23 July 2003 PM-ITTS T S M O Information Assessment Test Tool (IATT) Information Assessment Test Tool (IATT) for IO/IW for IO/IW Briefing by: Briefing by: Darrell L Quarles Darrell L Quarles Program Director Program Director U.S. Army Threat Systems Management Office U.S. Army Threat Systems Management Office PEO STRI PEO STRI 256-876-9656 ext 268 (DSN: 746) 256-876-9656 ext 268 (DSN: 746) [email protected][email protected]UNCLASSIFIED UNCLASSIFIED ARMY THREAT SYSTEMS PROGRAM ARMY THREAT SYSTEMS PROGRAM NET 3 Conference & NET 3 Conference & Exhibition Exhibition 23 July 2003 23 July 2003
23
Embed
23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
23 July 2003PM-ITTS
TSMO
Information Assessment Test Tool (IATT)Information Assessment Test Tool (IATT)
for IO/IWfor IO/IW
Briefing by:Briefing by:
Darrell L QuarlesDarrell L Quarles
Program DirectorProgram Director
U.S. Army Threat Systems Management OfficeU.S. Army Threat Systems Management Office
• Identifies Operational risks of IS/IA Configuration• Confirms ISSA goals are met
Assessment of System IS/IA Status
15
2
4
3
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
OTIA MethodologyOTIA Methodology
23 July 2003PM-ITTS
TSMO
IATT Concept of OperationsIATT Concept of Operations
UNCLASSIFIED
UNCLASSIFIED
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
IATT is an easily transportable IA threat launch IA threat launch platform.platform.
IATT is to be populated with a DIA validated set of IA DIA validated set of IA ThreatsThreats that are specific to the target system/test Configuration.
IATT is to provide ATEC-OTC and test community the capability to measure the IA health of systems against actual IA threatsactual IA threats exercised in realistic scenariosrealistic scenarios.
23 July 2003PM-ITTS
TSMO
IATT CAPABILITIES IATT CAPABILITIES
UNCLASSIFIED
UNCLASSIFIED
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM
Information Gathering- Stealthy and non-stealthy scanning of network assets to find a entry point vulnerability to exploit.
Network Monitoring - Passive tools to map the network, steal critical communications.Infiltration
- Gain access to a local/remote system by exploiting a vulnerability in COTS software.
Password Guessing/Cracking- Guess common passwords / break systems password files.
Nefarious Data Manipulation- Intercept/inject mission data transmissions on the network.
Denial of Service- Prevent communications through computer service disruption or elimination.
23 July 2003PM-ITTS
TSMO
ON-GOING DEVELOPMENTSON-GOING DEVELOPMENTS
UNCLASSIFIED
UNCLASSIFIED
C2IATT/NOVAC2IATT/NOVA- Automated scenario execution across multiple IATT units for complex tests.
Counter-Counter Measure DevelopmentCounter-Counter Measure Development- Provides a more realistic approach of attack scenarios.
Automated Decision AidesAutomated Decision Aides- Develop capabilities to enhance users decision making process.
Wireless IA CapabilityWireless IA Capability- Current information attack systems evaluate wired networks against random and intentional threats. The military requires a capability to test military wireless networks against the same types information attack threats. Knowing the susceptibility of military wireless networks to wireless information attack threats increases overall system security. Information assurance on all data links is essential to mission success, force protection, and information dominance.
23 July 2003PM-ITTS
TSMO
Live Test Configuration
Replicate Target Network in a Test Environment
IATT Hub
Firewall /Guard
SUT 1 SUT 2 SUT 3
23 July 2003PM-ITTS
TSMO
Mass Scan• Actively scans for
hosts on target network
• Determines Operating System & Port Information
23 July 2003PM-ITTS
TSMO
Passive Detection• Passively
detects hosts on target network
• Quantifies incoming and outgoing traffic
23 July 2003PM-ITTS
TSMO
Target Relationship Tool
• Identifies communication relationships between computers on the network
• Identifies data generators / receivers
23 July 2003PM-ITTS
TSMO
Demonstration Configuration• Singled out target on
the network
• The impact of neutralizing the right target is immeasurableIATT / Illuminate
RWS V6
Simulated
23 July 2003PM-ITTS
TSMO
System Operations – Information Panel
• Display results of scan for target
• Provides access to attacks for target
23 July 2003PM-ITTS
TSMO
System Operations – Snoop
• Collects network traffic in multiple protocols, ports, directions.
• Collects data to libcap files for review / analysis
23 July 2003PM-ITTS
TSMO
System Operations – Attack
• Conducts attack operations
• Standardized test configurations
• Attack status indicators
23 July 2003PM-ITTS
TSMO
Scan Reports
Network Reconnaissance logged for After Action Reviews (AAR)
SUMMARYSUMMARYThe methodology and tools being developed is laying the ground work and the essential tools necessary for the T&E community to properly assess the Information Assurance issues associated with our digitized forces.
Program foundation success for future development in IA.
Program is on schedule.
UNCLASSIFIED
UNCLASSSIFIED
ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM