HOME  |  BLOGS  |  MESSAGE BOARDS  |  AUDIO  |  VIDEO  |  WEBCASTS  |  RESOURCES  |  ABOUT US
Keith Dawson

Guarding Against 'Advanced Persistent Threat'

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
WriteSeth
User Rank
Agile Expert
Re: Sovereignty?
WriteSeth   1/18/2012 6:49:40 PM
NO RATINGS
re:  if you are more secure than 90 percent of your competitors, the traditional hackers will pass you by and go after them.  

There is a saying "You don't have to outrun the lion, you just have to outrun your friend." 

@ Cassimir:  I would like to learn more about adaptive security. 

I did find this "Here's an example of how adaptive security works: A behavioral-based rule triggers IPS alerts 

for multiple malformed packets.  Instead of sounding an alarm immediately, the intrusion analysis system checks the most recent scanning results on the server under attack. Those results show the system is missing several recent patches.  Passive traffic analysis reports then reveals that the server has been attempting to communicate with unusual ports on local systems. With this additional information, it becomes clear that the organization has a zero-day attack occurring inside its network" Source: http://www.sans.org/reading_room/analysts_program/adaptiveSec_Dec08.pdf

kdawson
User Rank
Blogger
Perimeter
kdawson   1/10/2012 3:12:10 PM
NO RATINGS
The adaptive security idea is taking hold now. Even the anti-virus folks are coming to understand that scanning however many fixed signatures is not going to do it for the emerging threats (and for some that are here already). Ideally you would like to let in the attacker onlly to the walled-off "lobby," but even if the attack penetrates to live systems, it could still be desirable to watch and record -- as opposed to pulling the plug on the invaded system, alerting the attacker that he has been "made."

Tom Murphy
User Rank
Blogger
Re: Sovereignty?
Tom Murphy   1/10/2012 2:41:05 PM
NO RATINGS
@cassimir:  That also seems like a good strategy for launching counter-intelligence.  By allowing the attacker into the lobby, it becomes easier to attack the attacker and discover who sent him.

Cassimir Medford
User Rank
Blogger
Re: Sovereignty?
Cassimir Medford   1/10/2012 2:37:49 PM
NO RATINGS
A couple of years ago I interviewed a security expert and he said that companies should not depend entirely on perimeter security -- the well protected fortress. They should look at adaptive security where the system allows the attack in to spoofed areas of the system to study its behavior. The theory is the more we learn about the threats the more we force the attackers to upgrade. Adaptive security would complement the fortress but we should know the enemy better by inviting him into the lobby to "play." I wish I could remember the name of the company, but the idea seemed reasonable to me. Or maybe it appealed to the writer rather than the techie in me.

Tom Murphy
User Rank
Blogger
Re: Sovereignty?
Tom Murphy   1/10/2012 11:37:36 AM
NO RATINGS
Oh, yes, those military preparations have gotten a good deal of attention, as have the risk of terrorists using this as a very potent weapon.  It may be a bigger threat than biological attacks or even nuclear attacks given that it doesn't require physical delivery of a weapon.  Like many military leaders, I'm a big fan of diplomacy as a means to avoid catastrophe. This is clearly a threat to the entire notion of sovereignty, which has been the cornerstone of diplomacy for many centuries.

kdawson
User Rank
Blogger
Re: Sovereignty?
kdawson   1/10/2012 11:30:02 AM
NO RATINGS
Tom — all of the scenarios you mention and more have been discussed in military and political circles since the time of the Bush administration. An Air Force unit has been chartered with defending against, and potentially waging, "cyberwar." The very term is repugnant to many in the security community, but it is in widespread use in military circles. There is open talk of going offensive, and comparisons of the assumed offensive cyberwar capabilities of various nations. The elephant in the room is that ironclad attribution for the sorts of intrusions represented by the APT is essentially impossible. For example, any and all of the circumstantial traces pointing to Chinese agency for the intrusions could be faked by another state-sponsored actor. It would be a huge undertaking, but is by no means impossible. This fact underpins the denials the Chinese continue to issue.

Tom Murphy
User Rank
Blogger
Re: Sovereignty?
Tom Murphy   1/10/2012 11:21:14 AM
NO RATINGS
At what point, I wonder, do nations start to clash - not just talk - on this on a public, diplomatic level.  Although it may be difficult to prove who is doing what to whom, it seems that it would be prudent to create a harsh system for dealing with this. And on a military level, this truly looks like it could be the future to warfare. What's going on now look like the digital equivalent of war games; a real confrontation could destroy much of a country's business infrastructure controlling banks, utilities, transportation system. Imagine waking up in the morning and finding out all records of your money are gone, there's no power or water, and it's hard to get anywhere from anywhere. The idea of destroying chemical plants or other industrial tartets is too horrible to contemplate.

kdawson
User Rank
Blogger
The scope of it
kdawson   1/10/2012 7:04:26 AM
NO RATINGS
Here's the Christian Science Monitor on the US government report: "Operation Aurora was a coordinated attack on the intellectual property of several thousand companies in the United States and Europe -- including Morgan Stanley, Yahoo, Symantec, Adobe, Northrop Grumman, Dow Chemical, and many others. Intellectual property is the stuff that makes Google and other firms tick."

"Aurora" is what Google and other investigators named the broad attack of which the Google hacking was a part. The affair reached the level of US Secretary of State Hillary Rodham Clinton caling out the Chinese (who denied all). It resulted in Google's withdrawal of their site from the mainland.

kdawson
User Rank
Blogger
Origins
kdawson   1/10/2012 6:58:22 AM
NO RATINGS
Network World has an article on what various people and groups mean when they say "Advanced Persistent Threat," and the origins of the term. Here's one security analyst from HBGary: "The Air Force and DoD latched onto it as a nice way to not have to keep saying 'Chinese state-sponsored threat.' We should stop pretending it's not that... [APT is] the Chinese government's state-sponsored espionage that's been going on for 20 years. Let's just call it, 'Everything that matters to the state of China's global expansion.'"

Note that HBGary, which had many government security contracts, was hacked by Anonymous last year and all but destroyed.

kicheko
User Rank
Business Processor
Re: Re : Guarding Against 'Advanced Persistent Threat'
kicheko   1/10/2012 2:56:23 AM
NO RATINGS
The other explanation for chinese hacks could be corporate espionage like mentioned in the blog. It is well known that China is world's largest producer of counterfeit goods. But their counterfeit goods are always on point. They answer specific needs in a timely fashion and precise to different markets. Could be the need for this kind of accuracy that drives hacking for information.

Page 1 / 2   >   >>
More Blogs from Keith Dawson
Researchers have discovered a new service offering -- criminals customizing cyberattack tools and hosting in a MaaS package.
Apple recently acknowledged (sort of) that Macs are not immune to malware. Here's why it's past time to run AV on Macs.
A survey by The Economist Intelligence Unit confirms some important trends we've been watching.
The social network will let users choose not to be featured in advertising, pay $20 million, and forego at least $103 million in revenue.
Research undertaken for the UK Ministry of Defence concludes that we spend too much on defensive technology and not enough on police work.
Business Agility Twitter Feed
HOME  |  BLOGS  |  MESSAGE BOARDS  |  AUDIO  |  VIDEO  |  EXECUTIVE FORUMS  |  WEBCASTS  |  RESOURCES  |  ABOUT US