Toolkit (S-DART, USAF Research Lab) Stegdetect

    35. Digital Watermarking Digital Watermarks are used to identify ownership. For example, a graphic designer may hide a watermark in his/her graphics so that s/he can display them on the Internet without being afraid that they will be ripped off. (Or, if they are, s/he can sue for damages.) Webcrawlers can be used to find infringements online. Click on this link below to view this example Illustration

    36. Honey Pots and Honey Nets A sort of false front end to your network that lures hackers into trying their tricks. (The real network is secured behind a firewall.) The Honey Pot (or Honey Net) detects and logs the illegal activity Unfortunately, there are still many legal issues with this technology. The Honey Pot has to be clever enough so that the hacker doesn’t become suspicious.

    38. Disinformation Disinformation is the dissemination of false information in an attempt to mislead. Sometimes the information is hidden in such a way that it is likely to be found, thus making it look credible. In WWII, the British tricked the Germans into moving their forces by planting false documents on the body of a dead soldier. During the recent war against Iraq, the Iraqi Information Minister repeatedly denied coalition victories. The US gave starkly different reports.

    39. Disinformation (Cont.) While wartime propaganda is nothing new think about the level of trust one puts in: Hearsay Newspaper articles Radio reports TV reports Internet reports Which are you inclined to trust the most?

    41. Fabrication Fabrication can be used as a tactic in Economic warfare One could spread false rumors about disease outbreaks, false economic reports, false stories about assassinations or other events of national importance. In recent months, there have been numerous reports of false news stories. With a large scale organization and sufficient funds, one could probably subvert a number of reporters. Digital pictures, movies, and recordings can be edited to distort factual occurrences. False rumors could be used to discredit a political figure.

    55. Criminal Criminals are those that violate the law of society, and use hoaxes to gain sympathy and money Nigerian Scam Kidneys removed Little Jessica dying of Cancer For entertaining read urban legends, by visiting: http://urbanlegends.about.com/

    57. Simula War We have said that in modern information warfare, destroying the enemy army is not necessarily an objective. Some have taken this notion to the next level and have suggested that if the objective is to take control of power and infrastructure, then why fight a real battle at all? Why not simply run a simulation and agree to abide by the outcome? Wouldn’t this be more civilized? (See Star Trek OS Episode 23, A Taste of Armageddon.) If you could prove to the enemy that it would lose, wouldn’t it make more sense not to fight at all?

    58. War Gaming and Simulations Whatever you conclude about Simula War, certainly computer systems play an enormous role in preparing for engagement, training soldiers to use equipment, and strategic planning. G2Interactive

More Related