Military Communications and Information Technology: A Trusted ...
Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...
356 Military Communications and Information Technology... data objects. Squid handles all requests in a single, non-blocking, I/O-driven process over IPv4 or IPv6. Squid supports SSL, extensive access controls, and full request logging. By using the lightweight Internet Cache Protocol, Squid caches can be arranged in a hierarchy or mesh for additional bandwidth savings. For the project purposes it acts as an intermediary for requests from clients seeking resources from other servers. As RE in FCDS system it is used for blocking access to a dangerous/infected web services and informing the invoker that the page/resource consists of harmful content. All described RE are deployed on the edge of each protected domain. Such solution enables total separation from other domains in extraordinary situation. Moreover it enables immediate reaction. In more sophisticated scenario it is feasible to place these reaction elements in front of each computer in the network. Such solution would enable precise reaction in the case when internal terminal within the domain is infected (eg. broadcasts spam) or the user starts unauthorized actions. Common reaction in the federation is also possible in order to counteract external attacks (from outside the FoS). In this case all incoming network connections should be filtered. It is worth noticing, that not for all detected attacks will be possible preparation of full CDR (with reaction). In such situation experienced administrators will be able to prepare the CDR manually and send it to RE. CDRs may be prepared for limited time interval as well as they may be deactivated when they are obsolete. IV. Recemmendations and future work Presented FCDS enables information exchange between cooperating domains and reaction against cyber attacks. In reality such cooperation requires high level of trust between network owners. The paper describes implementation details of FCDS system which enables security measures improvement by multi-sensor attack detection and joint reaction. Cooperation among federated domains and cyber information sharing is crucial to enable detection of distributed attacks. Reliable and secure communication is required for sensor data collection, CDR distribution and Reaction element remote control. Future work will cover continuous development of ontology, machine learning techniques and statistical anomaly based approach. These techniques will improve DM capabilities in the area of precise attack detection and possible response to minimize the attack effects. In order to provide cyber information sharing capability with other systems FCDS must employ commonly accepted format. Some proposals are decrscribed in [3] which should be considered in the future. Moreover, trust management aspects shall be studied.
Chapter 4: Information Assurance & Cyber Defence 357 References [1] https://www.owasp.org/ [2] Network Centric Warfare: Developing and Leveraging Information Superiority, by Alberts, Garstka, and Stein, CCRP Press, 1999. [3] L. Beaudoin at all, Coalition Network Defence Common Operational Picture, NATO Information Systems and Technology Panel Symposium, Tallinn, Estonia, November 2010 http://ftp.rta.nato.int/public/PubFullText/RTO/MP/RTO-MP-IST-091/ MP-IST-091-P03.doc. [4] www.snort.org [5] www.ossec.net [6] www.arakis.pl [7] http://www.syslog.org/ [8] www.wombat-project.eu [9] http://www.honeyspider.org/ [10] M. Choraś, R. Kozik, R. Piotrowski, J. Brzostek, W. Holubowicz, Network Events Correlation for Federated Networks Protection System, In Abramowicz W. et al. (Eds).: Towards a Service Based Internet, LNCS, Springer-Verlag, 2011. [11] Borealis project homepage: http://www.cs.brown.edu/research/borealis/public/ [12] CLIPS project homepage: http://clipsrules.sourceforge.net/ [13] M. Choraś, R. Kozik, Network Event Correlation and Semantic Reasoning for Federated Networks Protection System, In Chaki N. et al. (Eds.): Computer Information Systems – Analysis and Technologies, Communications in Computer and Information Science CCIS, 48-54, Springer, 2011. [14] www.netfilter.org/ [15] http://www.bind9.net/ [16] http://www.squid-cache.org/ [17] www.balabit.com [18] www.cee.mitre.org
- Page 305 and 306: Commanding Multi-Robot Systems with
- Page 307 and 308: Chapter 3: Information Technology f
- Page 309 and 310: Chapter 3: Information Technology f
- Page 311 and 312: Chapter 3: Information Technology f
- Page 313 and 314: Chapter 3: Information Technology f
- Page 315 and 316: Chapter 3: Information Technology f
- Page 317 and 318: Application of CID Server in Decisi
- Page 319 and 320: Chapter 3: Information Technology f
- Page 321 and 322: Chapter 3: Information Technology f
- Page 323 and 324: Chapter 3: Information Technology f
- Page 325 and 326: Chapter 3: Information Technology f
- Page 327 and 328: Chapter 3: Information Technology f
- Page 329 and 330: Chapter 3: Information Technology f
- Page 331 and 332: Managing Lessons Learnt from Daily
- Page 333 and 334: Chapter 3: Information Technology f
- Page 335 and 336: Chapter 3: Information Technology f
- Page 337 and 338: Chapter 3: Information Technology f
- Page 339 and 340: Chapter 3: Information Technology f
- Page 341 and 342: Chapter 3: Information Technology f
- Page 343: Chapter 3: Information Technology f
- Page 347 and 348: Federated Cyber Defence System - Ap
- Page 349 and 350: Chapter 4: Information Assurance &
- Page 351 and 352: Chapter 4: Information Assurance &
- Page 353 and 354: Chapter 4: Information Assurance &
- Page 355: Chapter 4: Information Assurance &
- Page 360 and 361: 360 Military Communications and Inf
- Page 362 and 363: 362 Military Communications and Inf
- Page 364 and 365: 364 Military Communications and Inf
- Page 366 and 367: 366 Military Communications and Inf
- Page 368 and 369: 368 Military Communications and Inf
- Page 370 and 371: 370 Military Communications and Inf
- Page 372 and 373: 372 Military Communications and Inf
- Page 374 and 375: 374 Military Communications and Inf
- Page 377 and 378: Development of High Assurance Guard
- Page 379 and 380: Chapter 4: Information Assurance &
- Page 381 and 382: Chapter 4: Information Assurance &
- Page 383 and 384: Chapter 4: Information Assurance &
- Page 385 and 386: Chapter 4: Information Assurance &
- Page 387 and 388: Chapter 4: Information Assurance &
- Page 389 and 390: Chapter 4: Information Assurance &
- Page 391 and 392: Chapter 4: Information Assurance &
- Page 393 and 394: Chapter 4: Information Assurance &
- Page 395 and 396: Network Traffic Characteristics for
- Page 397 and 398: Chapter 4: Information Assurance &
- Page 399 and 400: Chapter 4: Information Assurance &
- Page 401 and 402: Chapter 4: Information Assurance &
- Page 403 and 404: Chapter 4: Information Assurance &
- Page 405 and 406: Chapter 4: Information Assurance &
Chapter 4: <strong>Information</strong> Assurance & Cyber Defence<br />
357<br />
References<br />
[1] https://www.owasp.org/<br />
[2] Network Centric Warfare: Developing <strong>and</strong> Leveraging <strong>Information</strong> Superiority,<br />
by Alberts, Garstka, <strong>and</strong> Stein, CCRP Press, 1999.<br />
[3] L. Beaudoin at all, Coalition Network Defence Common Operational Picture,<br />
NATO <strong>Information</strong> Systems <strong>and</strong> <strong>Technology</strong> Panel Symposium, Tallinn, Estonia,<br />
November 2010 http://ftp.rta.nato.int/public/PubFullText/RTO/MP/RTO-MP-IST-091/<br />
MP-IST-091-P03.doc.<br />
[4] www.snort.org<br />
[5] www.ossec.net<br />
[6] www.arakis.pl<br />
[7] http://www.syslog.org/<br />
[8] www.wombat-project.eu<br />
[9] http://www.honeyspider.org/<br />
[10] M. Choraś, R. Kozik, R. Piotrowski, J. Brzostek, W. Holubowicz, Network<br />
Events Correlation for Federated Networks Protection System, In Abramowicz W. et al.<br />
(Eds).: Towards a Service Based Internet, LNCS, Springer-Verlag, 2011.<br />
[11] Borealis project homepage: http://www.cs.brown.edu/research/borealis/public/<br />
[12] CLIPS project homepage: http://clipsrules.sourceforge.net/<br />
[13] M. Choraś, R. Kozik, Network Event Correlation <strong>and</strong> Semantic Reasoning for<br />
Federated Networks Protection System, In Chaki N. et al. (Eds.): Computer <strong>Information</strong><br />
Systems – Analysis <strong>and</strong> Technologies, <strong>Communications</strong> in Computer <strong>and</strong> <strong>Information</strong><br />
Science CCIS, 48-54, Springer, 2011.<br />
[14] www.netfilter.org/<br />
[15] http://www.bind9.net/<br />
[16] http://www.squid-cache.org/<br />
[17] www.balabit.com<br />
[18] www.cee.mitre.org