04 Sep Annotated Bibliography
1
Copyright © 2012, Elsevier Inc.
All Rights Reserved
Chapter 2
Deception
Cyber Attacks Protecting National Infrastructure, 1st ed.
2
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Introduction
• Deception is deliberately misleading an adversary by creating a system component that looks real but is in reality a trap – Sometimes called a honey pot
• Deception helps accomplish the following security objectives – Attention
– Energy
– Uncertainty
– Analysis
3
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
• If adversaries are aware that perceived vulnerabilities may, in fact, be a trap, deception may defuse actual vulnerabilities that security mangers know nothing about.
Introduction
4
Fig. 2.1 – Use of deception in computing
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
5
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Introduction
• Four distinct attack stages: – Scanning
– Discovery
– Exploitation
– Exposing
6
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.2 – Stages of deception for national infrastructure protection
7
• Adversary is scanning for exploitation points – May include both online and offline scanning
• Deceptive design goal: Design an interface with the following components – Authorized services
– Real vulnerabilities
– Bogus vulnerabilities
• Data can be collected in real-time when adversary attacks honey pot
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Scanning Stage
8
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.3 – National asset service interface with deception
9
• Deliberately inserting an open service port on an Internet-facing server is the most straightforward deceptive computing practice
• Adversaries face three views
– Valid open ports
– Inadvertently open ports
– Deliberately open ports connected to honey pots
• Must take care the real assets aren’t put at risk by bogus ports
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Deliberately Open Ports
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.4 – Use of deceptive bogus ports to bogus assets
11
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.5 – Embedding a honey pot server into a normal server complex
12
• The discovery stage is when an adversary finds and accepts security bait embedded in the trap
• Make adversary believe real assets are bogus – Sponsored research
– Published case studies
– Open solicitations
• Make adversary believe bogus assets are real – Technique of duplication is often used for honey pot
design
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Discovery Stage
13
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.6 – Duplication in honey pot design
14
• Creation and special placement of deceptive documents can be used to trick an adversary (Especially useful for detecting a malicious insider) – Only works when content is convincing and
– Protections appear real
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Deceptive Documents
15
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.7 – Planting a bogus document in protected enclaves
16
• This stage is when an adversary exploits a discovered vulnerability – Early activity called low radar actions
– When detected called indications and warnings
• Key requirement: Any exploitation of a bogus asset must not cause disclosure, integrity, theft, or availability problems with any real asset
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Exploitation Stage
17
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.8 – Pre- and post-attack stages at the exploitation stage
Copyright © 2012, Elsevier Inc.
All rights Reserved
18
• Related issue: Intrusion detection and incident response teams might be fooled into believing trap functionality is real. False alarms can be avoided by – Process coordination
– Trap isolation
– Back-end insiders
– Process allowance
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Exploitation Stage
19
• Understand adversary behavior by comparing it in different environments.
• The procurement lifecycle is one of the most underestimated components in national infrastructure protection (from an attack perspective)
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Procurement Tricks
20
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.9 – Using deception against malicious suppliers
21
• The deception lifecycle ends with the adversary exposing behavior to the deception operator
• Therefore, deception must allow a window for observing that behavior – Sufficient detail
– Hidden probes
– Real-time observation
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Exposing Stage
22
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.10 – Adversary exposing stage during deception
23
Interfaces Between Humans and Computers
• Gathering of forensic evidence relies on understanding how systems, protocols, and services interact – Human-to-human
– Human-to-computer
– Computer-to-human
– Computer-to-computer
• Real-time forensic analysis not possible for every scenario
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
24
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
Fig. 2.11 – Deceptively exploiting the human-to-human interface
25
• Programs for national deception would be better designed based on the following assumptions: – Selective infrastructure use
– Sharing of results and insights
– Reuse of tools and methods
• An objection to deception that remains is that it is not effective against botnet attacks – Though a tarpit might degrade the effectiveness of a
botnet
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 2 –
D e c e p tio
n
National Deception Program
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.