The Transnational Dimension of Cyber Crime and Terrorism by Abraham D Sofaer & Seymour E. Goodman

Author:Abraham D Sofaer & Seymour E. Goodman [Sofaer, Abraham D & Goodman, Seymour E.]
Language: eng
Format: epub
Tags: Political Science, Essays
ISBN: 9780817999865
Google: SIcnAgAAQBAJ
Goodreads: 19148268
Publisher: Hoover Institution Press
Published: 2001-08-01T00:00:00+00:00

Fig. 2. The viewpoint from the defender’s position.

Fig. 3. Recovering the track of a packet.

A similar suggestion is made by Stephen Rizzi, who notes that technology for privacy-protecting packet tracing would also be desirable.15 All too often an intrusion event is not investigated extensively because current manual methods do not allow for timely or privacy-protected tracing of multihop attacks. Technology is needed to support near-realtime automated tracing of multihop attacks. Such technology should protect the identity of the institution requesting the trace, to avoid undesired publicity, and in addition, the tracing algorithm should not directly use internals of the message to trace the origin. Such an architecture could be accomplished by the installation of a “trace server” on each registered domain subnet.

With time, such a server could be as important as a firewall. To be useful, all networks willing to support a trace capability would have such a server. The trace server would keep track of all incoming and outgoing traffic, and reduce those exchanges to time-stamped records with origin, destination, and a message digest, such as the fingerprint mentioned above. All this information would be encrypted using the public key of a clearinghouse.16 A tracing request would originate from a subscriber to the clearinghouse, again, encrypted using the public key of the clearinghouse with a query stating the perceived origin of the attack, the date/time range, and a message digest of suspect communications. The automated system at the clearinghouse would then begin a series of queries to trace servers of networks implicated in the attack. The automated clearinghouse matches up the outgoing traffic of one network with incoming traffic of another, tracing the communications until the point of origin is reached.

The communication channels and information resources used for coordinating investigation of attacks must be separate from the information resources that are the targets of attack, and they must receive special protection. This can be accomplished through an overlay on the network, but its functionality and points of origin must be limited to avoid compromise of the overlay itself. Clearly, the design and operation of such channels is a matter for international cooperation. As noted earlier, a need exists for anonymous communications between incident responders under some conditions, which suggests that care be taken in implementing such “back-channel” facilities.

Integration of Defensive Technologies

Current defenses against a cyber attack include prevention mechanisms such as firewalls, intrusion detection and response components, and security management applications, but a lack of communication and coordination between vendors’ security components limits their effectiveness in large heterogeneous environments. Key technical and organizational issues limiting coordinated cyber defense across administrative and national boundaries can be identified, and challenges in achieving agreements between international organizations on how these technologies can be integrated are substantial.

Automated response to intrusions is a major need for defending critical systems. Vendors have developed products that support intrusion response.17 These products use proprietary protocols and are limited by an architecture that requires all response decisions to be made at a central controller. Because an adversary can

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.