Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Wireless security wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer network wikipedia , lookup
Distributed firewall wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Airborne Networking wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer security wikipedia , lookup
Cyberspace - A Global Battlespace? Joel Ebrahimi Solutions Architect Bivio Networks, Inc. A Hacker’s Opportunity is Target Rich! Enterprise Joe Hacker – Personal – Credit Card Government – – – – – Military secrets Nuclear Information Medical Records Criminal Records Classified Secrets and Information – Control of Physical Infrastructure • Power • Electrical • Water ©2010 Bivio Networks, Inc. 2 Exploitation Evolution While we look at the evolution trend, it should be noted that the less severe exploits have not gone away. They still exist today and have even increased in numbers. The problem is that we also have to deal with exploits that now affect our national security. Experimentation / Notoriety Hacktivism / Defacements Criminal Enterprise Espionage / Cyber Terrorism ©2010 Bivio Networks, Inc. Hacking Hotspots and Trends WESTERN EUROPE Cyber-activists with anti-global/anticapitalism goals; some malicious code U.S. Multiple hacker/cyberactivist/hacktivist groups; random targets EASTERN EUROPE/RUSSIA Malicious code development; fraud and financial hacking MIDDLE EAST Palestinian hackers target Israeli websites; some pro-Israel activity BRAZIL Multiple hacker groups, many mercenary; random targets ©2010 Bivio Networks, Inc. CHINA Targeting Japan, U.S., Taiwan and perceived allies of those countries; Falun Gong targeted also INDIA-PAKISTAN Worldwide targets, Kashmir-related and Muslim-related defacements Is the threat real? ©2010 Bivio Networks, Inc. 5 Its Real and Happening Now! Stuxnet Cyber Espionage DDOS attacks in Estonia Attacks on Booz Allen Hamilton Breach of defense contractor computers that let hackers get at information on the Joint Strike Fighter Power grid compromised Repeated attacks on .gov websites Real growing threat of cyber terrorism ©2010 Bivio Networks, Inc. 6 The Threats Malware – – – – Worms Trojans Rootkits Spyware Remote of local exploitation Botnets ©2010 Bivio Networks, Inc. A Transforming Network Explosion in usage, applications, devices, protocols Basic networking problems remain – – – – – Security Information assurance Cyber defense Awareness Control Network role transition from connectivity to policy Key Enabling Technology: Deep Packet Inspection ©2010 Bivio Networks, Inc. Deep Packet Inspection (DPI) Set of technologies enabling fine-grained processing of network traffic Common analogy: processing regular mail based on letter contents vs. address Not a solution or an application! L2 Ethernet L3 Internet Protocol (IP) L5 – L7 L4 • Viruses • Email, IM • Intrusions • Web • File Transfer • Worms • Peer-to-Peer (P2P) Transport Layer (TCP/UDP) ©2010 Bivio Networks, Inc. Why DPI? L3/4 analysis clearly not granular enough – Source/Destination often irrelevant Most information is in the payload – Deeply embedded – Context dependent – Dynamic Tunneling makes outer protocols/headers insufficient Correlation between flows and payload often crucial Threats are real-time and dynamic; response can’t be – DPI is real-time networking analog to off-line analysis – Dramatically shortens threat identification and response ©2010 Bivio Networks, Inc. The Right Technology Scalability: variable throughput, computation Performance: – Computational: full packet inspection – Network: wire-speed Flexibility: software is king Customization: each mission different Adaptability: inherent in space Active/Passive: monitoring and enforcement Multi-function: parallel tasks Standardization: Avoid proprietary environments Rapid deployment ©2010 Bivio Networks, Inc. Protecting The Future Infrastructure – Focus on high-compute/high-throughput • System design • Semiconductors – Keep pace with networking advances • 40Gb/s • 100Gb/s – Storage integration • Data Retention • Post-processing Applications – – – – Increased sophistication of protocol analysis Increased cross-flow analysis Information sharing between applications Dynamic threat response ©2010 Bivio Networks, Inc. Summary Threats are already here Cyber Terrorism is real The network is changing and growing DPI technology underlies future networking Core technology for National Security requirements Challenges addressed in rapidly advancing market Significant innovation into the future ©2010 Bivio Networks, Inc. Not just a presenter, this is what I do Thank You! Special purpose networking devices 10Gb/s+ High compute capacity Throughput and compute scaling Linux development environment Multi-application support Joel Ebrahimi [email protected] Bivio Networks, Inc http://www.bivio.net ©2010 Bivio Networks, Inc.