cyberspace, cybersecurity cyberdefense · attack on data networks (ard) measures taken through the...
TRANSCRIPT
CYBERSPACE, CYBERSECURITY &
CYBERDEFENSE
(DEVELOPMENT BASIS FOR AN INTEGRATED CYBERDEFENSE SYSTEM)
CAPITAN DE NAVIO PABLO DANIEL SORRENTINO
ATTACK ON DATA NETWORKS (ARD)
MEASURES TAKEN THROUGH THE USE OF COMPUTER NETWORKS TO DISRUPT, DENY, DEGRADE OR DESTROY INFORMATION HELD IN WORKSTATIONS AND COMPUTER NETWORKS OF THE ADVERSARY, OR WORKSTATIONS AND NETWORKS THEMSELVES.
CYBERATTACK PROCESS
INFILTRATION MANEUVER ATTACK
RECOGNITION
EXPLORATION
ACCESS
EXFILTRATION
ASSAULT
SUSTENTATION
RECOGNITION
PUBLIC INFORMATION , WEB SITES & WEBS SERVERS
SOCIAL MEDIA – PIPL.COM – PHISHING – INDUCTION – EXTORTION – GARBAGE REVISION.
SEARCH ENGINES, GOOGLE HACKING, WHOIS.
DNS NSLOOKUP – DNSQUERY.ORG - DNSENUM
METADATA METAGOOFIL – EXFILTOOL – STRINGS – MALTEGO (DATA MINING)
EXPLORATION
INFRASTRUCTURE DISCOVERY
PORT SCANNING
SERVICES INTERROGATION
OPERATING SYSTEMAS
VULNERABILITY EVALUATION
NMAP NESSUS
METAEX CANVAS
ACCESS AND PRIVILEGE ESCALATION
AD
MIN
USER LEVEL N
:
USER LEVEL 2
USER LEVEL 1
UNAUTHENTICATED USER
HYDRA JHON THE RIPPER METAEXPL CANVAS
•CONFIDENTIALITY •AVAILABILITY
ATTACK •HARDWARE •SOCIAL ENGINEERING
PHYSICAL RESOURCES
•NETCAT •OPENPUFF •OUTGUESS •BACKDOORS
LOGICAL RESOURCES
EXFILTRATION
ASSAULT
• INFRAESTRUCTURE • PHYSICAL & LOGICAL • PLC • APT • SYN FLOOD • ICPM FLOOD • SMURF , UDP FLOOD
• SCADA ATTACK • HARDWARE • SOFTWARE • SIS. OPERATIVOS • APLICACIONES
• STACHELDARHT • DOS • DDOS • SYN FLOOD • ICPM FLOOD • SMURF • UDP FLOOD
• CAIN Y ABEL • ETTERCAP • NETCAT • MAN IN THE MIDDLE • ARP SPOFFING • DNS SPOFFING • WEB SPOFFING • MAIL SPOFFING • GPS SPOFFING • I P VOICE SPOFFING
DECEPTION DENEGATION
DEGRADATION DESTRUCTION
EFECT
SUSTENTATION
CONCEALMENT
TOR
BIT BLINDER
PERFECT DARK
PREDICTION
PREVENTION DETECTION
RESPONSE
CYBER DEFENSE CYCLE
CYBER INTELLIGENCE
* ACCESS CONTROL * SECURITY POLICIES * AUDIT
* MALWARE * APT *ANALITIC SECURITY
* CERT * CYBER OPs
COMMUNICATIONS SECURITY (CRYPTOGRAPHIC SYSTEMS)
PERIMETER DEFENSE
ACCESS CONTROL
MALWARE ATTACKS
EXFILTRATION
APT ANALYSIS
C.OPs
ACTUAL FOCUS CYBER DEFENSE
CICLO DE CIBERDEFENSA CYBER DEFENSE
CENTER
MALWARE PROTECTION
ACCESS CONTROL
APT PROTECTION
INTERNET
INTRANET
DOCTRINE & REGULATIONS DEPARTMENT
CRYPTOSYSTEMS DEPARTMENT
SISG
CYBER DEFENSE DEPARTMENT
DIRECT CYBER DEFENSE
Ciberdefensa Directa INDIRECT CYBER
DEFENSE AUDIT
CYBER DEFENSE CENTRE
CERT DEPARTMENT
INSPECTION & CONTROL
PROJECTS
DEFENSE MINISTRY
JOINT CYBER COMMAND
ARMY CYBER COMMAND
NAVY CYBER COMMAND
AIR FORCE CYBER COMMAND
NATIONAL CERT
STATES CERT
MUNICIPAL CERT
CRITIC INFRAESTRUCTURE
PROTECTION
CYBER SECURITY SECRETARY
COORDINATION ALERTS-INCIDENTS-RESPONSES