DEFENSIVE PREVENTIVE INFORMATION WARFARE TOOLS AND TACTICS

 < Day Day Up > 



Some five years after the military pioneered intrusion-detection systems, the Defense Department may soon require its massive networked systems be protected by round-the-clock intrusion-detection monitoring to defend against hacker or denial-of-service attacks. The Defense Department is developing a policy that would mandate use of intrusion-detection systems in all military networks. In a move that could have industry-wide implications, the agency charged with mapping the security plan could give the military the option to outsource the job. By outsourcing intrusion detection, the Defense Department will go a long way toward legitimizing for the commercial environment the still-controversial idea of handing over large, sensitive security tasks to service providers.

The Defense Department has more than 36,000 computer networks that handle everything from weapons systems command-and-control to inventory to payroll. Roughly 12% of Defense Department networks, such as satellite links, are considered mission-critical.

Under this draft policy, every Defense Department entity will need to have a computer network-detection service provider, which could be a Defense Department entity or a commercial entity. Thus, the Defense Information Systems Agency (DISA) is responsible for defining the intrusion-detection plan. Whether the Navy, Army, or Air Force should buy commercial intrusion-detection software or entrust network protection to an outside service provider should be decided on a case-by-case basis.

The military helped pioneer intrusion-detection systems by building its own software from scratch back in 1996. But since then, various parts of the military have deployed products from vendors that include Internet Security Systems, Axent (just purchased by Symantec), Cisco,[ii] and Network Ice. Today only a fraction of the military’s overall networked systems are guarded by any form of intrusion detection.

When the final decision on the mandatory intrusion-detection systems will arrive is unclear. But deliberations taking place among the military’s Joint Chiefs of Staff underscore their determination to do whatever it takes to prevent hackers and denial-of-service attacks from disrupting its networks.

Some defense-related agencies, such as the secretive National Security Agency (NSA) in Fort Meade, Maryland, already require round-the-clock monitoring of computer hosts and networks. Every system within NSA is monitored. In the Defense Intelligence Agency, it’s the same sort of situation.

One difficulty in deploying intrusion-detection software is that it must be regularly updated to include new attack signatures, because new hacker exploits are discovered all the time. In addition, intrusion-detection software can record “false positives,” a false alarm about trouble, and software occasionally needs to be fine-tuned to work correctly. These types of challenges, along with the difficulty in hiring security experts to manage intrusion detection, is spurring security services in which intrusion detection is done remotely in the service provider’s data centers or with hired help on-site.

The NSA, which in 2000 created a stir when it declared it might outsource security for internal servers and networks, is on track to outsource its security, having issued a request for proposal (RFC) that could be awarded in 2002. Due to the sensitivity of the project, only three systems integrators (Computer Sciences Corp. is known to be among them) are allowed to bid on the undertaking.

Not all attempts by the federal government to put large-scale intrusion-detection systems in place have succeeded. Back in 2000, President Clinton unveiled his goal of creating the Federal Intrusion Detection Network as part of what was called the National Plan for Information Systems Protection. The White House envisioned a government-wide intrusion-detection network to monitor activities across civilian and defense networks called FIDNet.

The idea, though, generated a firestorm of criticism from civil liberties groups that argued FIDNet’s monitoring of citizens would constitute an invasion of privacy.[iii] Although the General Services Administration issued a draft RFP for FIDNet, GSA indicates the idea has been shelved.

Others are just not sold on the idea of outsourcing security to services providers. They’ve opted not to go with managed security. With managed security services, you’re giving away the keys to the castle in some respects. Therefore, any organization that wants to take advantage of managed security services has to share detailed knowledge about its operations so that intrusion-detection systems can be properly used.

[ii]John R. Vacca, High-Speed Cisco Networks: Planning, Design, and Implementation, CRC Press, 2002.

[iii]John R. Vacca, Net Privacy: A Guide to Developing & Implementing an Ironclad ebusiness Privacy Plan, McGraw-Hill, 2001.



 < Day Day Up > 



Computer Forensics. Computer Crime Scene Investigation
Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)
ISBN: 1584500182
EAN: 2147483647
Year: 2002
Pages: 263
Authors: John R. Vacca

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net