Preparing for a Different Kind of Cyberattack

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,717180,00.asp

By Dennis Fisher 
November 20, 2002

While many agencies are still licking their wounds from once again
failing their annual information security test, the Department of
Defense and the National Security Agency on Thursday will announce a
new partnership that could go a long way toward shoring up the
security of the government's networks.

The new agreement is a joint research and development initiative with
Lancope Inc., to build an advanced intrusion-detection appliance for
use both inside the government and in the private sector. Code-named
the Therminator, the appliance will incorporate Lancope's
StealthWatch, behavior-based IDS system with a new data-reduction and
visualization technology developed by the government.

Perhaps indicating the government's current emphasis on information
security, the organizations have set forth an aggressive development
schedule and are hoping to deploy a prototype appliance within six
months.

A key component of the box is the visualization technology developed
at the Naval War College by Dave Ford, special assistant to the Secure
Network Technology Office at the NSA, in Fort Meade, Md. The
technology uses some advanced math related to the temperature of
matter to represent the incoming data flow on a network. The data flow
is shown in a series of bar graphs plotted by time and colored to show
anomalies.

"It allows you to see the characteristics of a data stream. Events
like Code Red cause visual changes in the color display," said John
Copeland, co-founder and chief scientist at Lancope, based in Atlanta.  
"The main problem with all of this incoming data is there's so much of
it, how do you reduce it to something that's usable?"

The government's main goal with this initiative is to develop a
technology that's capable of identifying and repelling attacks that
don't adhere to known patterns or signatures. Conventional IDS systems
rely on signature files, much like anti-virus products do, and are
essentially blind to new attack techniques.

Several top officials in the Bush administration have said repeatedly
that they believe terrorists and hostile nations will soon begin using
the Internet as a key attack platform, if they're not already doing
so.

"The DoD is expecting non-patterned attacks," Copeland said. "If they
recognize that it's taking place, then they can use other tools to
investigate what's happening. The military wants to be prepared."

Lancope plans to integrate the Therminator's core technology into its
commercial offerings at some point, as well.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.