Reverse Deception: Organized Cyber Threat Counter-Exploitation (3 page)
Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online
Authors: Sean Bodmer
Tags: #General, #security, #Computers
Honeynets as Part of Defense-in-Depth
Research vs. Production Honeynets
Honeynet Architectures
Honeywall Accreditation
Content Staging
Content Filling
Honeynet Training
Honeynet Objectives
Honeynet Risks and Issues
Check Yourself Before You’re Wrecked
What’s the Status of Your Physical Security?
How Does Your Wireless Network Look?
What’s Traveling on Your Network?
What About Your Host/Server Security?
How Are Your Passwords?
How’s Your Operational Security?
Crimeware/Analysis Detection Systems
What Happened on Your Box?
What Did That Malicious Software Do?
Conclusion
Chapter 9 Attack Characterization Techniques
Postincident Characterization
Another Tall Tale
Discovery
Malware
Aftermath
Real-World Tactics
Engaging an Active Threat
Traffic, Targets, and Taxonomy
Aftermath
Conclusion
Chapter 10 Attack Attribution
A Brief Note About Levels of Information Present in Objects
Profiling Vectors
Time
Motivations
Social Networks
Skill Level
Vector Summary
Strategic Application of Profiling Techniques
Example Study: The Changing Social Structure of the Hacking Community
Micro- and Macro-Level Analyses
The Rise of the Civilian Cyber Warrior
The Balance of Power
Potential Civilian Cyber Warrior Threats
Conclusion
References
Chapter 11 The Value of APTs
Espionage
Costs of Cyber Espionage
Value Network Analysis
APTs and Value Networks
The RSA Case
The Operation Aurora Case
APT Investments
APTs and the Internet Value Chain
It’s All Good(s)
Bitcoin in the Future?
Conclusion
Chapter 12 When and When Not to Act
Determining Threat Severity
Application Vulnerability Scenario
Targeted Attack Scenario
What to Do When It Hits the Fan
Block or Monitor?
Isolating the Problem
Distinguishing Threat Objectives
Responding to Actionable Intelligence
Cyber Threat Acquisition
Distinguishing Between Threats
Processing Collected Intelligence
Determining Available Engagement Tactics
Engaging the Threat
Within Your Enterprise
External to Your Enterprise
Working with Law Enforcement
To Hack or Not to Hack (Back)
To What End?
Understanding Lines (Not to Cross)
Conclusion
Chapter 13 Implementation and Validation
Vetting Your Operations
Vetting Deceptions
Vetting Perceptual Consistency in a Deception
Vetting Engagements
Putting This Book to Use with Aid from Professionals
How to Evaluate Success
Getting to the End Game
Conclusion
Glossary
Index
Foreword
The purpose of locks is not to deter criminals; it is to keep honest people honest
.
—Anonymous reformed thief
Cyberspace Is the Wild West
Deception being the major theme of this book is provocative. It makes explicit and unusual something that is inherent and commonplace. As readers of books such as this, we all know that we live in a world surrounded by deceptions, ranging from the trivial of sports competition to the commercial marketplace to the terrorist bomb maker.
What is different or unique about the deceptions involved in the defense of computer networks that makes them worthy of special study? Ubiquity and technology characterize cyberspace. Time and space hardly exist in the cyber world. Actions take place at nearly light speed. Data theft can occur very rapidly and leave no trace—that which was stolen may appear to have been undisturbed. That rapidity of communication virtually negates space. If the electronic means exist, connections can be made from virtually any point on the earth to any other with equal ease and speed. Unlike gold bullion, data copied is as good as the original data. Physical proximity is not required for theft.