Transcript Slide 1

Vulnerability of Complex Networks
ACS Contact:
Prepared for:
Stuart S. Wagner
[email protected]
September 20, 2012
“Only the Paranoid Survive” – Andy Grove
1
Problem Statement
• Inadvertent misconfiguration responsible for huge
percentage of IP network downtime and vulnerabilities
− Think what intentional, malicious misconfiguration could do
• Fundamentally more powerful botnets are on the horizon
• Black Hat Conference regularly features the latest hacks of
routers, cellular networks, middleboxes, control planes,…
• Network standards organizations and protocol developers
don’t usually address the most pernicious attack vectors
• Offense is generally easier and cheaper than defense, and
is getting more so as networks become more complex
• You can’t afford infinite resilience against all possible
vulnerabilities and threats
2
Challenges for Network Resilience
• Getting the most bang for the buck in the face of
unanticipated vulnerabilities and unforeseen attacks
− How do you even know when you have made a good investment?
− What metric do you utilize to quantify the gain in trustworthiness
and reliability for a given investment?
• Providing different levels of resilience for different users,
organizations, and missions
− When does the cost of failure out-weigh the cost of resilience?
− How do assign a probability, or a cost, to an unforeseen failure or
attack mode?
• How can we design networks to make them fundamentally
less vulnerable to attack? Is this even possible?
3