network PRoteCtion and information L G S H a S P e R F o R M e D assurance networks R e D t e a M S e C U R i t Y

Transcription

1 Solving the Federal Government s Toughest Cyber Security Problems

2 NETWORK PROTECTION AND INFORMATION ASSURANCE NETWORKS WITH A RICH HERITAGE OF ACHIEVEMENT AND LEVERAGING THE EXPERTISE AND RESOURCES OF BELL LABS THE ICRD PROVIDES CUTTING-EDGE IDEAS AND TECHNOLOGY SOLUTIONS TO SOLVE THE FEDERAL GOVERNMENT S TOUGHEST CYBERSECURITY PROBLEMS. LGS Bell Labs innovations 2 LGS Innovations solves the most complex networking and communications challenges facing the U.S. Federal Government. Building on its Bell Labs heritage, LGS Innovations delivers groundbreaking research and advanced networking and communications solutions that provide an information advantage and contribute to the mission-success of its customers. The Internet and Cybersecurity Research Department (ICRD), located at the William J. Perry Research Center in Florham Park, NJ, is the focal point of LGS advanced Protection and Information Assurance research and development efforts. With a rich heritage of achievement and leveraging the expertise and resources of Bell Labs the ICRD provides cutting-edge ideas and technology solutions to solve the Federal Government s toughest cybersecurity problems. ICRD capabilities cover the full spectrum of cyber-related areas, including: Mapping, Reconnaissance, and Vulnerability Assessment Moving Target Defense Situational Awareness and Attack Attribution Wireless Forensics For more than ten years, the scientists of the ICRD have been recognized for their ability to map networks, assess their vulnerabilities, and perform advanced research in all aspects of network security for the U.S. Government.

3 The ICRD conducts much of its research in the LGS Internet Research Lab (IRL). The IRL features Internet access via multiple T1 connections, to both IPv4 and IPv6 networks. It has its own Class B address space, and is a routable, multi-homed, non-transit, autonomous system. It can be configured to emulate various network architectures and offers configurations to support testing for a variety of research projects. Mapping, Reconnaissance, and Vulnerability Assessment ICRD scientists apply their understanding of geographic and topological mapping of Internet hosts and routers to create solutions for effectively protecting cyber infrastructure. They construct detailed maps of logically and/or physically connected Internet resources (including global paths between physical networks, routes, and peering relationships). LGS Innovations ICRD specialists use their mapping and reconnaissance capabilities to perform external exposure assessments. During these assessments, LGS ICRD specialists are able to identify and provide solutions to vulnerabilities in the customer s IP networks. Security auditing is performed on a customer s core or enterprise network in one of two ways: (i) the customer provides information about and access to their network; or (ii) the security audit is performed for the customer without any information. LGS has performed red team security assessments for several customer enterprises and has successfully identified vulnerabilities in their networks. LGS HAS PERFORMED RED TEAM SECURITY ASSESSMENTS FOR SEVERAL CUSTOMER ENTERPRISES AND HAS SUCCESSFULLY IDENTIFIED VULNERABILITIES IN THEIR NETWORKS MEETING THE FEDERAL GOVERNMENT S CYBERSECURITY NEEDS Moving Target Defense Diversifying the configuration of a system reduces its vulnerability, since malware typically assumes that static, un-patched vulnerabilities exist and that they are the same across a system. LGS research helps to eliminate software monocultures by diversifying software code for each user so that vulnerabilities are different for each code. This helps to prevent the spread of an attack. Polymorphic code shuffling is an example of LGS cutting edge software protection research. It produces variants of a program with the same functionality by altering the order of blocks of the code. The shuffled code eliminates vulnerabilities, such as buffer overflows, because the entry point into the code is not static it depends on the shuffle. Software Diversity research extends the code shuffling concept to more generalized ways to automatically morph a program while retaining functionality. 3 LGS Bell Labs innovations

4 Proven Mapping Process 1 Collect Public Information Internet Registries Press Releases DNS names Internet Research Lab Investigate the Target s Automated Tools Pre-Processing Discovery Tools Vulnerability Systems Post Processing Data Base Mapping Tools Search Internet for customer network information. Send crafted IP packets to IP addresses and infer network characteristics from returned data. 6 Data Fusion and Analysis 2 Discovery 3 Host Discovery 4 Vulnerability Scan 5 Map the Target s 1 Public Source Search Reconnaissance Process 5 Mapping Logical Topology Maps 6 Analysis ASN Map Lucent ASN Map Analyze maps, data and public information to identify external vulnerabilities. Produce routing and reachability maps from returned probe data. Situational Awareness and Attack Attribution In association with our corporate research partners, and the core Bell Laboratories research center owned by our parent company, Alcatel-Lucent, LGS Innovations ICRD has the ability to use live, in-network forensics tools. These tools rapidly identify the nature, extent, and impact of malware attacks, and provide a context-based forensic analysis of threats residing within an active network. traffic analysis can be combined with behavioral analysis of various network-based observations in order to automatically analyze and categorize large amounts of network traffic and other associated behaviors based on context. Using proprietary and patented data collection, storage, and behavior analysis techniques developed by LGS Innovations and its partners, LGS teams are adept at finding malware, such as botnets in live networks, and can adapt rapidly to attacker behavior changes through the use of behavior analysis and correlation. Zero-day attacks may be identified and found with these methods. 4 LGS Bell Labs innovations

5 SOLVING CYBERSECURITY ISSUES RESEARCHERS AT LGS INNOVATIONS PARENT Wireless Behavior Characterization COMPANY S CORE BELL LABS RESEARCH CENTER HAVE DEVELOPED THE MEANS TO DETECT MALWARE IN CELLULAR SYSTEMS USING BEHAVIOR ANALYSIS TECHNIQUES 12 (0%) / Router Discovery Abuse 4,296 (4%) / P2P Mobile 45,578 (42%) / High Signaling Sub 1,416 (1%) / BatteryAttack Distributed 8 (0%) / Flood Mobile Single Src 14,626 (13%) / High Usage Sub 2,501 (2%) / SigAttack Single Src 6,098 (6%) / PortScan Horiz 207 (0%) / Congestion Alert 51 (0%) / Unwanted Src 6 (0%) / Flood Mobile Distributed 106 (0%) / PortScan Vert 608 (1%) / BatteryAttack Single Src 33,040 (30%) / Always Active Sub DERIVED FROM CELLULAR- High Usage Sub Unwanted Src Always Active Sub P2P Mobile SPECIFIC NETWORK FLOW SigAttack Single Src PortScan Horiz Flood Mobile Distributed BatteryAttack Single Src Flood Mobile Single Src BatteryAttack Distributed Router Discovery Abuse ANALYSES. Congestion Alert PortScan Vert High Signaling Sub Wireless Forensics about lgs innovations LGS Bell Labs innovations 5 Wireless cellular networks increasingly represent a means of attack for malware that infects smartphones. Researchers at LGS Innovations parent company s core Bell Labs research center have developed the means to detect malware in cellular systems using behavior analysis techniques derived from cellular-specific network flow analyses. These methods find malware by observing and then analyzing network traffic without the use of virus signatures typically found in anti-virus software. This approach helps to identify zero-day attacks for which virus signatures have not yet been identified, and also helps combat polymorphic viruses that mutate automatically and change their signatures while in the wild. LGS Innovations LLC solves the most complex networking and communications challenges facing the U.S. Federal Government. Building on its Bell Labs heritage, LGS Innovations delivers groundbreaking research and advanced networking and communications solutions that provide an information advantage and contribute to the mission success of its customers. An independent subsidiary of Alcatel-Lucent dedicated solely to serving the U.S. Federal Government, LGS Innovations is headquartered in Herndon, Virginia, with offices in Colorado, Illinois, Maryland, New Jersey, and North Carolina. To learn more about LGS Innovations, visit LGS Innovations: The Experts

6 LGS Innovations: The Experts The U.S. Federal Government turns to LGS Innovations when solutions to its most difficult communications challenges simply do not exist. With more than 300 scientists and engineers and over 650 employees serving the defense, civilian, and advanced programs communities, LGS offers innovative research, applied communications, and integrated telecommunications products and services to transform and unify the Federal enterprise. LGS helps government agencies develop next-generation technologies to power the future of government networking and helps to reshape the way the government communicates while preparing its customers to meet their immediate and future information demands. LGS Innovations is the government s one-stop shop for any network need CONUS as well as OCONUS from network architecture and network operations, to infrastructure requirements such as trenching and cabling, to Systems Engineering and Technical Assistance (SETA) consulting and product-only solutions. Building on its Bell Labs heritage and leveraging the expertise of parent company Alcatel-Lucent, a worldwide leader in fixed, mobile and converged broadband networking, LGS Innovations delivers telecommunications solutions and services that enhance the government s ability to quickly and securely send and receive information, providing an information advantage and contributing to mission success. LGS is headquartered in Herndon, Virginia, USA. LGS Innovations: The Experts. LGS Corporate Headquarters Dulles Technology Drive, Suite 301 Herndon, VA Tel: Fax: url: