Download Upstream Intelligence - Indiana University of Pennsylvania

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts

Information security wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
1
Upstream Intelligence
Andrew P. Largent
Indiana University of Pennsylvania, Department of Computer Science
COSC 480 Seminar on Technical Topic
Dr. Charles Shubra
Indiana, PA 15705
SID: 02137623
Date: 3/18/11
2
Upstream Intelligence (UI) is data about IP’s, domains and Autonomous System
Numbers (ASN) acting or representing the presence of a threat. UI quantitatively identifies IPs
and other networks which threaten online assets, no matter the context, for instance classified
data, personal information, business information or intellectual property. UI is a source of
information past ISP networks and other services provider’s perimeters and deals with the
lowest levels of information on the Internet loosely referred to as “no man’s land”. UI help to
identify threats on the Internet. UI is a very powerful security tool, with the Cyber security Act of
2009 and the Nation Broadband Plan from the Federal Communication Commission in 2010,
adding a new level of security to the internet and better Information Assurance for ISPs and
other providers. UI was developed and deployed with the goal of significant asset recovery of
network bandwidth, but asset recovery is just the starting point of UI projected potential.
“UI consists of proactive and accurate identification of compromised devices and
networks on large scales in real time.” – Macaulay
With the evolving threats and threat agents elevating potential risks breeds the new for
new security capabilities, which is the driving force behind further development of UI. Such
threats include some of the most successful crimes on the Internet: identify theft, credit card
and banking fraud, spamming, phishing and DOS attacks to name a few. With UI, the
information gathered is that of the threat agents and targeted assets rather than malware or
programs resulting in a faster reaction time to threats. In the later 1990’s into the early 2000’s
malware developers watched as there creation destroyed data and systems throughout the
networks, and these developers took pride in their work knowing that the information
technology professional were ill equipped and unprepared to handle such threats. Since then
the selling of well developed malware exploitation, had pushed the coders underground sharing
3
less and less code with the best code being sold at a high price. UI adds a new layer to an
enterprise architecture schema, making it much more secure.
UI represents a new layer of security for all organizations not matter the size, adding
new security capabilities possible when introduced to preexisting security architecture. With the
fundamental “defense in depth” concept, will give an added advantage when applying UI the in
foundation of the defense. UI provides two enhancements to the defense-in-depth design, the
first being, UI extends the supported enterprise perimeter by identifying threats before they hit
said perimeter, allowing for proactive actions using existing security layers. But I would like to
stress the UI was not created with the purpose of counter-attacking.
Such actions could inflect substantial injury to legitimate individuals and devices that are
essentially inclusive victims. UI was developed for defensive and self-preservation as the primary
objective. UI is a critical way to maintain networks integrity against threat agents with no
concern for the network.
In conclusion the value and intelligence possible in UI is largely unknown and untapped
at the present, which leaves me to believe further development into better real-time systems
for info/intel sharing to identify threats and threatened assets should be the course of the
research on this topic.
Discussion Questions
Does UI have any mechanism to identify similar threats originating from different IP addresses
(e.g. attacks via proxy)?
4
Not actually having firsthand knowledge of the intimate systems which handle the UI, I
do not to presume to know the answer to this question, but if I had to take an educated guess I
would hope that the development of the systems which deploy this technique would have
multiple functions to it.
With the fast pace advancements in technology, can we really say we are secure?
I would say it depends of your personal ideology of secure, but as it relates to UI… alone
UI would not provide proper security, but when added to existing security layers UI enhances the
systems security ten-fold.
How does upstream Intelligence incorporate itself within the security layers of a network?
UI stand as a vanguard at the front lines of any security network giving the network time
to react to a threat properly.
Because of the rapid development of new attacks, do think UI will ever be able to truly protect a
system? If not, is the return on investment enough to continue developing UI.
Since UI looks at the threat agents and the threatened assets rather than the threats
themselves I don’t see a problem with the advancements in new attacks, that problem will be
reserved for the existing security layers on the system. I would have to say yes, continued
development into further UI capabilities will greatly help the field of Information Assurance.
5
Will ISP’s ever be liable for attacks they might have been able to potentially prevent?
I doubt that ISPs will ever be legally liable for such a situation, for the reason it would be
hard to prove without a federal inquiry investigation into the situation.
Do you think it is wise to strike back when dealing with cyber threats?
I don’t truly get the drawback to using UI to counter attack, I can see the implications to
such a situation, like the saying you can’t fight fire with more fire, but then again that saying in
not true also, because fire-fighter use fire all the time to fight fires with, in order to use up all the
oxygen and to move the fire in the direction they want so that they can control the fire. So, in the
sense of control I can’t see the harm in using information to strike back at a threat agent.
Do you believe using upstream intelligence to preemptively attack cyber-threats is even
plausible on foreign soil?
With our armed forces already allocating resources in so called “cyber warfare” , I could
definitely see the government using such techniques to give them an edge in fighting the “good
fight”.
6
Research reaction
Learning about this ever evolving technique has cemented my interest in my field and further
peeked my also ever evolving interest in Information Assurance. I look forward to reading future
developments in this topic. If I was to propose research into this topic, I would push the research to look
further into the optimization of the real-time acquisition of threats and threatened assets.
Works cited

Cybersecurity Act 2009- http://www.govtrack.us/congresss/billtext.xpd?bill=$111-773

Federal Communications Commission, National Broadband Pla: Connecting America, 2010http://www.broadband.gov/

Bell Canada Q4 2009

Macaulay, Tyson IAnewsletter- Vol 13 No 3- Summer 2010- http://iac.dtic.mil/iatac
Related documents
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
Web server software
Web server software
Testimony - American Security Project
Testimony - American Security Project
Customer markets
Customer markets
Slayt 1
Slayt 1
SECURITY IN THE BALTIC SEA REGION 1. Lecture
SECURITY IN THE BALTIC SEA REGION 1. Lecture
MKT 450 Group Project
MKT 450 Group Project
Security Standards and Threat Evaluation
Security Standards and Threat Evaluation
Global Climate Change affects Children read more
Global Climate Change affects Children read more
Online dating Virtual gaming Twitter LinkedIn Facebook Google +
Online dating Virtual gaming Twitter LinkedIn Facebook Google +
NITC yearly Work Plan FY2065/66
NITC yearly Work Plan FY2065/66