Show
DHS S&T is developing tools and technologies to protect critical infrastructure sectors, including emergency communications from cyberattacks. S&T has partnered with SecureLogix, a telecommunications security company, to develop mitigation solutions to enhance the functionality of Next Generation 911 (NG911) call centers from cyberattacks. Hear from S&T's DDoSD program manager Dr. Ann Cox and SecureLogix's Mark Collier talk about S&T's solutions for securing NG911 call centers. MotivationAttacks can and have targeted any system that relies on internet connectivity. The financial services sector is a frequent target of large-scale DDoS attacks and continues to face ever-growing attacks. While these incidents are well documented, this segment of our nation’s economy is not a special case and some of the largest attacks have been directed at security-related sites and services. Over the past five years the scale of attacks has increased tenfold. It is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale. ApproachThis project addresses three related DDoS defense challenges. First, DDoSD is working to increase deployment of best practices that would slow attack scale growth, specifically a technique called Internet Best Current Practice 38 that blocks forged packets at or near the source. Second, DDoSD is seeking to defend networks against massive one terabit per second (Tbps) scale attacks through development of collaboration tools suitable for medium-scale organizations. Last, the project is working to defend emergency management systems—both current 911 and Next Generation 911 systems—from Telephony Denial of Service (TDoS) attacks. Measurement and Analysis to Create Best PracticesSome DDoS attacks make use of spoofed source addresses. Existing best practices filter out forged addresses at the network periphery. Additional best practices extend this guidance to more complex deployments. The collection of anti-spoofing best practices could help mitigate DDoS attacks that rely on forged addresses. Measurement and analysis tools are required to test whether new anti-spoofing deployments are successful, verify existing anti-spoofing practices are working correctly, and provide evidence to demonstrate both advantages and limitations when anti-spoofing best practices are deployed in an organization. Tools for Communication and CollaborationThe distributed nature of DDoS attacks provides several advantages to the attacker. An attack often comes from a large number of compromised computers that span multiple organizations. Further, as network bandwidth and computational power increases, the attacker benefits from the increased resources that provide them the capability to conduct more powerful attacks. To counter this threat, organizations that make use of network services must invest in resources that keep pace with the increasing significance of the attacks. Novel DDoS Attack Mitigation and Defense TechniquesThis technical topic area seeks to address new variations of denial of service (DDoS) attacks. DDoS attack concepts are being directed at a growing range of services. For example, in spring 2013 DHS and the Federal Bureau of Investigation (FBI) issued warnings for DDoS attacks targeting emergency management services such as 911 systems. Systems including—but not limited to—mobile devices, cyber-physical systems and critical infrastructure components are potential targets for these attacks. Too often the response to new types of attacks and targets is reactive; attackers develop new techniques and/or target new systems and this change in course drives mitigation efforts. Therefore, the goal is to identify potential targets for DDoS that have not been subject to known large-scale DDoS attacks and develop DDoS mitigation capabilities that will be able to withstand a DDoS attack that is double in magnitude from the capabilities of the target’s DDoS defense capability at the beginning of the project. PerformersColorado State University (CSU): Netbrane: A Software Defined DDoS Protection Platform SecureLogix: Complex Distributed Telephony Denial of Service (TDoS) Pilots University of California San Diego (UCSD): Software Systems for Surveying Spoofing Susceptibility
(SPOOFER) University of Houston: Towards DDoS Resilient Emergency Dispatch Center University of Southern California Information Sciences
Institute (USC-ISI): SENSS: SDN Security Service University of Oregon: Drawbridge: Leveraging
Software-Defined Networking for DDoS Defense ResourcesFor the latest information about S&T Cybersecurity, visit the S&T Cybersecurity News, Publications, Videos and Events pages. Fact Sheets & Podcast
What name is given to a device that controls or filters traffic going in or out of the network?A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies.
Which tool can identify malicious traffic by comparing packet contents?A signature-based intrusion detection system (SIDS) monitors all the packets traversing the network and compares them against a database of attack signatures or attributes of known malicious threats, much like antivirus software.
What protocol is used to collect information about traffic traversing a network?NetFlow is a protocol used to collect metadata on IP traffic flows traversing a network device. Developed by Cisco Systems, NetFlow is used to record metadata about IP traffic flows traversing a network device such as a router, switch, or host.
What are three methods that can be used to ensure confidentiality of information?Controlling access to data includes controlling access of all kinds, both digital and physical. Protect devices and paper documents from misuse or theft by storing them in locked areas. Never leave devices or sensitive documents unattented in public locations. Securely dispose of data, devices, and paper records.
|