funsec mailing list archives
security spammers: [Fwd: New Coverage: Cyber Defense]
From: Gadi Evron <ge () linuxbox org>
Date: Mon, 20 Jul 2009 19:06:06 +0300
"Safe Unsubscribe" makes me feel... cheated? -- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/
--- Begin Message --- From: IT-Harvest <news () it-harvest com>
Date: Mon, 20 Jul 2009 11:07:11 -0400 (EDT)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cyber Defense WeeklyUpdate on tools, technologies, and strategies for cyber defenseJuly 20, 2009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --New Coverage: Cyber Defense --Gates creates Cyber-Defense Command --Norwich University is on front lines of cyber defense --Barret Lyon and Richard Stiennon discuss the US-KR attacks --The Israeli Foreign Ministry presents: Talkbackers in the service of the State --Richard Clarke addresses US intelligence issues --Cyber warfare and attribution --So-called cyber attack was overblown --Quick stats around the US-KR DDoS attacks --DHS cyber initiative announced RFI for DDoS defense ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Coverage: Cyber Defense ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Why cyber defense? How is this different than "security"? The difference is in motivation, purpose, and risks. In this post I hope to spell out the argument for creating a new category. I also provide a definition. First semantics. While much reviled by the security community outside the US government the use of the term "cyber" has recently gained both relevance and acceptance thanks to high level attention given to it by first the Bush administration and now the Obama presidency. The Bush era saw the inauguration of the Comprehensive Cyber Security Initiative which spelled out, albeit cryptically, twelve components of a government program that could entail over $7 billion in new spending annually. Mellissa Hathaway firmly established the use of "cyber" in both her address to RSA 2009 and her published Cyberspace Policy Review document. So "cyber" is now used to refer to those parts of IT infrastructure and the threat environment that deal with countering attacks and "cyberspace" refers to the global network of computers, networks, and people who use them. Cyber defense defined: Cyber defense is that category of products, methodologies and strategies used to counter targeted attacks. How is this different from what has gone before? The primary difference is the motivation, purpose and methodologies of the attackers. Their concerted effort to infiltrate, steal, sabotage, and attack is a much more serious scenario than the random attacks that have been the norm since the birth of the security industry and the first firewalls and anti-virus products. The attackers now include cyber criminals looking for credit card databases, account access, and executing elaborate pump and dump schemes using compromised stock trading accounts. They include insiders stealing information for sale to those cyber criminals or seeking their own path to riches or revenge against their employers. And yes, cyber defense is the category that addresses the threat posed by nation states, terrorists, and fanatics as they engage in cyber espionage and targeted denial of service attacks. With the level of spending projected by the United States , the UK, India, Pakistan, Israel, and most modern nations, there will be new players entering the IT security sector. Military contractors such as Raytheon, Booz Allen, and Lockheed Martin have already announced plans for cyber initiatives in order to win a piece of that spending. In the meantime existing vendors of defense security measures are seeing a banner year thanks to that spending. Over time there will develop a class of tools and systems that will address an expressed need for offensive measures as well. IT-Harvest will cover the cyber defense category by writing about these cyber defense tools. They include many existing categories like: Perimeter security. Firewalls, IPS, Web Application Firewalls, and URL content filtering. Identity and access management as it pertains to preventing unauthorized access to critical information and assets. Secure Network Fabric. Using network security capabilities to prevent internal attacks. Managed Security Service Providers. DDoS defense, recently high-lighted by the Defense Department's announcement of a Request For Information ion DDoS defense capabilities. Security Event and Information Management, SEIM, as it pertains to identifying and tracking down intruders. Threatchaos (http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBV9tsdIMLUOilqpvn2gEXxNtQm3zau25PszlFT7B46kTJcZfRPc5cF8E-Ks9EoKRKIRqTuOoFcOHW6yyL77xfUgtP5k09FIwuYRVc0yGCyVwQ==)will continue to cover the global incidents that pertain to cyber defense: Iranian protesters' use of Twitter to promulgate DDoS, Israeli and Chinese use of paid bloggers and commentators for psyops, Chinese cyber espionage, Russian crowd sourced attacks against its neighbors, and the cyber defense buildup occurring within the military operations of most nations. We are also announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week's news, product announcements, and escalations in cyber threats. Simply provide your email address here (http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBX7hAkHNejbx1_VLITJDyzMQUNwln-ZBuPSdGeSYHq9ptuaebm228_RmnI-UoOs048ju4UEj6Moau9zTu8tU7MIapTWXZuIzyI60k1kXQi33T1ur9SHPAILoY4vmlfi7jlc0kxUUjzkPNEbCWFzoeUXRLGDEet9kRhzfcfxKvb1WXwSJi39jinE-yhZbwaIhRVcxpgipE1cig==) to become a subscriber. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Gates creates Cyber-Defense Command ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Defense Secretary Robert M. Gates issued an order yesterday establishing a command that will defend military networks against computer attacks and develop offensive cyber-weapons, but he also directed that the structure be ready to help safeguard civilian systems. In a memo to senior military leaders, Gates said he will recommend that President Obama designate that the new command be led by the director of the National Security Agency, the world's largest electronic intelligence-gathering agency. The current NSA director, Lt. Gen. Keith B. Alexander, is expected to be awarded a fourth star and to lead the cyber-command. Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBXhb0noULTNeCZgQGHBSCz8ZzzuqCyoKmhRjOSJT5tXwCm5waglRi4D-W6nA3wMjF91HHavigmOuuU5XMYcLpAicNrlyTrZ9LUeng9vyrfjj8LOp4uHXyqCYsef_O1DyMc4On4ep18w9Zgze8USZsmd6Vu78CtN2v8aP0RAk6s2ZRsvLEc8MNG_e4CnRUOUDMRHXH2vs4zSww== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Norwich University is on front lines of cyber defense ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A research arm of Norwich University is manning the frontlines of the nation's cyber-defense system. U.S. Sen. Patrick Leahy on Friday announced two grants totaling $7.7 million for the Norwich University Applied Research Institutes. The money, he said, will fund the development of cyber-defense initiatives to ward off one of the country's most imposing national-security threats. "(Computers) run our power grids, they run large dams which, if attacked could flood whole communities," Leahy said during an afternoon press conference at the university's Northfield campus. "All of these things, if they're attacked, could do far more damage than someone sitting there with a couple bombs somewhere in the United States." Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBWKTi-D22Kjjh6AszhPuPnUWPTdSuL8CGKiajErjCMu3sG6JB8RA0FcBRsQWsHKmslzPxGotJmVoW3HSGQjI4vGl3UVZXDgmmJhEFuJu1WeZNLJgd6cOr6MgmAuIbgFlnGRaop5DpM6qLIPCw12xr5FbzgRRQHfBcg= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Barret Lyon and Richard Stiennon discuss the US-KR attacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This first ever live broadcast on Twit.tv was recorded and posted here. Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBUvG8oIxJBJHuaN3BA7kKPpc5n9GMsM93Feo2YgO-peDspw6_nRODn_hTIOL2qXTqYS7a8O4oF7qgzkTLR7krttMRk7RMLF7nbh2mzxuDetsvJMoKBvcK45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Israeli Foreign Ministry presents: Talkbackers in the service of the State ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After they became an inseparable part of the service provided by public-relations companies and advertising agencies, paid Internet talkbackers are being mobilized in the service of the State. The Foreign Ministry is in the process of setting up a team of students and demobilized soldiers who will work around the clock writing pro-Israeli responses on Internet websites all over the world, and on services like Facebook, Twitter and Youtube. Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBWukrr1tFZ_qIR1c9n9tEBW1tWK6Ib0eBVapxM-yki03kd0FXXw1uR5d4qUU8LKpnKW-XcvKcCYk1SReOq6p_51NRscaYbeox9eOTYXNRUKIgsbr8He1mw5AqiU0nCGKRIXm3KI5kyFkQ== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Richard Clarke addresses US intelligence issues ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Not since 1975 when the Church Commission investigated Nixon-era abuses in intelligence agencies, have such unusual things occurred in the world of Washington intelligence agencies as in these past few weeks. The Democratic House of Representatives threatened to pass an intelligence authorization bill which the Democratic White House has promised to veto. The former Democratic congressman who now heads the Central Intelligence Agency has been having a public disagreement with leading House Democrats about whether the CIA lies to Congress. There is a controversy about a secret CIA program to do something most Americans presumably want the CIA to do, to kill al Qaeda terrorists. Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBXDE86Vvnxggi9fB0TKM--_gJ5aIs3B8owovDVFx01D9h0cdfVUCI0JZ2tPdG-817RNQjetii36QdfLqCR8rMRR2mawDwPRWyDX_9du5Z45Iu80boJ0UQJH8YqHZI64a8z5FoorLfwfMwnerugc8wukWZVqnoG0GcH5ke3IZaXCftjUcKE2eDee ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cyber warfare and attribution ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Stories like the July 4th cyber attack are raising our awareness of the cyber battlefield. Given the media focus on bots, rootkits, and malware, it is easy to overlook the core of these attacks - human conflict. In the Art of War, Sun Tzu stressed the understanding of those who wield the weapons of war. Security expert Richard Stiennon of IT-Harvest applauds this perspective. Below are highlights from the SecureLexicon Art of War podcast with Mr. Stiennon. Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBUE9V9qpmfsKF9Wp29WzVahR0sHX4WaQzqNCVDDekqo-OGeOm4kwtO7rbqE7Dr1eweQIfnuD-Fumn1bVis0nn5sN6fp2QC0RTCI2O2lG_l1ChgSytjY8JX7LlDfo746VBVxNXDSfJHplfl4Us1Knp5F ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ So-called cyber attack was overblown ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To hear the media tell it, the United States suffered a major cyberattack last week. Stories were everywhere. "Cyber Blitz hits U.S., Korea" was the headline in Thursday's Wall Street Journal. North Korea was blamed. Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBXwHEHPIfP54FY0oZ6Nyta5EqPlpVAXkAD9wTYxB-o2wOCCOoyrVkbYiBp2GfGFjUW4n7ypYgnFA1JPFAlJgZyIJ-CfCXKLvd6Rl3s0Waxe30Mz3sum-V2Yz4Hj9_RrLlhScKHK22TWfdLvlC_lVKZBY3WHEEymrR3QJsC9qERP-g== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quick stats around the US-KR DDoS attacks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It's been a busy week here in the office, between investigating, helping customers and the operator community, investigating some more, and of course talking to the press. Here's some quick stats I have been running this afternoon on the attack using ATLAS data. This data comes from our monitors used in the backbone monitoring live traffic rates and actual DDoS attacks. We didn't see all of the attacks against all of the victims (some 47 unique victims counted by ShadowServer by analyzing all of the configuration files) but this, we think, may be representative of the attacks. The peak attack size we measured was about 182Mbps, or about 428Kpps. The average size of an attack was about 39Mbps. Earlier investigations a couple of days ago showed smaller attacks but I would still classify these as "garden variety" in their intensity (most things below a couple hundred Mbps are pretty easily filtered). Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBVHX6aL3yBgjaV3yCc-jQJsgfI7jTBDeAjVR-jyuY2avQJEQy8HXHj-dN-gPWekpbbc2J6lYNXaaLwP4azLGo-zrhKi6ppSct3Y3yf6GtGKaLu_WiqUhCeVqYuuK0PXidRkNbTzHdcer2KDX7ykOi-OUkg4J1OsVjkZa9YzQIdjuZkePdtaOrlSfw0nHjuTPbs= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DHS cyber initiative announced RFI for DDoS defense ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DHS holds an immediate requirement to issue an RFI (Request for information) to industry to gather interest for the DHS Cyber Initiative. Due to the expansive scope of the Cyber requirement, DHS wishes to involve as many sectors of industry as possible, to include small and "very small" solutions providers. In addition, due to the inherent security requirements, large and very large integrators will most likely play a prominent role in providing the necessary capabilities. Read on... - http://rs6.net/tn.jsp?et=1102644497295&s=3126&e=001vQcSMe75pBX9sFTEQ4lAgFMGfRN_WoNzn084tOZgTsOvuP4-T2eV9wsie2hyRoULUL8LeLGvNKkgvpprVxGCbuIE0VLn19oqm4ExKtBvet55OFuT1vHyO812MoUWVUVs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contact Information ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~email: news@it-harvest.comadvertising inquiries: karen@it-harvest.comweb: http://www.it-harvest.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Forward email http://ui.constantcontact.com/sa/fwtf.jsp?m=1101340448250&ea=ge%40linuxbox.org&a=1102644497295 This email was sent to ge () linuxbox org by news () it-harvest com. Update Profile/Email Address http://visitor.constantcontact.com/d.jsp?p=oo&v=001_D6q8SmIH1psVAwZuZmhL5XRw7fybUpzDhG1vfVAy1cmghzUiSlRlY-cFxjx-P0CtRrtE4y3ocQe58HiU7tS5w%3D%3D Instant removal with SafeUnsubscribe(TM) http://visitor.constantcontact.com/d.jsp?p=un&v=001_D6q8SmIH1psVAwZuZmhL5XRw7fybUpzDhG1vfVAy1cmghzUiSlRlY-cFxjx-P0CtRrtE4y3ocQe58HiU7tS5w%3D%3D Privacy Policy: http://ui.constantcontact.com/roving/CCPrivacyPolicy.jsp Email Marketing by Constant Contact(R) www.constantcontact.com IT-Harvest | 330 East Maple Rd | #406 | Birmingahm | MI | 48009
--- End Message ---
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- security spammers: [Fwd: New Coverage: Cyber Defense] Gadi Evron (Jul 20)