Military Communications and Information Technology: A Trusted ...
Share Embed Flag
Download ePaper

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...

wil.waw.pl
22.01.2015 Views

348 Military Communications and Information Technology... network. FCDS is the system that cooperates in Federation of Systems (FoS) in order to gain advantage over adversaries. FoS is an association of loosely coupled countries, states, companies, societies, or organizations, each retaining control of its own network. Domains in FoS are so connected or related as to produce results beyond those achievable by the individual systems alone. Recently, the concept of federated networks and systems has gained much attention in the context of military networks and NATO Network Enabled Capabilities (NNEC) [2]. Typical security solutions to prevent data and network infrastructures are firewalls, antivirus software, etc. They should be systematically updated according to the recommendations provided by vendors. Every network domain acts according to its own autonomous security policy which treats reaction to detected attacks as its internal activity. The lack of synchronization among network administrators causes that network security level depends on employed solutions and system administrator awareness and skills. Presented FCDS offers exchange of information related to security aspects (e.g. detected attacks and recommended reaction). This enables to achieve an effect of synergy where common reaction to identified malicious actions is more effective than many uncoordinated reactions realized by single domain. Exchange of information on threats, detected attacks and verified security metrics improves situational awareness in federated domains. Similarly, coordinated detection and reaction to attacks is more accurate, precise and adopted in timely manner. In this manner the federated networks resistance to attacks is increased. The advantage of FCDS is a capability to collect and correlate events aroused by various sensors spread in own and federated domains. In comparison, typical defense systems use only data provided by proprietary sensors. Heterogeneity of accepted events from various networks layers and domains allows to detect attacks and malicious actions faster that it was possible before joining the federation. In FCDS a response is prepared and applied to reactions elements of protected domain as fast as an attack is detected. II. System architecture FCDS is a system prototype designed for improvement of federated network cyber security. It consists of autonomous subsystems which are deployed in protected networks /domains (Figure 1). Each domain consists of FCDS elements: a number of sensors (S), one decision module (DM) and a number of reaction elements (RE). Sensors supply decision module with alarms about events observed in the network. Decision module performs reasoning and makes decision if the observed action is an attack and produces appropriate rules applicable to reaction elements. These rules include information how to respond to detected attack in order to minimize its undesirable effects. Decision modules deployed in autonomous networks share information about detected attacks and recommended reactions. It is assumed that

Chapter 4: Information Assurance & Cyber Defence 349 information exchange between them is voluntary as well as the use of recommended reactions depends on internal domain security policy and administrator decision. This approach enables to achieve synergy effect, when set of domains functioning together is able to produce a result not independently obtainable. Figure 1. FCDS architecture Proposed architecture consists of separated communication channels for the exchange of information between FoS partners. An advantage of this approach is the ability to decide which kind of information can be exchanged with a specific coalition partner. In contrast, the management of this structure is complex and error-prone. In case of a change in coalition membership, all domains have to update their communication relations. Thus, there is a huge management overhead for a large amount of 1-to-1 communication links [3]. III. Prototype implementation – applied methods and techniques Architecture described in previous paragraph was implemented in Java environment. For the purpose of testing there were created 3 domains, where functional elements are deployed. A. Sensors For every domain, a different set of sensors was used. Some of them are proprietary and some are widely used open source or commercial solutions. Each of them is deployed in a specific location (e.g. a network segment, a server) and acts in a different way. SNORT [4] is the most popular open source Network Intrusion Detection and Prevention System (NIDS/NIPS). It has the ability to carry out real-time traffic

Chapter 4: <strong>Information</strong> Assurance & Cyber Defence<br />

349<br />

information exchange between them is voluntary as well as the use of recommended<br />

reactions depends on internal domain security policy <strong>and</strong> administrator decision.<br />

This approach enables to achieve synergy effect, when set of domains functioning<br />

together is able to produce a result not independently obtainable.<br />

Figure 1. FCDS architecture<br />

Proposed architecture consists of separated communication channels for<br />

the exchange of information between FoS partners. An advantage of this approach<br />

is the ability to decide which kind of information can be exchanged with a specific<br />

coalition partner. In contrast, the management of this structure is complex <strong>and</strong><br />

error-prone. In case of a change in coalition membership, all domains have to update<br />

their communication relations. Thus, there is a huge management overhead<br />

for a large amount of 1-to-1 communication links [3].<br />

III. Prototype implementation – applied methods <strong>and</strong> techniques<br />

Architecture described in previous paragraph was implemented in Java environment.<br />

For the purpose of testing there were created 3 domains, where functional<br />

elements are deployed.<br />

A. Sensors<br />

For every domain, a different set of sensors was used. Some of them are proprietary<br />

<strong>and</strong> some are widely used open source or commercial solutions. Each of them is deployed<br />

in a specific location (e.g. a network segment, a server) <strong>and</strong> acts in a different way.<br />

SNORT [4] is the most popular open source Network Intrusion Detection<br />

<strong>and</strong> Prevention System (NIDS/NIPS). It has the ability to carry out real-time traffic

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!