Title: NATIONAL CRIMINAL JUSTICE COMPUTER LABORATORY AND TRAINING CENTER SEARCH Computer Security for the E
1NATIONAL CRIMINAL JUSTICE COMPUTER LABORATORY
AND TRAINING CENTER(SEARCH)Computer Security
for the E-Government Organization Know the
Threatby Ross MayfieldAdvanced Internet
Investigation InstructorThis Excerpt has been
edited for non-sworn security personnel from
training presented to IRS, Treasury, ATF, Customs
and Secret Service Agents
2- Advanced Internet Investigation Class
3- Tactical Raid Technical Assistance
4 Overview Issues Why has computer hacking
finally reached the attention of Business and
Government Agencies? Downstream
Liability Reputation is on the line The losses
are now painfully realThere are two types of
organizations those who have had computer
security incidentsand those who are going
to.Tactical Engagement of Military Forces
across Computer Networks--is your organization in
the crosshairs of Foreign Military Planners.
5Information Security Threats for Justice Agencies
- Loss of Information Assets
- Loss of Trade Secrets
- Interruption of Business Processes - Denial of
Service Attacks - Competitive Intelligence Activities - Corporate
and Government Sponsored - Information Related Legal Liabilities
6Mayfields Paradox
Infinite
Cost
0.00
of Population that can Access System
100
7Computer Crime Overview Categories of Computer
CrimeInsider Crimes - suspects who have
legitimate access to a computer system, but who
exceed their authority and commit fraud, theft or
vandalism.Support of Criminal Enterprises -
examples, prostitution, narcotics trafficking,
bookies, forgeryMalicious Hackers - Factory
Default Entry, Maintenance Ports, Dumpster
Diving, Social Engineering, Technical
AttackTelecommunications Fraud - phone
phreaking, PBX fraud, Access Code fraud,
Call-Sell operationsComputer Contaminants -
viruses, worms, logic bombs, and Trojan
horsesPornography - child, bestiality,
etc.Espionage - government, military, export
restricted technologies, and businessComponent
Theft - stealing computers, memory chips, disk
drives, remarked components
8Security in Depth the systems level
approachPhysical Site armed assault team,
burglary, forged passes, walk in, office bugging,
finding backup tapesPersonnel integrity
issues, compromised by professional spies via
Money, Drugs, Sex and/or BlackmailPolicy
Attack Social Engineering, weaknesses in
training, preparation or perceptionTechnical
Infrastructure Attack Network Hacking, Tempest
Attack, Phone Communications
9Gaining Access to the physical site Where are
the computer backup tapes or disks Dumpster
Diving Bugging Offices Stakeout Pin
Cameras Keyboard TrapsHardware
Software Monitoring ProgramsCapture screen
output Sitting down to unlocked
terminals Plugging onto network connections
(sniffer)Compromising Trusted InsidersPolicy
Attacks Social Engineering Hacker Survey LAPD
Example Service Man ScamTechnical
Infrastructure Tempest Attack Telephone
tap Cell portable phone intercept Exploiting
Computer Network Connections
10Computer HackingThe typical hacker does not
understand security in depth at the systems
level, but rather knows a few good tricks or
recipes. The Loot, 80 do it for the money!
Most of the other 20 hold a grudge. Credit Card
Numbers and authorization information Transportat
ion and Event tickets (Airline, Train Bus
Tickets, Concert Movie Tickets) Long Distance
Services Voice Mailbox Usage (prostitution case
example) Mail order Products Hard Disk Storage
Area Competitive business intelligence, such as
customer/mailing lists, product plans, strategies
Information Services-Selling TRW
Information Free access to networks such as
InternetProspecting, finding computers to
hack Wardialers-Phone Phreaking Hacker BBS's,
Newsgroups and Web Siteskeeping up with the
other hackers Magazines periodicals Phone
Books SATAN, Hacking through networks like the
InternetAttack Methodologies Line
Monitors Login impersonation of the
computer User/password breaking Trojan horse,
Back door, trap door, man in the
middle Sniffing, network communication
monitor Spoofing, impersonation of an authorized
user or trusted host
11Your Agencys Responsibility
Due Diligence Reasonable and Prudent Actions
- Backup Information Assets Store Offsite
- Control Access and Especially Network Access
- Use Non-Trivial Passwords Authentication
- Use a Commercial Anti-Virus Software Solution
- Maintain Logs, Access, Audit Others
- Make Sure there is a Policy and Incident Plan
12Establishing Official Site Policy on Information
Asset SecurityCommand, Control and
CommunicationWho is responsible for and makes
the policy? Define the problem What is the
mission of this effort?Look at what you are
trying to protect what you need to protect it
from Theft of equipment Loss of information
assetsDetermine how likely the threats
are.Implement measures that will protect your
assets in a cost-effective manner.The most
important question to ask when fixing a broken
system is did it ever work?Never assign to
maliciousness, that which might be explained by
stupidity!
13Handling an IncidentHave a plan in place to
follow in case of an incidentA bad plan is
better than no plan at all - Marine Corps
ExampleHow, Why, When, and Where do you
activate your Computer Emergency Response
TeamStop the hemorrhaging, containment, and
restoration of critical systems, restore
controlWho needs to get involved Do you
contact Law Enforcement and Agencies Do you tell
the Press--what do you say to them if they show
up Do you report to the broader computer
security community Figure out how it
happened Avoid further incidents or escalation
of present engagement Do you find out who did it
do you punish them
14In Summary
- Discussed Computer Crime and Hacking
- Reasonable Prudent Actions
- Encouraged the development of Information
Security Polices and Plans - Suggested issues to be addressed in handling a
real incident
15Personal Note from Ross MayfieldI have been
fortunate to receive many awards and honors in my
life such as scholarships, degrees, patents,
commendations, an Adjunct Professorship, the
highest Technical Achievement Award of America's
biggest bank, and standing with the heroes of
China's Pro-democracy Movement when they were
crushed by the 27th Division of the People's
Liberation Army in Tien An Men Square. Please
know that I consider the privilege of standing
watch and serving my community with the officers
of LAPD and Torrance PD, the greatest honor of
all.