Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 216 times |
Download: | 0 times |
Terms and Acronyms used
AKO – Army Knowledge OnlineAR – Army Regulation
CAC – Common Access CardDKO – Defence Knowledge Online
DOD – Department of DefenceIED – Improvised Explosive Device
Terms and Acronyms used
PIN – Personal Identification NumberTFTP – Trivial File Transfer Program
UFO – Unidentified Flying ObjectWAN – Wide Area Network
PLA – Peoples Liberation Army of China
Introduction
Security Measures currently held by the US military for its information systems are not
enough and need to be improved.
Introduction
The gathering of intelligence is key in military and paramilitary operations
The US Military has consolidated all personal, movement, and intelligence information into a series of inter-connected WANs called DKO.
This is a relevant issue because enemies of the US no longer have to conduct reconnaissance, if they can penetrate these information systems.
Case 1 of Attack on US Military
April of 1990 Dutch Teenagers Stole Troop movement information and
attempted to sell it to the Iraqi government Not a direct exploit of the information system
Case 1 of Attack on US Military
Attacked the information system in 3 ways Dictionary attack to guess passwords Used loop holes in the operating system Broke into civilian contractors with access to
military systems
Case 1 of Attack on the US Military
The Military found out about the attack via Dutch television when the teens publicly broadcasted another attack
Case 2 of Attack on US Military
British Attacker 40 Years old Looked for accounts with no passwords Simply logged in Left Notes on desktops of users telling them to
create a password Deleted security records
Case 2 of Attack on the US Military
Cost a total of $700,000 in damages Was discovered by system administrators after
they noted many logins from out side the country
Case 3 of Attack on the US Military
Conducted by the PLA Specifically attacked Defense Secretary Gates The PLA consistently attacks the US Military The strategy for penetration is different than the
two previous groups
Case 3 of Attack on the US Military
PLA Created a Trojan virus This type of virus works by having a user
authorize the install The user does this because the virus has
another seemingly useful virus
Case 3 of Attack on the US Military
The virus exploited a well known security loop hole.
The virus dwelled in the system for 8 months before it was found.
Current Software Security Measures
Passwords – 2 upper case, 2 lower case, 2 numbers, 2 special character, must be changed ever three months
Must log in with CAC in order to change password
Authorization rules – certain people are allowed access to certain aspects of information
Encryption
Current Physical Security Measures
CAC ID card – All personnel have a smart card to access military computers
Fingerprint ID – Some access requires Fingerprint authentication
Separate computers for separate purposes – only certain computer are allowed to access sensitive information
Security Measures Needed
Finger print authentication for access to any military computer on top of current security measures
Long term effects
Forces the enemy to conduct traditional reconnaissance and expose themselves
They wont be able to easily know routes taken by conveys
Reduces ease of placement of IED