[ISN] Preparing for a Different Kind of Cyberattack

From: InfoSec News (isnat_private)
Date: Thu Nov 21 2002 - 23:18:22 PST

  • Next message: InfoSec News: "[ISN] Security Cert Provider Cries Foul"

    http://www.eweek.com/article2/0,3959,717180,00.asp
    
    By Dennis Fisher 
    November 20, 2002
    
    While many agencies are still licking their wounds from once again
    failing their annual information security test, the Department of
    Defense and the National Security Agency on Thursday will announce a
    new partnership that could go a long way toward shoring up the
    security of the government's networks.
    
    The new agreement is a joint research and development initiative with
    Lancope Inc., to build an advanced intrusion-detection appliance for
    use both inside the government and in the private sector. Code-named
    the Therminator, the appliance will incorporate Lancope's
    StealthWatch, behavior-based IDS system with a new data-reduction and
    visualization technology developed by the government.
    
    Perhaps indicating the government's current emphasis on information
    security, the organizations have set forth an aggressive development
    schedule and are hoping to deploy a prototype appliance within six
    months.
    
    A key component of the box is the visualization technology developed
    at the Naval War College by Dave Ford, special assistant to the Secure
    Network Technology Office at the NSA, in Fort Meade, Md. The
    technology uses some advanced math related to the temperature of
    matter to represent the incoming data flow on a network. The data flow
    is shown in a series of bar graphs plotted by time and colored to show
    anomalies.
    
    "It allows you to see the characteristics of a data stream. Events
    like Code Red cause visual changes in the color display," said John
    Copeland, co-founder and chief scientist at Lancope, based in Atlanta.  
    "The main problem with all of this incoming data is there's so much of
    it, how do you reduce it to something that's usable?"
    
    The government's main goal with this initiative is to develop a
    technology that's capable of identifying and repelling attacks that
    don't adhere to known patterns or signatures. Conventional IDS systems
    rely on signature files, much like anti-virus products do, and are
    essentially blind to new attack techniques.
    
    Several top officials in the Bush administration have said repeatedly
    that they believe terrorists and hostile nations will soon begin using
    the Internet as a key attack platform, if they're not already doing
    so.
    
    "The DoD is expecting non-patterned attacks," Copeland said. "If they
    recognize that it's taking place, then they can use other tools to
    investigate what's happening. The military wants to be prepared."
    
    Lancope plans to integrate the Therminator's core technology into its
    commercial offerings at some point, as well.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Nov 22 2002 - 02:09:16 PST