Military Communications and Information Technology: A Trusted ...
Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...
348 Military Communications and Information Technology... network. FCDS is the system that cooperates in Federation of Systems (FoS) in order to gain advantage over adversaries. FoS is an association of loosely coupled countries, states, companies, societies, or organizations, each retaining control of its own network. Domains in FoS are so connected or related as to produce results beyond those achievable by the individual systems alone. Recently, the concept of federated networks and systems has gained much attention in the context of military networks and NATO Network Enabled Capabilities (NNEC) [2]. Typical security solutions to prevent data and network infrastructures are firewalls, antivirus software, etc. They should be systematically updated according to the recommendations provided by vendors. Every network domain acts according to its own autonomous security policy which treats reaction to detected attacks as its internal activity. The lack of synchronization among network administrators causes that network security level depends on employed solutions and system administrator awareness and skills. Presented FCDS offers exchange of information related to security aspects (e.g. detected attacks and recommended reaction). This enables to achieve an effect of synergy where common reaction to identified malicious actions is more effective than many uncoordinated reactions realized by single domain. Exchange of information on threats, detected attacks and verified security metrics improves situational awareness in federated domains. Similarly, coordinated detection and reaction to attacks is more accurate, precise and adopted in timely manner. In this manner the federated networks resistance to attacks is increased. The advantage of FCDS is a capability to collect and correlate events aroused by various sensors spread in own and federated domains. In comparison, typical defense systems use only data provided by proprietary sensors. Heterogeneity of accepted events from various networks layers and domains allows to detect attacks and malicious actions faster that it was possible before joining the federation. In FCDS a response is prepared and applied to reactions elements of protected domain as fast as an attack is detected. II. System architecture FCDS is a system prototype designed for improvement of federated network cyber security. It consists of autonomous subsystems which are deployed in protected networks /domains (Figure 1). Each domain consists of FCDS elements: a number of sensors (S), one decision module (DM) and a number of reaction elements (RE). Sensors supply decision module with alarms about events observed in the network. Decision module performs reasoning and makes decision if the observed action is an attack and produces appropriate rules applicable to reaction elements. These rules include information how to respond to detected attack in order to minimize its undesirable effects. Decision modules deployed in autonomous networks share information about detected attacks and recommended reactions. It is assumed that
Chapter 4: Information Assurance & Cyber Defence 349 information exchange between them is voluntary as well as the use of recommended reactions depends on internal domain security policy and administrator decision. This approach enables to achieve synergy effect, when set of domains functioning together is able to produce a result not independently obtainable. Figure 1. FCDS architecture Proposed architecture consists of separated communication channels for the exchange of information between FoS partners. An advantage of this approach is the ability to decide which kind of information can be exchanged with a specific coalition partner. In contrast, the management of this structure is complex and error-prone. In case of a change in coalition membership, all domains have to update their communication relations. Thus, there is a huge management overhead for a large amount of 1-to-1 communication links [3]. III. Prototype implementation – applied methods and techniques Architecture described in previous paragraph was implemented in Java environment. For the purpose of testing there were created 3 domains, where functional elements are deployed. A. Sensors For every domain, a different set of sensors was used. Some of them are proprietary and some are widely used open source or commercial solutions. Each of them is deployed in a specific location (e.g. a network segment, a server) and acts in a different way. SNORT [4] is the most popular open source Network Intrusion Detection and Prevention System (NIDS/NIPS). It has the ability to carry out real-time traffic
- Page 298 and 299: 298 Military Communications and Inf
- Page 300 and 301: 300 Military Communications and Inf
- Page 302 and 303: 302 Military Communications and Inf
- Page 305 and 306: Commanding Multi-Robot Systems with
- Page 307 and 308: Chapter 3: Information Technology f
- Page 309 and 310: Chapter 3: Information Technology f
- Page 311 and 312: Chapter 3: Information Technology f
- Page 313 and 314: Chapter 3: Information Technology f
- Page 315 and 316: Chapter 3: Information Technology f
- Page 317 and 318: Application of CID Server in Decisi
- Page 319 and 320: Chapter 3: Information Technology f
- Page 321 and 322: Chapter 3: Information Technology f
- Page 323 and 324: Chapter 3: Information Technology f
- Page 325 and 326: Chapter 3: Information Technology f
- Page 327 and 328: Chapter 3: Information Technology f
- Page 329 and 330: Chapter 3: Information Technology f
- Page 331 and 332: Managing Lessons Learnt from Daily
- Page 333 and 334: Chapter 3: Information Technology f
- Page 335 and 336: Chapter 3: Information Technology f
- Page 337 and 338: Chapter 3: Information Technology f
- Page 339 and 340: Chapter 3: Information Technology f
- Page 341 and 342: Chapter 3: Information Technology f
- Page 343: Chapter 3: Information Technology f
- Page 347: Federated Cyber Defence System - Ap
- Page 351 and 352: Chapter 4: Information Assurance &
- Page 353 and 354: Chapter 4: Information Assurance &
- Page 355 and 356: Chapter 4: Information Assurance &
- Page 357: Chapter 4: Information Assurance &
- Page 360 and 361: 360 Military Communications and Inf
- Page 362 and 363: 362 Military Communications and Inf
- Page 364 and 365: 364 Military Communications and Inf
- Page 366 and 367: 366 Military Communications and Inf
- Page 368 and 369: 368 Military Communications and Inf
- Page 370 and 371: 370 Military Communications and Inf
- Page 372 and 373: 372 Military Communications and Inf
- Page 374 and 375: 374 Military Communications and Inf
- Page 377 and 378: Development of High Assurance Guard
- Page 379 and 380: Chapter 4: Information Assurance &
- Page 381 and 382: Chapter 4: Information Assurance &
- Page 383 and 384: Chapter 4: Information Assurance &
- Page 385 and 386: Chapter 4: Information Assurance &
- Page 387 and 388: Chapter 4: Information Assurance &
- Page 389 and 390: Chapter 4: Information Assurance &
- Page 391 and 392: Chapter 4: Information Assurance &
- Page 393 and 394: Chapter 4: Information Assurance &
- Page 395 and 396: Network Traffic Characteristics for
- Page 397 and 398: Chapter 4: Information Assurance &
Chapter 4: <strong>Information</strong> Assurance & Cyber Defence<br />
349<br />
information exchange between them is voluntary as well as the use of recommended<br />
reactions depends on internal domain security policy <strong>and</strong> administrator decision.<br />
This approach enables to achieve synergy effect, when set of domains functioning<br />
together is able to produce a result not independently obtainable.<br />
Figure 1. FCDS architecture<br />
Proposed architecture consists of separated communication channels for<br />
the exchange of information between FoS partners. An advantage of this approach<br />
is the ability to decide which kind of information can be exchanged with a specific<br />
coalition partner. In contrast, the management of this structure is complex <strong>and</strong><br />
error-prone. In case of a change in coalition membership, all domains have to update<br />
their communication relations. Thus, there is a huge management overhead<br />
for a large amount of 1-to-1 communication links [3].<br />
III. Prototype implementation – applied methods <strong>and</strong> techniques<br />
Architecture described in previous paragraph was implemented in Java environment.<br />
For the purpose of testing there were created 3 domains, where functional<br />
elements are deployed.<br />
A. Sensors<br />
For every domain, a different set of sensors was used. Some of them are proprietary<br />
<strong>and</strong> some are widely used open source or commercial solutions. Each of them is deployed<br />
in a specific location (e.g. a network segment, a server) <strong>and</strong> acts in a different way.<br />
SNORT [4] is the most popular open source Network Intrusion Detection<br />
<strong>and</strong> Prevention System (NIDS/NIPS). It has the ability to carry out real-time traffic