Intro, History, Hacking Welcome to Network Security Module Outline

Total Page:16

File Type:pdf, Size:1020Kb

Intro, History, Hacking Welcome to Network Security Module Outline Welcome to Network Security Should be able to Skills • identify design and • Ability to analyze the implementation security of networked Intro, history, hacking vulnerabilities in network systems protocols and applications • Ability to perform security • exploit such vulnerabilities assessments of a system Network Security in practice • Ability to fix vulnerabilities Lecture 1 • detect and protect from attacks Eike Ritter Network Security - Lecture 1 1 Module Outline Organization • Lectures • TCP/IP security – 2/week • Office hours • Web security – Tuesdays 4-5pm, and by appointment • Homework • Browser security – 2 assignments (mix of programming, network analysis, attacks) – Reading assignments, roughly once a week • Malicious web • Examination – 1.5 hours • Intrusion detection systems – Covers everything we discuss in class • Grading – 80% examination – 20% homework • Check http://www.cs.bham.ac.uk/~exr/teaching/lectures/networkSecurity/11_1 2 regularly for updates and news Eike Ritter Network Security - Lecture 1 2 Eike Ritter Network Security - Lecture 1 3 What is expected from you • Participate in lectures – Handouts are available (print and online), but they don’t cover everything – Be active: Something is not clear? Ask questions! • Absolutely no plagiarism Be familiar with School’s plagiarism policy – A brief history – It’s OK to discuss with others, but everything you submit must be yours NETWORK SECURITY • Any problem, doubt, special need; come talk to me Eike Ritter Network Security - Introduction 4 Eike Ritter Network Security - Lecture 1 5 ‘60 ‘70 • Advanced Research Projects Agency (ARPA) funds • UNIX, C, Email, Telnet, development of ARPANET FTP, TCP, Ethernet, • First four nodes in 1969 USENET – UCLA (Vint Cerf, Steve Crocker, Jon Postel, Leonard Kleinrock) • More hosts join the – SRI (Doug Engelbart) – UCSB (Glen Culler, Burton ARPANET Fried) – University of Utah • Uses the Network Control Protocol (NCP) through Information Message Processors (IMP) http://www.computerhistory.org/internet_history/full_size_images/1969 http://www.computerhistory.org/internet_history/full_size_images/1975 _4-node_map.gif _net_map.gif Eike Ritter Network Security - Lecture 1 6 Eike Ritter Network Security - Lecture 1 7 ‘80 … up to now • Berkeley UNIX includes • Even more hosts attach the TCP/IP suite to the Internet (sockets) • 1991: the Web is born • ARPANET standardizes (Tim Berners-Lee at on TCP/IP (1983) CERN) • MILNET detaches from • The dot-com boom and public network bust (ARPANET) • DNS http://www.computerhistory.org/internet_history/full_size_images/1988 _nsfnet_map.gif http://opte.org/maps/ Eike Ritter Network Security - Lecture 1 8 Eike Ritter Network Security - Lecture 1 9 Vulnerabilities Incidents • Stats from cert.org/stats/ • “Incident reports received - Given the widespread use of automated attack tools, attacks […] have become so commonplace […] provide little information with regard to assessing the scope and impact of attacks. Therefore, we stopped providing this statistic at the end of 2003.” Source: http://web.nvd.nist.gov/view/vuln/statistics • So, we just gave up… Eike Ritter Network Security - Lecture 1 10 Eike Ritter Network Security - Lecture 1 11 Terminology • Vulnerability – A flaw or weakness in a system's implementation that could be exploited to violate the system's security policy • Exploits – An attack that leverages a vulnerability to violate a system’s security policy HACKING, HACKERS Eike Ritter Network Security - Lecture 1 12 Eike Ritter Network Security - Lecture 1 13 What is a hacker? Phreaking • The term “hacker” was introduced at MIT in the 60s to • In 1971, John Draper learns that a toy whistle describe “computer wizards” found in Cap’n Crunch cereal box emits sounds at – “someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. 2600 Hz frequency Equally important, though, is the hacker's attitude. Computer programming must be a hobby, something done for fun, not out • The 2600 frequency was used by AT&T to of a sense of duty or for the money.” indicate that a trunk line was ready and available (Brian Harvey, UC Berkeley, http://www.cs.berkeley.edu/~bh/hacker.html) to route new call • It has been eventually used to denote “malicious hackers” • Free long-distance calls or “crackers”, that is, people that perform intrusions and misuse computer systems (blue box)… • More jargon: http://www.eps.mcgill.ca/jargon/jargon.html • John Draper arrested in 1972 for toll fraud Eike Ritter Network Security - Lecture 1 14 Eike Ritter Network Security - Lecture 1 15 Early problems The cuckoo’s egg • Bob Metcalfe, “The Stockings Were Hung by the • Cliff Stoll was a system administrator at LBL in Chimney with Care”, RFC 602, December 1973 1986 • “The ARPA Computer Network is susceptible to • While investigating an accounting discrepancy, he security violations for at least the three following discovers an account created without billing reasons” address – Sites used to physical limitations of access are not protected against unauthorized access (e.g., • Further investigation reveals the presence of an passwords which are easy to guess) intruder – “The TIP allows access to the ARPANET to a much wider audience than is thought or intended.” • Cliff Stoll decides to monitor the actions of the – “There is a lingering affection for the challenge of intruder instead of simply cutting him/her off breaking someone's system” (honeypot of sorts) Eike Ritter Network Security - Lecture 1 16 Eike Ritter Network Security - Lecture 1 17 The cuckoo’s egg – cont’d The Morris Worm • The vulnerability • On November 2, 1988, Robert T. Morris releases – Emacs provided a utility ( movemail ) to allow users to change spool file ownership and move it the Internet worm – At LBL it was installed setuid root • A mistake in the propagation procedure leads to • The exploit – The attacker used movemail to copy his own script over the atrun utility, the overload of infected machines which is run periodically with system privileges • Consequences • Internet had to be “turned off” – Intruder gained root access • RTM was sentenced to three years’ probation, a – Used the system to probe military systems in the MILNET $10,000 fine, and 400 hours of community – Looked for potentially sensitive documents searching for keywords like “SDI” (Strategic Defense Initiative), “nuclear”, “norad” service • Investigation – FBI involved • The Computer Emergency Response Team (CERT) – Conenctions traced back to Germany was created – In 1989 arrest of Markus Hess, who operated for the KGB Eike Ritter Network Security - Lecture 1 18 Eike Ritter Network Security - Lecture 1 19 The Morris Worm – cont’d Kevin Mitnick • 1981: breaks into Pac Bell phone center. 1year • Worm: self-replicating program that spreads probation. across a network of machines • 1982: cracks Pacific Telephone. 6 months of • Vulnerabilities & exploits juvenile prison. “Debug” function of sendmail , which enabled to • 1987: breaks into SCO. 3 years – probation. send an email with a program as a recipient • 1988: expelled from Pierce for • Worm sent a message with body that created a C program computer misuse which transferred the rest of the modules from the • 1992: cracks into California originating host, linked them, and executed them DMV – fingerd stack-based buffer overflow • 1994: breaks into San Diego Supercomputer Center – Weak passwords • 1995: well-publicized arrest – Trusted hosts (~/.rhost) (Shimomura and New York Time’s John Markoff) Eike Ritter Network Security - Lecture 1 20 Eike Ritter Network Security - Lecture 1 21 Kevin Mitnick – cont’d Other famous incidents • Christmas 1994 attack against San Diego Supercomputer • Summer 2001: Code Red Center (SDSC) – Exploits buffer overflow in IIS • Sophisticated TCP spoofing attack, which exploits the trust – Defaces the vulnerable site relationship between two hosts, x-terminal and server to display: – x-terminal: diskless host HELLO! Welcome to http://www.worm.com! – server: host providing boot images to x-terminal Hacked By Chinese! – x-terminal allows unauthenticated logins and commands from server • August 2003: Blaster worm – Exploits buffer overflow in DCOM RPC service of Windows and • Exploit binds a command shell to port 4444 of the infected target – DoS against server – Transfers payload on compromised machine via TFTP – Attacker spoofs server and injects command – SYN floods windowsupdate.com (but not # rsh x-terminal "echo + + >>/.rhosts" windowsupdate.microsoft.com) – Jeffrey Lee Parson, 18 year old, arrested Eike Ritter Network Security - Lecture 1 22 Eike Ritter Network Security - Lecture 1 23 Even more incidents Incidents overview • October 2005: Samy • Motivations • Techniques – Free phone calls Signaling attacks – XSS worm spreading on myspace.com – Test what is possible – – Displays the string “but most of all, Samy is my – Spy on military systems – Buffer overflows, hero”, sends a friend request to the author of the – Bragging rights privilege escalation, etc. worm, posts messages containing the payload to – Denial of service – Social engineering – Delay nuclear program in friends of the victim nation state (perhaps) – Network flooding – In 20 hours, it infected over one million users • Targeted systems – 0-day exploits, testing on July 2010: Stuxnet – Phone networks mock systems, etc. • – UNIX, Windows systems – Spies and reprograms industrial systems (e.g., – Web applications power plants, nuclear reactors) – Industrial control systems Eike Ritter Network
Recommended publications
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm on November 2, 1988, Robert Tappan Morris Releas
    Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm On November 2, 1988, Robert Tappan Morris released a worm into the internet. The experimental worm was the first of its kind. It replicated itself and programmed itself, so it ended up spreading much faster than Morris expected. It self-programmed and self-replicated at an exponential rate in a manner that had never been seen before. Morris knew this worm was not necessarily ethical, for he released it out of MIT instead of his own Cornell University. In due course, many computers across the United States had crashed because of Morris. Once he discovered how much damage the worm had been causing, he reached out to a friend at Harvard looking for a solution to stop it. They attempted in sending an anonymous message to the network with directions that could kill the worm, but the message came through too late since they system was clogged. Many significant computers at colleges, businesses and the military became infected. The cost to fix each computer ranged from $200 to over $53,000. The worm exploited vulnerabilities in computer systems and in the UNIX email software. Within 24 hours of releasing the worm, thousands of people were aware something was unusual. Eventually, it would infect ten percent of all computers using the internet. The Morris Worm was the largest malware case ever to reach this percentage. However, the percentage was so high due to the fact that the number of computers was much less than today. The computers it impacted included significant systems, such as Stanford’s, Berkley’s and NASA’s.
    [Show full text]
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies
    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
    [Show full text]
  • Combating Spyware in the Enterprise.Pdf
    www.dbebooks.com - Free Books & magazines Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you will find an assortment of value-added features such as free e-booklets related to the topic of this book, URLs of related Web site, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE EBOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These eBooks are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our ebooks onto servers in corporations, educational institutions, and large organizations.
    [Show full text]
  • Lesson 6: Hacking Malware
    LESSON 6 HACKING MALWARE Lesson 6: Malware WARNING The Hacker Highschool Project is a learning tool and as with any learning tool there are dangers. Some lessons if abused may result in physical injury. Some additional dangers may also exist where there is not enough research on possible effects of emanations from particular technologies. Students using these lessons should be supervised yet encouraged to learn, try, and do. However ISECOM cannot accept responsibility for how any information herein is abused. The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool Project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the HHS web page at http://www.hackerhighschool.org/licensing.html. The HHS Project is an open community effort and if you find value in this project we ask that you support us through the purchase of a license, a donation, or sponsorship. 2 Lesson 6: Malware Table of Contents WARNING....................................................................................................................................................2
    [Show full text]
  • IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions
    IBM Security Solutions May 2011 IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions Contents About the report 2 About the Report The IBM X-Force® Threat Insight Quarterly is designed to highlight some of the most significant threats and challenges 3 Evolution: From Nuisance to Weapon facing security professionals today. This report is a product of IBM Managed Security Services and the IBM X-Force 8 Prolific and Impacting Issues of Q1 2011 research and development team. Each issue focuses on specific challenges and provides a recap of the most significant recent 16 References online threats. IBM Managed Security Services are designed to help an organization improve its information security, by outsourcing security operations or supplementing your existing security teams. The IBM protection on-demand platform helps deliver Managed Security Services and the expertise, knowledge and infrastructure an organization needs to secure its information assets from Internet attacks. The X-Force team provides the foundation for a preemptive approach to Internet security. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches and evaluates vulnerabilities and security issues, develops assessment and countermeasure technology for IBM security products, and educates the public about emerging Internet threats. We welcome your feedback. Questions or comments regarding the content of this report should be addressed to [email protected]. 3 X-Force Threat Insight Quarterly IBM Security Solutions Evolution: From Nuisance to Weapon One of the more notable examples here is Brain3, a boot sector infector which originated in Pakistan and released in 1986, was Creeper, Wabbit, Animal, Elk Cloner, Brain, Vienna, Lehigh, one of the first examples of malware that infected PC’s running Stoned, Jerusalem.
    [Show full text]
  • Using Deception to Enhance Security: a Taxonomy, Model, and Novel Uses Mohammed H
    Purdue University Purdue e-Pubs Open Access Dissertations Theses and Dissertations January 2015 Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses Mohammed H. Almeshekah Purdue University Follow this and additional works at: https://docs.lib.purdue.edu/open_access_dissertations Recommended Citation Almeshekah, Mohammed H., "Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses" (2015). Open Access Dissertations. 1334. https://docs.lib.purdue.edu/open_access_dissertations/1334 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. Graduate School Form 30 Updated 1/15/2015 PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance This is to certify that the thesis/dissertation prepared By Almeshekah, Mohammed Hamoud Entitled Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses For the degree of Doctor of Philosophy Is approved by the final examining committee: Eugene H. Spafford Co-chair Mikhail J. Atallah Co-chair Samuel S. Wagstaff, Jr Matt Bishop To the best of my knowledge and as understood by the student in the Thesis/Dissertation Agreement, Publication Delay, and Certification Disclaimer (Graduate School Form 32), this thesis/dissertation adheres to the provisions of Purdue University’s “Policy of Integrity in Research” and the use of copyright material. Eugene H. Spafford Approved by Major Professor(s): William Gorman July 20th, 2015 Approved by: Head of the Departmental
    [Show full text]
  • Hacking Techniques in Wired Networks
    Hacking Techniques in Wired Networks Qijun Gu, Pennsylvania State University, University Park Peng Liu, Pennsylvania State University, University Park Chao-Hsien Chu, Pennsylvania State University, University Park Introduction Principles of Hacking Seven Steps of Hacking Overview of Hacking Toolkits Classifications of Hacking Toolkits Attacks against the Internet Infrastructure Attacks against DNS Attacks against TCP/IP Attacks against BGP Attacks against End Systems of the Internet Morris Worm Melissa Sadmind Code Red I and Code Red II Nimda SQL Slammer W32/Blaster Attacks against Enterprise Network Systems Attacks against Private Networks Attacks against Private Networks with Web Service Attacks against Firewalls and Virtual Private Networks Conclusion Keywords: Wired network, Security, Cyber attack, Vulnerability, Hack, Worm, Virus, Internet infrastructure, End system, Enterprise network Wired networks, especially the Internet, have already been indispensable in our daily activities. However, in the last 10 years, security “disasters” have challenged the design and development of networks and systems. Vulnerabilities in current systems are frequently exploited by hackers and attackers. Cyber attacks have become a more and more serious threat to our society. In order to better protect networks, this article gives an overview on a variety of hacking techniques. This article focuses on the objectives, principles, functionalities and characteristics of different types of hacking techniques in wired networks, and provides in-depth discussions on the common characteristics of cyber attacks, the structure and components of cyber attacks, and the relationships among cyber attacks. These discussions can help security professionals grasp the “soul” of a “new” cyber attack in an easier and quicker way. INTRODUCTION Nowadays, wired networks, especially the Internet, have already become a platform to support not only high-speed data communication, but also powerful distributed computing for a variety of personal and business processes every day.
    [Show full text]
  • Automating Cyber Attacks
    Automating Cyber Attacks HYPE AND REALITY AUTHORS Ben Buchanan John Bansemer Dakota Cary Jack Lucas Micah Musser NOVEMBER 2020 Established in January 2019, the Center for Security and Emerging Technology (CSET) at Georgetown’s Walsh School of Foreign Service is a research organization fo- cused on studying the security impacts of emerging tech- nologies, supporting academic work in security and tech- nology studies, and delivering nonpartisan analysis to the policy community. CSET aims to prepare a generation of policymakers, analysts, and diplomats to address the chal- lenges and opportunities of emerging technologies. During its first two years, CSET will focus on the effects of progress in artificial intelligence and advanced computing. CSET.GEORGETOWN.EDU | [email protected] 2 Center for Security and Emerging Technology NOVEMBER 2020 Automating Cyber Attacks HYPE AND REALITY AUTHORS Ben Buchanan John Bansemer Dakota Cary Jack Lucas Micah Musser ACKNOWLEDGMENTS The authors would like to thank Perri Adams, Max Guise, Drew Lohn, Igor Mikolic-Torreira, Chris Rohlf, Lynne Weil, and Alexandra Vreeman for their comments on earlier versions of this manuscript. PRINT AND ELECTRONIC DISTRIBUTION RIGHTS © 2020 by the Center for Security and Emerging Technology. This work is licensed under a Creative Commons Attribution- NonCommercial 4.0 International License. To view a copy of this license, visit: https://creativecommons.org/licenses/by-nc/4.0/. Document Identifier: doi: 10.51593/2020CA002 Cover photo: KsanaGraphica/ShutterStock. Contents EXECUTIVE SUMMARY III INTRODUCTION V 1 | THE CYBER KILL CHAIN 1 2 | HOW MACHINE LEARNING CAN (AND CAN’T) 11 CHANGE OFFENSIVE OPERATIONS 3 | CONCLUSION: KEY JUDGMENTS 21 ENDNOTES 29 Center for Security and Emerging Technology i iv Center for Security and Emerging Technology Executive Summary acking is a well-established part of statecraft.
    [Show full text]
  • The Ultimate Cybersecurity Guide for the It Professional
    THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL { 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 } THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL 2019 Welcome to our comprehensive guide on the basics of cybersecurity. Whether you've been in IT for a long time or are just starting out, there is an expectation that everyone in IT should have some degree of expo- sure to InfoSec. A good way to do that is to learn from and get connected in the community. Cybersecurity is a fascinating and rapidly evolving area of IT. And those that are involved are friendly people who care passionately about keeping us all safe. With information from over 150 sourced references, and personal input from The Howler Hub community of security experts, this guide contains the key information to help you: • Understand key concepts that drive the security professional. • Learn a common language to engage with cybersecurity professionals. • Connect with sources to stay up-to-date on this evolving field. • Engage with cybersecurity experts and the threat hunting community at large. CONTENTS 01 02 03 History of Attackers + Common Cybersecurity Their Motives Attacks <pg num="001" /> <pg num="005" /> <pg num="007" /> 04 05 06 Terms to Know Experts to Blogs to Read <pg num="009" /> Follow <pg num="014" /> <pg num="013" /> 07 08 09 Events to Books to Read Movies + Shows Attend <pg num="017" /> to Watch <pg num="015" /> <pg num="019" /> 10 11 12 Communities Become a References to Engage Threat Hunter <pg num="023" /> <pg num="021" /> <pg num="022" /> 13 Appendices <pg num="024" /> <pg num="001" /> SEC.
    [Show full text]
  • The Air Force Can Learn a Lot from What It Has Already Seen in Cyberspace. Old Lessons
    The Air Force can learn a lot from what it has already seen in cyberspace. Old Lessons, “New”By Rebecca Grant Domain Cape Cod radar tower in Massachusetts was a prototype for the SAGE air defense system. SAGE needed computers with memory, digital relays linking radar sites, and systems engineering to bring them together. 86 AIR FORCE Magazine / September 2013 ashington is once again strategic challenges, such as continental wrestling with how to tack- air defense in the 1950s and real-time le the military challenges command and control in the 1980s, of cyberspace. “The rise of fueled progress in the exploitation of Photos via MITRE Corp. cyber is the most striking cyberspace. development in the post-9/11 national In its infancy, the domain of cyber- Wsecurity landscape,” Chairman of the space did not look much like the clouds Joint Chiefs of Staff Army Gen. Martin and commons known around the globe E. Dempsey said in a June 27 speech at today. The special qualities of cyberspace the Brookings Institution. Dempsey said emerged only when computers gained about 4,000 new military cyber positions more memory and power and networks could be created. Perhaps 1,000 of those linked them together. may be within the Air Force. Responding to new growth in the In the (Cyber) Beginning cyber mission poses a challenge to the Back before social media, the World Air Force. Over the past decade, the Wide Web, the fi rst emails, and even USAF position has swung from taking before ARPAnet, the fi rst closed cy- a vigorous lead in the mission area to berspace system was the Air Force’s going slow on cyber—to avoid a po- Semi-automatic Ground Environment, tential “black hole” as Air Force Chief or SAGE.
    [Show full text]
  • Evolution of Cyber Security Invotra
    Evolution of cyber security Invotra Digital Workplace, Intranet and Extranet 700 bc Scytale used by Greece and Rome to send messages And kids ever since.. Image Source: https://commons.wikimedia.org/wiki/File:Skytale.png 1467 Alberti Cipher was impossible to break without knowledge of the method. This was because the frequency distribution of the letters was masked and frequency analysis - the only known technique for attacking ciphers at that time was no help. Image Source: https://commons.wikimedia.org/wiki/File:Alberti_cipher_disk.JPG 1797 The Jefferson disk, or wheel cypher as Thomas Jefferson named it, also known as the Bazeries Cylinder. It is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around their edge. Image Source: https://en.wikipedia.org/wiki/Jefferson_disk#/media/File:Jefferson%27s_disk_cipher.jpg 1833 Augusta Ada King-Noel, Countess of Lovelace was an English mathematician and writer, chiefly known for her work on Charles Babbage's proposed mechanical general-purpose computer, the Analytical Engine. She is widely seen as the world's first programmer Image Source: https://commons.wikimedia.org/wiki/File:Ada_Lovelace_portrait.jpg 1903 Magician and inventor Nevil Maskelyne interrupted John Ambrose Fleming's public demonstration of Marconi's purportedly secure wireless telegraphy technology. He sent insulting Morse code messages through the auditorium's projector. Image Source: https://en.wikipedia.org/wiki/Nevil_Maskelyne_(magician)#/media/File:Nevil_Maskelyne_circa_190 3.jpg 1918 The Enigma Machine. It was developed by Arthur Scherbius in 1918 and adopted by the German government and the nazi party Image Source: https://commons.wikimedia.org/wiki/File:Kriegsmarine_Enigma.png 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
    [Show full text]