Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: Greg Oslan | The new war machine

Greg Oslan | The new war machine

From: InfoSec News <alerts_at_infosecnews.org>
Date: Wed, 26 Sep 2007 00:02:27 -0500 (CDT)

http://www.gcn.com/print/26_25/45086-1.html

By William Jackson
GCN Home
09/24/07 issue

GCN Interview with Greg Oslan, chief executive officer and president at
Narus
        
How close are we to cyberwarfare? Pretty close, said Greg Oslan, chief
executive officer and president at Narus, a provider of traffic analysis
software for carrier networks. The company helps large IP networks see,
analyze and manage traffic from a growing number of dynamic
applications. Knowing what traffic is on a network and understanding it
is essential to providing adequate security because security cannot be
achieved today at the endpoint, he said. Not surprisingly, Oslan has a
front-row view of malicious traffic passing through the Internet and
efforts to ward off full-scale warfare via the network.

GCN: What constitutes cyberwarfare?

OSLAN: This is my opinion only, but I think that what would constitute
an act of war over the Internet would be something that maliciously,
directly cripples a countrys ability to function. If somebody brought
down our electrical infrastructure and crippled our economy, I think
that would be an act of war. How we could treat that, government to
government, is a policy question. You are not using guns and bullets
anymore. What is the appropriate response as your armies move from
physical entities to virtual entities?

GCN: What can you tell us about what you saw of the Estonia attacks?

OSLAN: It was the volume and coordination of the attacks that
distinguished them. It wasnt just one computer or one Web site that was
targeted; this was spread across the entire country from the libraries
to government institutions. We have information in this country of other
countries trying to gain access to our machines. Its kind of a new Cold
War. In the 1950s and 60s, [the Soviets] would send fighters into the
Alaskan airspace and see how fast wed respond and of course, wed do the
same. The same thing is now occurring on the Internet. One country says,
How many different sites can I break into in the U.S.? And then the
United States responds, and they want to know how quickly we fill those
holes.

GCN: What is the likelihood of a cyberwarfare attack against us that
goes beyond that tit-for-tat push against the edges?

OSLAN: The bigger global issue is [that information technology] as a
service medium rather than as a transport medium is in its infancy so
far as being understood on a global scale. People are protecting their
small pieces, but there are no stand-alone pieces. They are all
connected to everything else in the world. Having a firewall is not good
enough, or having an intrusion-detection system is not good enough.
Having both is not good enough. Systems that manage and protect on a
more holistic scale are what are going to be required.

GCN: How vulnerable is the United States critical infrastructure to this
kind of attack?

OSLAN: There are just too many holes. There are so many institutions
that people have already penetrated. The [Army] War College Web site was
down for two or three weeks, and that was pretty embarrassing because
they are the ones who are being taught to protect against cybercrime.
Its a safe assumption that were pretty much all in the same boat, and
our infrastructure is absolutely susceptible. There is debate over how
big of a threat that is. There is no question there are isolated
threats, and there are component systems that could be penetrated and
brought down. But there is no one who believes they could bring down the
entire electrical infrastructure or gain access to nuclear power plants.
Whether that is true or not, I dont know.

GCN: Given the interconnected nature of the infrastructure and the need
for a cooperative approach to securing it, do we have the international
cooperation we need to provide this security?

OSLAN: This is a huge problem and one that is not well understood. Some
70 percent of the worlds Internet traffic now flows through the United
States. Thats going to change over the next several years. Other foreign
countries are not comfortable with all of that traffic flowing through
the United States, and youre going to see major distribution points
being set up overseas and then it gets really complicated. This is going
to give rise to a whole new thought process about protecting the
borders.

GCN: What can be done at the national and carrier infrastructure levels
to protect against these threats?

OSLAN: It is going to be a fine balance between the carriers
requirements to protect their own infrastructure because they need to
make money and the governments involvement to provide security. When the
telephone networks were originally set up by AT&T 100 years ago, the
government clearly stated this is critical, this is how it is going to
be used and protected. That doesnt exist on the Internet today. We are
going to have to think differently. One of the proposals that came out
of the [Group of Eight summit] was for a trusted entity, a kind of
[United Nations] of the Internet, that is responsible for making sure
that the traffic moving from one country to another is protected and can
be trusted.

GCN: Given the Internets degree of development and our dependence on it,
is it too late to effectively put these kinds of controls into place?

OSLAN: It is never too late. I think that we have to acknowledge at a
public level that it is a problem. Unfortunately, in most cases it
requires a major event to galvanize people and get them to change. The
Internet is a commercial means of making money and is also critical
national infrastructure. It is hard to go to carriers that are not owned
by the government and tell them to invest millions of dollars to protect
it. It is an interesting challenge. We went through it with lawful
intercept in the United States, when the carriers were mandated to
provide to government the ability to tap IP traffic under a court order.
There is not a huge motivation for the carriers to do this because they
are not making any money off that service. We are going to have this
same kind of discussion around security.

GCN: You said it would take a major event to get peoples attention. What
kind of event?

OSLAN: To get this to happen quickly rather than over the next 40 years,
I think it will have to be crippling. Another country brings down the
stock market for five days: That would probably get everybody interested
in making sure that never happens again. Bringing down air traffic
control systems to major airports. Whether that is practical or not
still is a question. But if it is connected to the Internet, it is
technically possible regardless of how many protections you have in
place. Far from easy, but technically possible. The more sophisticated
we get and more pieces of equipment you put on the network, the more
vulnerable you become. The more things you have to manage and the more
endpoints, the more openings you have.

Copyright 1996-2007 1105 Media, Inc. All Rights Reserved.

__________________________________________________________________
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com
Received on Sep 25 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]