ebook img

The Basics of Cyber Warfare. Understanding the Fundamentals of Cyber Warfare in Theory and Practice PDF

155 Pages·2012·3.017 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The Basics of Cyber Warfare. Understanding the Fundamentals of Cyber Warfare in Theory and Practice

The Basics of Cyber Warfare The Basics of Cyber Warfare Understanding the Fundamentals of Cyber Warfare in Theory and Practice Steve Winterfeld Jason Andress Technical Editor Andrew Hay AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Syngress is an Imprint of Elsevier Acquiring Editor: Chris Katsaropoulos Development Editor: Benjamin Rearick Project Manager: Malathi Samayan Designer: Russell Purdy Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA Copyright © 2013 Elsevier, Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional prac- tices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of p roducts liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library ISBN: 978-0-12-404737-2 Printed in the United States of America 13 14 15 16 17 10 9 8 7 6 5 4 3 2 1 For information on all Syngress publications, visit our werbsite at www.syngress.com Dedication We thank our families and friends for their guidance, support, and fortitude through- out this project. We dedicate this book to those in the security industry who are making the world a better place through efforts like Hackers for Charity (You may have seen their T-shirts—“i hack charities.” For more information, go to http://hackersforcharity.org/). To those who are not we say—get engaged! v Author Biography Steve Winterfeld is the Chief Technology Officer (CTO) of TASC’s Defense/Civil Business Group, as well as TASC’s Cyber Tech Director and senior CyberWarrior instructor. During his career, he has supported a number of important cyber projects, most notably building the Computer Emergency Response Center (CERT) for US Army South, which is responsible for monitoring security in real time and conduct- ing forensic investigations on intrusions and the developing the first Certification and Accreditation (C&A) approval for the Global Hawk Unmanned Aerial System (UAS). He holds CISSP, PMP, SANS GSEC, Six Sigma certifications in addition to an M.S. in computer information systems. Dr. Jason Andress (ISSAP, CISSP, GPEN, CISM) is a seasoned security profes- sional with a depth of experience in both the academic and business worlds. In his present and previous roles, he has provided information security expertise to a va- riety of companies operating globally. He has taught undergraduate and graduate security courses since 2005 and conducts research in the area of data protection. He has written several books and publications covering topics including data security, network security, penetration testing, and digital forensics. xi INTRODUCTION Introduction INFORMATION IN THIS CHAPTER: (cid:129) Book Overview and Key Learning Points (cid:129) Book Audience (cid:129) How this Book is Organized BOOK OVERVIEW AND KEY LEARNING POINTS This book is designed as an introduction to the strategic, operational, and tactical aspects of the confl icts in cyberspace today. This book is largely a higher level view of the material in “Cyber Warfare Techniques, Tactics and Tools for Security Practitioners” published in 2011, and also includes updates regarding events that have happened since the publication of the fi rst book. The book shares two very different perspectives of the two authors on what many are calling cyber warfare today. One comes from a commercial background and the other brings the military viewpoint. The book is designed to help everyone understand the essentials of what is happening today, as well as provide a strong background on the issues we are facing. This book is unique in that it provides the information in a manner that can be used to establish a strategic cybersecurity vision for an organization but it is also designed to contribute to the national debate on where cyber is going. BOOK AUDIENCE This book will provide a valuable resource to those involved in cyber warfare activities regardless of where their focus is; policy maker, CEO, CISO, doctrinal development, penetration testers, security professionals, network, and system administrators, or college instructors. The information provided on cyber tactics and attacks can also be used to assist in engineering with better and more effi cient procedures and technical defenses. xiii xiv CHAPTER Introduction Those in management positions will fi nd this information useful as well, from the standpoint of developing better overall risk management strategies for their orga- nizations. The concepts covered in this book will help determine how to allocate resources and can be used to drive security projects and policies in order to mitigate some of the larger issues discussed. HOW THIS BOOK IS ORGANIZED This book is designed to take the reader through a logical progression for a foundational understanding of today’s cyber battlespace, but the content and organization of the topics in this book are build as standalone modules of information. It is not necessary to read the book from front to back or even in any particular order. In the areas where we refer to information located in other chapters in the book, we have endeavored to point out where the information can be found. The following descriptions will provide an overview of the contents of each chapter: Chapter 1: Cyber Threatscape In Chapter 1 is an overview of the cyber threatscape based on a graphical map which lays out the Methodology and Resources then shows the Attackers and Hackers that use them to beat the defenses (shown as defensive mountain range) to get to the Valu- able Data. The map is intended to show the interaction and complexity across the cyber domain. The hacker’s methodology, tools, and processes listed are generally the same ones used by security professionals; though the security professional has (written) authorization to conduct attacks and operations. Chapter 2: Military Doctrine In Chapter 2 we discuss how the concept of what a war means is changing and examine whether we are in a cyber war today. We discuss the differences between conven- tional and cyber wars and how conventional warfare is a poor standard against which to measure its cyber equivalent. How a cyber war, whether strictly cyber in nature or in combination with traditional war, could lead to an international disaster, changing economies, enabling an increased cyber crime wave, and facilitating unprecedented espionage. We cover the traditional war-fi ghting domains of land, sea, air, and space both as they relate to cyber operations and what we can learn from them as cyber becomes more mature as the fi fth war-fi ghting domain. We also review the different threats, the impacts they are having, and what their motivations might be. Chapter 3: Cyber Doctrine In Chapter 3 explores the state of current cyber warfare doctrine on both the nation state and military. We discuss how every country with a dependence on IT infrastruc- ture is developing strategies and capabilities to protect and exercise national power and examined some of the traditional tactics and products that the military needs How this Book is Organized xv to adapt to the cyberspace environment. We also cover some of the directives used by federal agencies and governments to guide behavior in this virtual environment. Finally we look at how organizations are training both to develop new doctrine and execute their current plans. Chapter 4: Cyber Tools and Techniques In Chapter 4 we discuss the various tools that we might use in conducting Computer Network Operations (CNO), and the methods that we might use to defend against an attacker using them. We discuss the tools used for reconnaissance, access and privi- lege escalation, exfi ltration, sustaining our connection to a compromised system, assault tools, and obfuscation tools, many of which are free, or have free versions, and are available to the general public. We cover the intersection of the physical and logical realms and how making changes to either realm can affect the other, sometimes to a disastrous extent. Additionally we cover supply chain concerns and the potential consequences of corruption or disruption in the supply chain. Chapter 5: Offensive Tactics and Procedures In Chapter 5 we discuss the basics of Computer Network Exploitation (CNE) and Computer Network Attack (CNA). We explain that exploitation in this context means reconnaissance or espionage, and then discuss how it is conducted. We cover identi- fying our targets in the sense of both gleaning information from targets of attacks and in the sense of identifying targets to be surveilled. We talk about the different factors involved in cyber warfare, including the physical, logical, and electronic elements of warfare. We also discussed the different phases of the attack process: reconnaissance, scanning, accessing systems, escalating privileges, exfi ltrating data, assaulting the system, sustaining our access, and obfuscating any traces that might be left behind. We compare how this parallels and differs from typical hacker attacks. Chapter 6: Psychological Weapons/Social Engineering In Chapter 6 we cover social engineering and discuss how it can be a dangerous threat vector to all organizations and individuals. We look at this from a military mindset and pull lessons from how they conduct interrogations and conduct counter- intelligence. We talk about how the security policies, culture, and training must be reinforced often to insure the work force stays vigilant and how a great technical security infrastructure can be subverted by just going after the people. Chapter 7: Defensive Tactics and Procedures In Chapter 7 we discuss Computer Network Defense (CND). We talk about what exactly it is that we attempt to secure, in the sense of data and information as well as security awareness and training efforts in order to mitigate what sometimes xvi CHAPTER Introduction is the weakest link in our defenses, this is being authorized by normal users. We also p resent some of the different strategies that we recommend be used to defend ourselves against attack. Chapter 8: Challenges We Face We defi ne the 30 key issues that are impacting cybersecurity and map how they should be categorized. We then break them out into levels of diffi culty and resources required to solve. We also discuss how they are interrelated. Finally we look at both who and how they should be addressed, to include rough timelines on when they might be resolved. Chapter 9: The Future of Technology and Their Impacts on Cyber Warfare As we look to what lies ahead we examine the logical evolution based on current cybersecurity technology and trends. A review of some of the technology based trends that will have the greatest infl uence on cyber warfare as well as the policy based development that could have the most impact will provide a basis to look at what could happen. We also cover some of the best ways to defend in today’s contested virtual environment. Appendix: Cyber Timeline We have also included an Appendix with a timeline of the major events that have impacted or driven the confl icts in cyberspace. CONCLUSION Writing this book was a true journey. A considerable amount of debate among all those involved in the book took place over what would build the best foundation to address the subject, but in the end a solid balance was struck between the broad perspective and specifi c practical techniques. The hope is that this book will both contribute to the national discussion on where cyberspace is headed and what role each one of us can play. CHAPTER 1 Cyber Threatscape INFORMATION IN THIS CHAPTER: • How Did We Get Here? • Attack Methodology Plus Tools/Techniques Used • Attackers (The Types of Threats) • How Most Organizations Defend Today (Defensive Mountain Range)? • Targeted Capabilities (What We should be Defending) HOW DID WE GET HERE? In the early 1980s, when ARPANET was becoming the World Wide Web which grew into today’s Internet, the focus was on interoperability and reliability as a means of communication and potential command and control in the event of an emergency. Everyone with access to the system knew each other and security was not a consider- ation. Then, in the late 1980s, trouble started; Robert Morris released the first worm (a self-replicating piece of malware) and Clifford Stoll discovered Soviet Block spies stealing US secrets via a mainframe at the University of California, Berkeley. These were quickly followed by a number of incidents that highlighted the security risks associated with our new communication capability (see Appendix 1 for list of major events through the years). The key events as they relate to and impact the military occurred in the m id-to late-1990s when Time magazine had a cover on “Cyber War.” The 1998 Solar Sun- rise incident hit the news as the Pentagon got hacked while America was at war with Iraq, but the instigators were two kids from California. Moonlight Maze, where the Department of Defense (DoD) found intrusions from systems in the Soviet Union (though the source of the attacks was never proven) and Russia denied any involve- ment (hackers will often route their attacks through countries that will not cooperate with an investigation). By the early 2000s, a series of attacks, generally accepted as being from China, were identified and code named Titan Rain. The name was changed to Byzantine Hades after the Titan Rain code name was disclosed in the media and changed again when the Byzantine Hades code name was posted to The Basics of Cyber Warfare. http://dx.doi.org/10.1016/B978-0-12-404737-2.00001-X 1 © 2013 Elsevier, Inc. All rights reserved.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.