information assurance and computer security. overview threat defined categories of threats specific...
TRANSCRIPT
Information Assurance
andComputer Security
OVERVIEW
• Threat defined
• Categories of threats
• Specific types of threats
• Historical turncoats
• Your responsibilities
What is a threat?
• Any circumstance or event with the potential to cause harm to an information system in the form of destruction, disclosure, adverse modification of data, and/or denial of service
• Current and perceived capability, intention, or attack directed to cause denial of service, corruption, compromise, or fraud, waste, and abuse to an information system
Categories of Threats
• Technical- hardware, software, or
design deficiency… often vulnerable right out
of the box
• Administrative- inadequate or incorrect
implementation of existing security features- not a design flaw but rather poor policy, process or procedure
What are the types of threats?• Unintentional Threats
- spilled food or liquid
- downloaded game or software
- disabled anti-virus software
- unattended computer
with no locked keyboards
or screensavers
- accidental deletion or modification of files
Types of Threats…cont’d
• Intentional Threats -
- Social engineering
- Elicitation
- Computer network attack
- The insider threat
Types of Threats...cont’d
• Intentional Threats- Social engineering
- Elicitation
- Computer network attack
- The insider threat
Types of Threats...cont’d
• Intentional Threats- Social engineering
- Elicitation
- Computer network attack
How are they attacked?
- The insider threat
Intentional Threats …cont’d
- Computer network attacks
The Internet…perhaps our largest daily threat
--Cookies
--Mobile code, malicious code & spy-ware
--Use of home internet service provider
--OPSEC…or lack of it
--Distributed denial of service
--Hoaxes
--Spam
Types of Threats...cont’d
• Intentional Threats- Social engineering
- Elicitation
- Computer network attack
- The insider threat
Would insiders really steal information?
Famous Turncoats
• Benedict Arnold
-Appointed by George Washington to a position in the Continental Congress…a trusted position.
- He was caught trying to smuggle classified documents to the British in 1780.
Famous Turncoats• The Rosenburgs (Ethel and Julius)
Controversial case; convicted of spying for the Soviet Union
• Passed secret of the “A” bomb to the Soviets (from the Manhattan Project)
• Judge Irving Kaufman found them guilty of espionage and said “ they contributed to the communist aggression and 50,000 deaths of the Korean War.”
Famous Turncoats• Both were executed in 1953 for
Conspiracy to Commit Espionage. • In 1995 NSA released de-crypted
evidence of their involvement.
• In his memoirs posthumously published in 1990 Nitkita Khrushchev praised both of them for their “very significant help in the production of the atomic bomb.”
Famous Turncoats
• Aldrich Ames…The Chief of Counterintelligence in Eastern Europe and the Soviet Union
• CIA employee for 31 years
• Sold the names of all his co-worker spies to the Soviet Union for $50,000
• “The most damaging spy case in the history of this country”…….NSI, 1995… NSI . org
Famous Turncoats
• Ultimately betrayed more than 100 operations and received $3 million.
• His betrayal led to the execution of 10 KGB (Soviet) double agents and 11 US agents.
CIA IG report 1994
Famous Turncoats A little close to home…….
• Brian P. Regan…worked for the
super-secret National Reconnaissance Office; they design and operate spy satellites…Top Secret information
• Arrested Aug 23, 2002, with classified information in his possession
• Stole, copied, and buried over 20,000 pages of documents classified as Top Secret or higher…
Brian Regan• Buried documents in 19 locations including state parks…detailed information on satellites, early warning systems, missile site coordinates, and WMD
• Wrote letter to Saddam Hussein…offered to sell Top Secret information for $13 million …also had identical letters on his computer to China, Iran, and Libya
• Regan was bitter over “the small pension received for years of service”…..who was the service with?
A little close to home………………
Brian P. Regan
Master Sergeant, USAF, Retired
38 year-old, father of four, deeply in debt and in 2003 sentenced to life in
prison…lost his “small pension”
What can I do to help?What are my Responsibilities?
• Fight the insider threat
- protect your access to
information (physical access)…keys/doors, personnel rosters ...physical security
-protect your electronic access…don’t share passwords, access cards, codes, etc.
-report shoulder surfers or suspicious activity
What are my Responsibilities?
• Use your virus software– Run on start-up and weekly minimum– Use it on your home computer too– Scan all removable media (disks,
DVDs,CDs) before each use– Save and scan attachments (especially all high risk)
What Are My Responsibilities?• Don’t load software
or programs on
government computers
without permission.
-including freeware
• Don’t talk about official
business in open
chat rooms or forums.
What are my Responsibilities?
• Don’t post your email address in chat rooms, forums, or message boards.
• Report violations or suspicious activity.
-pornography
-loading personal software
-revealing sensitive
information
-failure to take security measures
SUMMARY
• Threat defined
• Categories of threats
• Specific types of threats
• Historical turncoats
• Your responsibilities
“ The truth is that there’s an enemy that still lurks out there. And we must continue to work together to protect our country…the most solemn duty of government is to protect American people.”George W. Bush, January 23, 2004