Military Communications and Information Technology: A Trusted ...
Share Embed Flag
Download ePaper

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...

wil.waw.pl
22.01.2015 Views

356 Military Communications and Information Technology... data objects. Squid handles all requests in a single, non-blocking, I/O-driven process over IPv4 or IPv6. Squid supports SSL, extensive access controls, and full request logging. By using the lightweight Internet Cache Protocol, Squid caches can be arranged in a hierarchy or mesh for additional bandwidth savings. For the project purposes it acts as an intermediary for requests from clients seeking resources from other servers. As RE in FCDS system it is used for blocking access to a dangerous/infected web services and informing the invoker that the page/resource consists of harmful content. All described RE are deployed on the edge of each protected domain. Such solution enables total separation from other domains in extraordinary situation. Moreover it enables immediate reaction. In more sophisticated scenario it is feasible to place these reaction elements in front of each computer in the network. Such solution would enable precise reaction in the case when internal terminal within the domain is infected (eg. broadcasts spam) or the user starts unauthorized actions. Common reaction in the federation is also possible in order to counteract external attacks (from outside the FoS). In this case all incoming network connections should be filtered. It is worth noticing, that not for all detected attacks will be possible preparation of full CDR (with reaction). In such situation experienced administrators will be able to prepare the CDR manually and send it to RE. CDRs may be prepared for limited time interval as well as they may be deactivated when they are obsolete. IV. Recemmendations and future work Presented FCDS enables information exchange between cooperating domains and reaction against cyber attacks. In reality such cooperation requires high level of trust between network owners. The paper describes implementation details of FCDS system which enables security measures improvement by multi-sensor attack detection and joint reaction. Cooperation among federated domains and cyber information sharing is crucial to enable detection of distributed attacks. Reliable and secure communication is required for sensor data collection, CDR distribution and Reaction element remote control. Future work will cover continuous development of ontology, machine learning techniques and statistical anomaly based approach. These techniques will improve DM capabilities in the area of precise attack detection and possible response to minimize the attack effects. In order to provide cyber information sharing capability with other systems FCDS must employ commonly accepted format. Some proposals are decrscribed in [3] which should be considered in the future. Moreover, trust management aspects shall be studied.

Chapter 4: Information Assurance & Cyber Defence 357 References [1] https://www.owasp.org/ [2] Network Centric Warfare: Developing and Leveraging Information Superiority, by Alberts, Garstka, and Stein, CCRP Press, 1999. [3] L. Beaudoin at all, Coalition Network Defence Common Operational Picture, NATO Information Systems and Technology Panel Symposium, Tallinn, Estonia, November 2010 http://ftp.rta.nato.int/public/PubFullText/RTO/MP/RTO-MP-IST-091/ MP-IST-091-P03.doc. [4] www.snort.org [5] www.ossec.net [6] www.arakis.pl [7] http://www.syslog.org/ [8] www.wombat-project.eu [9] http://www.honeyspider.org/ [10] M. Choraś, R. Kozik, R. Piotrowski, J. Brzostek, W. Holubowicz, Network Events Correlation for Federated Networks Protection System, In Abramowicz W. et al. (Eds).: Towards a Service Based Internet, LNCS, Springer-Verlag, 2011. [11] Borealis project homepage: http://www.cs.brown.edu/research/borealis/public/ [12] CLIPS project homepage: http://clipsrules.sourceforge.net/ [13] M. Choraś, R. Kozik, Network Event Correlation and Semantic Reasoning for Federated Networks Protection System, In Chaki N. et al. (Eds.): Computer Information Systems – Analysis and Technologies, Communications in Computer and Information Science CCIS, 48-54, Springer, 2011. [14] www.netfilter.org/ [15] http://www.bind9.net/ [16] http://www.squid-cache.org/ [17] www.balabit.com [18] www.cee.mitre.org

Chapter 4: <strong>Information</strong> Assurance & Cyber Defence<br />

357<br />

References<br />

[1] https://www.owasp.org/<br />

[2] Network Centric Warfare: Developing <strong>and</strong> Leveraging <strong>Information</strong> Superiority,<br />

by Alberts, Garstka, <strong>and</strong> Stein, CCRP Press, 1999.<br />

[3] L. Beaudoin at all, Coalition Network Defence Common Operational Picture,<br />

NATO <strong>Information</strong> Systems <strong>and</strong> <strong>Technology</strong> Panel Symposium, Tallinn, Estonia,<br />

November 2010 http://ftp.rta.nato.int/public/PubFullText/RTO/MP/RTO-MP-IST-091/<br />

MP-IST-091-P03.doc.<br />

[4] www.snort.org<br />

[5] www.ossec.net<br />

[6] www.arakis.pl<br />

[7] http://www.syslog.org/<br />

[8] www.wombat-project.eu<br />

[9] http://www.honeyspider.org/<br />

[10] M. Choraś, R. Kozik, R. Piotrowski, J. Brzostek, W. Holubowicz, Network<br />

Events Correlation for Federated Networks Protection System, In Abramowicz W. et al.<br />

(Eds).: Towards a Service Based Internet, LNCS, Springer-Verlag, 2011.<br />

[11] Borealis project homepage: http://www.cs.brown.edu/research/borealis/public/<br />

[12] CLIPS project homepage: http://clipsrules.sourceforge.net/<br />

[13] M. Choraś, R. Kozik, Network Event Correlation <strong>and</strong> Semantic Reasoning for<br />

Federated Networks Protection System, In Chaki N. et al. (Eds.): Computer <strong>Information</strong><br />

Systems – Analysis <strong>and</strong> Technologies, <strong>Communications</strong> in Computer <strong>and</strong> <strong>Information</strong><br />

Science CCIS, 48-54, Springer, 2011.<br />

[14] www.netfilter.org/<br />

[15] http://www.bind9.net/<br />

[16] http://www.squid-cache.org/<br />

[17] www.balabit.com<br />

[18] www.cee.mitre.org

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!