Welcome • Cyber Defense Bootcamp for High School Teacher • Cyber Defense Lab (ISAT/CS Room 140) • Department of Computer Science • James Madison University • Summer, 2013
Mar 29, 2015
Welcome
• Cyber Defense Bootcamp for High School Teacher
• Cyber Defense Lab (ISAT/CS Room 140)
• Department of Computer Science
• James Madison University
• Summer, 2013
Introductions
• Bryan Conner
• Livia Griffith
• Hossain Heydari
• Andrew Hutchson
• Evan Johnson
• Emil Salib
• Brett Tjaden
• Xunhua (Steve) Wang
Goals
• Have fun!
• Teach you about Cyber Defense so that you can:
– Interest your students in Cyber Defense– Teach your students about Cyber Defense
• Cyber Defense Clubs
• CyberPatriot Program (http://www.uscyberpatriot.org/)
Schedule
• Meet Monday – Friday:– 9:00 – 10:15: Session #1– 10:15 – 10:30: Break– 10:30 – 11:45: Session #2– 11:45 – 1:00: Lunch– 1:00 – 2:15: Session #3– 2:15 – 2:30: Break– 2:30 – 4:45: Session #4
General Information
• No food or drinks near our brand-new laptops
• Restrooms:– Out the door and turn left
– Right at main hallway
– Right at next hallway
– Restrooms are on the right
• If you have a car on campus see us for a parking permit
• Fill out a W-9 form if you want your money
Questions
• Always welcome!
Cyber Defense
• Prepare
• Protect
• Detect
• Triage
• Respond
The Information Security Problem
• Over the last couple of decades, our world has rapidly become very dependent on computers:– Store medical information– Guide aircrafts– Handle the majority of financial transactions
• There are flaws in our computers’:– Operating systems– Applications– Protocols
• Result: threats
Exacerbating the Problem
• The problem of how to design secure OSs, applications, and protocols is hard
• Too few security professionals
• Many users do not understand the magnitude of the threat
• Many managers do not understand the magnitude of the threat
Threats
• A threat is a potential violation of system security• Examples (from Shirey):
– Disclosure – unauthorized access to information
– Deception – acceptance of false data
– Disruption – interruption or prevention of correct operation
– Usurpation – unauthorized control of some part of the system
Attackers
• Those who intentionally perform actions that cause security violations– Outsiders:
• Competitors• Hackers• Organized crime• Terrorists• Foreign government, military, or law enforcement
– Insiders• Customers, suppliers, vendors, or business partners• Disgruntled current (or former) employees• Contractors, temps, or consultants
Types of Attackers
• Third tier– “Script kiddies” with little knowledge or skill– Run attack scripts and other software written by more
sophisticated attackers
• Second tier– Moderately knowledgeable and skilled attackers– Discover vulnerabilities; create and disseminate exploit tools
• First tier– Elite attackers– Discover vulnerabilities; create private tools
Why You Should Not Be an Attacker
• It is illegal:– United States Code, Title 18, Section 1030 (and
others)– USA Patriot Act, Homeland Security Act,
PROTECT Act– www.cybercrime.gov
• Basically:– Unauthorized access or use of a computer or
network system is illegal– Unintentional attacks are illegal too
Understanding the Tools and Techniques of Attackers
• Important for defenders– Can evaluate systems you defend as attackers will
– Can implement countermeasures designed to thwart attackers
– Better understand the implications of certain decisions
The Pillars of Computer Security
• The security “triad”:
– Confidentiality
– Integrity
– Availability
The Security Triad
• Which is most important?
– Confidentiality
– Integrity
– Availability
Policy and Mechanism
• A security policy is a statement of what is, and what is not, allowed– Examples?
• A security mechanism is a method, tool, or procedure for enforcing a security policy– Examples?
Goals of Security
• Prevention – mechanism(s) that cause attacks to fail– Example?
• Detection – mechanism(s) that determines that an attack is under way, or has occurred, and reports it– Example?
• Recovery – mechanism(s) that stop attacks and assess and repair any damage caused– Example?
Justifying Policy and Mechanism
• The benefits of protection should be justified by the cost of designing, implementing, and using the mechanism– Cost-benefit analysis – the benefits of computer
security is weighed against the cost
– Risk analysis – the level of protection is a function of the probability of an attack occurring and the effect of the attack should it succeed
– Laws and customs
Getting Started
• What to do first?– Get to know you systems
• You cannot effectively defend what you don't understand
• Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge
• “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” - Sun Tzu
Getting Started
• What to do first?– Get to know you systems
• You cannot effectively defend what you don't understand
• Attackers make it their job to understand systems better than the defenders and leverage their advantage in knowledge
• “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” - Sun Tzu
• “You Don't Know Me” - Elvis
After You Know Your Systems
• Think about threats and attackers
• Think about what needs to be protected (security triad)
• Think about what security policies and mechanisms you will employ
• Think about your goals (prevention, detection, recovery)
• Think about how what policies and mechanisms are justified
After You Have Thought About Your Systems
• Start to plan, implement, and test improvements to your systems' security posture
• Respond to actions by attackers
Getting started Defending Computer Systems
• Get to know your systems
• Assess the current security posture of your systems
• Identify what needs to be protected
• Think about how threats, attackers, the security triad, security policies/mechanisms, and security goals relate to your systems
• Plan, implement, and test improvements to your systems' security posture
Bootcamp Exercises
• You will not just be listening, you will be doing
• Virtual machines (VMs) – a simulated computer running on another computer
• VMs are great for hands-on Cyber Defense exercises
• You can create and use VMs with your students using free software:
– VirtualBox (https://www.virtualbox.org/)
– VMWare Player (http://www.vmware.com/products/player/)
Accessing your VM for this Bootcamp
• Turn on laptop
• Click on “CyberDefender” account to log in
• Double click on Firefox icon to open web browser
• Enter this information in the vSphere
• If you are not already on it, go to the following page:
• https://10.0.0.250:9443/vsphere-client/
Accessing your VM for this Bootcamp (cont)
• Log in with the credentials you were given
• Click on “Host and Clusters”
• Expand the items on the left side until you see your “student” VM
• Click on your student VM to highlight it
• In the center window click on the “Summary” tab
• Click on “Launch Console”
• Power on the VM