Bivio 7000 Product Training
Download
Report
Transcript Bivio 7000 Product Training
Cyberspace - A Global Battlespace?
Joel Ebrahimi
Solutions Architect
Bivio Networks, Inc.
A Hacker’s Opportunity is Target Rich!
Enterprise
Joe Hacker
– Personal
– Credit Card
Government
–
–
–
–
–
Military secrets
Nuclear Information
Medical Records
Criminal Records
Classified Secrets and
Information
– Control of Physical
Infrastructure
• Power
• Electrical
• Water
©2010 Bivio Networks, Inc.
2
Exploitation Evolution
While we look at the evolution trend, it should be noted that the less
severe exploits have not gone away. They still exist today and have
even increased in numbers. The problem is that we also have to
deal with exploits that now affect our national security.
Experimentation / Notoriety
Hacktivism / Defacements
Criminal Enterprise
Espionage / Cyber Terrorism
©2010 Bivio Networks, Inc.
Hacking Hotspots and Trends
WESTERN EUROPE
Cyber-activists with
anti-global/anticapitalism goals;
some malicious code
U.S.
Multiple hacker/cyberactivist/hacktivist
groups; random targets
EASTERN
EUROPE/RUSSIA
Malicious code development;
fraud and financial hacking
MIDDLE EAST
Palestinian hackers target
Israeli websites; some
pro-Israel activity
BRAZIL
Multiple hacker
groups, many
mercenary;
random targets
©2010 Bivio Networks, Inc.
CHINA
Targeting Japan, U.S., Taiwan
and perceived allies of those
countries; Falun Gong
targeted also
INDIA-PAKISTAN
Worldwide targets,
Kashmir-related and
Muslim-related
defacements
Is the threat real?
©2010 Bivio Networks, Inc.
5
Its Real and Happening Now!
Stuxnet
Cyber Espionage
DDOS attacks in Estonia
Attacks on Booz Allen Hamilton
Breach of defense contractor computers that let hackers get at information on
the Joint Strike Fighter
Power grid compromised
Repeated attacks on .gov websites
Real growing threat of cyber terrorism
©2010 Bivio Networks, Inc.
6
The Threats
Malware
–
–
–
–
Worms
Trojans
Rootkits
Spyware
Remote of local exploitation
Botnets
©2010 Bivio Networks, Inc.
A Transforming Network
Explosion in usage, applications, devices, protocols
Basic networking problems remain
–
–
–
–
–
Security
Information assurance
Cyber defense
Awareness
Control
Network role transition from connectivity to policy
Key Enabling Technology: Deep Packet Inspection
©2010 Bivio Networks, Inc.
Deep Packet Inspection (DPI)
Set of technologies enabling fine-grained processing
of network traffic
Common analogy: processing regular mail based on
letter contents vs. address
Not a solution or an application!
L2
Ethernet
L3
Internet
Protocol
(IP)
L5 – L7
L4
• Viruses
• Email, IM
• Intrusions
• Web
• File Transfer
• Worms
• Peer-to-Peer (P2P)
Transport
Layer
(TCP/UDP)
©2010 Bivio Networks, Inc.
Why DPI?
L3/4 analysis clearly not granular enough
– Source/Destination often irrelevant
Most information is in the payload
– Deeply embedded
– Context dependent
– Dynamic
Tunneling makes outer protocols/headers insufficient
Correlation between flows and payload often crucial
Threats are real-time and dynamic; response can’t be
– DPI is real-time networking analog to off-line analysis
– Dramatically shortens threat identification and response
©2010 Bivio Networks, Inc.
The Right Technology
Scalability: variable throughput, computation
Performance:
– Computational: full packet inspection
– Network: wire-speed
Flexibility: software is king
Customization: each mission different
Adaptability: inherent in space
Active/Passive: monitoring and enforcement
Multi-function: parallel tasks
Standardization: Avoid proprietary environments
Rapid deployment
©2010 Bivio Networks, Inc.
Protecting The Future
Infrastructure
– Focus on high-compute/high-throughput
• System design
• Semiconductors
– Keep pace with networking advances
• 40Gb/s
• 100Gb/s
– Storage integration
• Data Retention
• Post-processing
Applications
–
–
–
–
Increased sophistication of protocol analysis
Increased cross-flow analysis
Information sharing between applications
Dynamic threat response
©2010 Bivio Networks, Inc.
Summary
Threats are already here
Cyber Terrorism is real
The network is changing and growing
DPI technology underlies future networking
Core technology for National Security requirements
Challenges addressed in rapidly advancing market
Significant innovation into the future
©2010 Bivio Networks, Inc.
Not just a presenter, this is what I do
Thank You!
Special purpose networking devices
10Gb/s+
High compute capacity
Throughput and compute scaling
Linux development environment
Multi-application support
Joel Ebrahimi
[email protected]
Bivio Networks, Inc
http://www.bivio.net
©2010 Bivio Networks, Inc.