Reverse Deception: Organized Cyber Threat Counter-Exploitation (3 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
3.12Mb size Format: txt, pdf, ePub
               
Honeynets as Part of Defense-in-Depth
               
Research vs. Production Honeynets
               
Honeynet Architectures
               
Honeywall Accreditation
               
Content Staging
               
Content Filling
               
Honeynet Training
               
Honeynet Objectives
               
Honeynet Risks and Issues
          
Check Yourself Before You’re Wrecked
               
What’s the Status of Your Physical Security?
               
How Does Your Wireless Network Look?
               
What’s Traveling on Your Network?
               
What About Your Host/Server Security?
               
How Are Your Passwords?
               
How’s Your Operational Security?
          
Crimeware/Analysis Detection Systems
               
What Happened on Your Box?
               
What Did That Malicious Software Do?
          
Conclusion
Chapter 9   Attack Characterization Techniques
          
Postincident Characterization
          
Another Tall Tale
               
Discovery
               
Malware
               
Aftermath
          
Real-World Tactics
               
Engaging an Active Threat
               
Traffic, Targets, and Taxonomy
               
Aftermath
          
Conclusion
Chapter 10   Attack Attribution
          
A Brief Note About Levels of Information Present in Objects
          
Profiling Vectors
               
Time
               
Motivations
               
Social Networks
               
Skill Level
               
Vector Summary
          
Strategic Application of Profiling Techniques
          
Example Study: The Changing Social Structure of the Hacking Community
          
Micro- and Macro-Level Analyses
          
The Rise of the Civilian Cyber Warrior
               
The Balance of Power
               
Potential Civilian Cyber Warrior Threats
          
Conclusion
          
References
Chapter 11   The Value of APTs
          
Espionage
          
Costs of Cyber Espionage
          
Value Network Analysis
          
APTs and Value Networks
               
The RSA Case
               
The Operation Aurora Case
               
APT Investments
          
APTs and the Internet Value Chain
               
It’s All Good(s)
               
Bitcoin in the Future?
          
Conclusion
Chapter 12   When and When Not to Act
          
Determining Threat Severity
               
Application Vulnerability Scenario
               
Targeted Attack Scenario
          
What to Do When It Hits the Fan
               
Block or Monitor?
               
Isolating the Problem
               
Distinguishing Threat Objectives
               
Responding to Actionable Intelligence
          
Cyber Threat Acquisition
               
Distinguishing Between Threats
               
Processing Collected Intelligence
               
Determining Available Engagement Tactics
          
Engaging the Threat
               
Within Your Enterprise
               
External to Your Enterprise
               
Working with Law Enforcement
          
To Hack or Not to Hack (Back)
               
To What End?
               
Understanding Lines (Not to Cross)
          
Conclusion
Chapter 13   Implementation and Validation
          
Vetting Your Operations
               
Vetting Deceptions
               
Vetting Perceptual Consistency in a Deception
               
Vetting Engagements
          
Putting This Book to Use with Aid from Professionals
          
How to Evaluate Success
          
Getting to the End Game
          
Conclusion
          
Glossary
          
Index

Foreword

The purpose of locks is not to deter criminals; it is to keep honest people honest
.

—Anonymous reformed thief

Cyberspace Is the Wild West

Deception being the major theme of this book is provocative. It makes explicit and unusual something that is inherent and commonplace. As readers of books such as this, we all know that we live in a world surrounded by deceptions, ranging from the trivial of sports competition to the commercial marketplace to the terrorist bomb maker.

What is different or unique about the deceptions involved in the defense of computer networks that makes them worthy of special study? Ubiquity and technology characterize cyberspace. Time and space hardly exist in the cyber world. Actions take place at nearly light speed. Data theft can occur very rapidly and leave no trace—that which was stolen may appear to have been undisturbed. That rapidity of communication virtually negates space. If the electronic means exist, connections can be made from virtually any point on the earth to any other with equal ease and speed. Unlike gold bullion, data copied is as good as the original data. Physical proximity is not required for theft.

Other books

The Switch by Elmore Leonard
Horse Named Dragon by Gertrude Chandler Warner
Invitation to Ecstasy by Nina Pierce
Either Side of Winter by Benjamin Markovits
Los trapos sucios by Elvira Lindo
Pregnant Pause by Han Nolan
The Good Greek Wife? by Kate Walker
Tantrics Of Old by Bhattacharya, Krishnarjun