1 Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.
2 Virtual Education Laboratory Testing COTS Technology A Test-Bed Success Story in Cyber Space Building the Cyber Security Lab NU CSIA Master s Program SETM Cloud Infrastructure Design Requirements, Decisions Functional Capabilities CSIA Advisory Council Collaboration Projects, Test Bed Success Stories
3 NU CSIA Master s Program Planning began in 2009 CAC Founders include The Security Network eset SAIC Cubic Vmware AITP FBI SPAWAR CSC Unisys University of Idaho NIATEC Orange Book Repository
4 CAC Goals & Objectives 1. Define what is valuable to your organization 2. Identify/define focus areas for your needs 3. Identify how you/your organization would like to contribute to the initiative 4. Three areas of contribution Teaching: Curriculum development, content Research: H/W, S/W, resources Administration: CSIA Initiative management
5 MS CSIA Program Awards/Recognition Received The Chairman s Award for Fostering Innovation Through Collaboration, from The Security Network (February 2011) Designated Winner of the Education Category at the Cyber Security Conference 2011 that was sponsored by Securing Our ecity and the San Diego Union Tribune (November 2011) Selected for a full page ad by Securing Our ecity and the San Diego Business Journal (November 2011)
6 S CSI
7 SETM Cloud Infrastructure Supports multiple Security Enclaves Dynamic Resource Allocation Diverse collection of computing Resources IBM Blades HP, Dell Servers Multiple Storage Appliances Brocade Switches Palo Alto Firewalls 7
8 SETM Cloud Infrastructure H H SFP POWER FWS 624 STACK RPS Console BladeCenter BladeCenter CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD FastIron WS SFP 1 CD SFP 2 SFP 3 SFP 3 CD 38 PowerEdge SC G PowerEdge SC 1435 JS21 JS JS21 4 JS21 5 JS21 6 JS21 7 JS21 8 JS21 9 JS21 10 JS21 11 JS JS21 3 JS21 4 JS21 5 JS21 6 JS JS21 JS21 9 JS JS G PowerEdge SC HP StorageWorks 2408 FCoE Switch V~, 50-60Hz, 10A HP StorageWorks 2408 FCoE Switch F F V~, 50-60Hz, 10A V~, 50-60Hz, 10A HP TFT7600 HP TFT V~, 50-60Hz, 10A V~, 50-60Hz, 10A V~, 50-60Hz, 10A E PowerEdge E PowerEdge 2950 D D PowerEdge !!! PowerEdge PowerEdge PowerEdge C HP ProLiant ML350 HP ProLiant ML350! Virtual Education Lab HP Game & Sim ASIRL Drawing Number: Part Name: Description: inetwork, Inc. A Technology Solutions, Products & Services Cage Code: 1RM73 Drawing Scale: 10 9 Form ¼ =1 8 Release Date: Revision: Revision Date: Designed By: Reviewed By: Approved By: Page: AC OK B C! AC OK 2! ASIRL WAN / LAN SDI Cloud B Joseph Marsh Barry Brueseke Of 7 A
10 Virtual Education Lab (VEL) H G F AT&T 2Mb /28 AT&T 2Mb /28 To ASA-5510 in KM208 Cisco NETLAB & KM129 ISP 1 Room 127 MPOE Patch Panel Room 227 CEE 5 External Firewall PA-2050 #1 DMZ WEB HOSTS DELL 2950 Internal Firewall PA-2050 #2 ISP 2 TW Telecom 10Mb /24 via /30 Red: Light Blue: Dark Green: OD Green: Dark Blue: Tan: Purple: Light Green: LEGEND Gateway Gigabit Ether WAN/LAN Classrooms Admin Servers ESXi Host Servers SAN Node Capstone/ASIRL Projects Cisco Netlab H G F E D C B A Production Switch 1 Drawing Number: Part Name: Description: vkernel Switch Services Cluster DELL 1950 #1 DELL 1950 #2 DELL 1950 #3 inv3231 #3 inv3231 #4 inv3231 #5 CSIA inv3231 #6 inv3231 #7 inv3231 #8 CSIA On-Line SAN1 TL1200i vmotion Switch Room 227 VEL CEE 1 Release Date: Revision: Revision Date: vfault Switch inv3231 #9 inv3231 #10 inv3231 #11 CSIA On-Line 02 inv3231 #1 inv3231 #2 SETM Project SAN2 DELL MD3000i inetwork, Inc. Designed By: Joseph Marsh Reviewed By: Technology Solutions, Products & Services Approved By: Barry Brueseke Cage Code: 1RM73 Drawing Scale: ¼ =1 Page: Of Form iscsi Switch 6 ASIRL Switch FWS648G #6 ASIRL IBM BLADE Chassis 1 Gaming & Simulation Capstone KM227 CEE ASIRL IBM BLADE Chassis 2 KM227 CEE 3 SDI CLOUD SETM Project KM227 CEE 4 3 Cat6E 24 Port P / P Unisys Stealth Appliance Palo Alto NGEN Firewall 1 Palo Alto NGEN Firewall 2 KM227 CEE 5 2 Cisco NETLAB Production Switch 3 KM129 Production Switch 2 WAP 1 Classroom 222 Cisco NETLAB Demark/EQ Room 208 WAP 2 DyKnow Room 220A 1 E D C B A
11 Design Objectives the Virtual Education Laboratory is a product that provides academic institutions with the ability to deliver a computer science laboratory learning experience to their remote students (distance learners) Recent educational trends have seen a rapid adoption of distance learning methodologies. To date, the technologies developed to meet this need have focused on the implementation of virtual classrooms.
12 Design Objectives inetwork s Virtual Education Laboratory (VEL) now takes the virtual classroom to the next step and provides the infrastructure/support services necessary to host a virtual computer science laboratory Inside the VEL, Professors can create their own networked environment and assign their on-site students a variety of complex laboratory learning objectives
13 VEL Features the standard VEL config has the following capabilities: Two Factor Authentication Simultaneous support for 3 student cohorts Support for 4 virtual machines per student Capacity to host up to 240 virtual machines Capacity for up to 4 virtual domains/class Ideal for red/blue cell teaming Support for white cell observation Virtual networks including LANs, WANs, switches, routers and firewalls Integration of physical Wireless Access Points (WAPs) in the virtual environment Supports multiple virtual machine templates (libraries)
14 Design Requirements, Decisions Provide Master s Students with a computer science laboratory environment Initially, use an existing (COTS) collection of diverse equipment (Dell Servers, Cisco Firewalls and other misc. appliances) Implement DOD level security into the design (Cyber Security Master s program) Ensure students can not hack system
15 Design Requirements, Decisions Phase 2 Support for multiple cohorts Fault Tolerant (FA) Administration Cluster Highly Available (HA) Lab Clusters Redundant Network Design Support for Multiple ISPs ATO level IA Documentation Package Perform STIGs on all equipment in VEL
16 Design Requirements, Decisions Phase 2 (cont d) Multiple Virtual Machine Templates New Lab configurations every month Reusable laboratory setups Professor Training Student Enrollment Storage Allocation, Retention Plans Performance Evaluation
17 Network Monitoring Lab
18 Design Requirements, Decisions Phase 3 Performance Enhancements Increased Bandwidth Network Redesign (VLAN modifications) VDI - Virtual Desktop Infrastructure Support, process refinement Professor s expectations vs. plan CYB 699 Final Project Simulate three enterprises connected via WAN
19 (3) Enterprises WW WAN
20 Virtual Machine Assignment
21 Virtual Education Laboratory Administration
22 Functional Capabilities Support for multiple, simultaneous labs Support for 80 students using up to 240 virtual machines Large variety of VM templates Endless variety of lab configurations Two factor authentication Nested design to ensure isolation between classes
23 Practical Use Cases Penetration Testing Certified Ethical Hacking Red/Blue Team Scenarios Network Monitoring (What s Up Gold) Android SDK Instruction Information Assurance Exercises Cloud Computing Training
24 VEL Test Bed COTS (or almost) Completed Collaboration Projects ItsMe! (winner, TSN Best Product, 2011) Unisys Stealth Rapid7 Metsploit
25 New User/Password Paradigm
27 VEL Test Bed COTS (or almost) Future Projects Blackridge (auth before TCP/IP session) ThreatStop Titania Atlas CyVision - Caldron
28 Future Plans CLaaS Cyber Lab as a Service Applied Engineering Autocad, ProModel, Solidworks, MatLab ELVIS Breadboard, National Instruments Research Projects Multi-factor Authentication Smartphone Usage in Health Care Setting Secure transmission of sensitive data Suggestions?
29 5/24/2012 CSI-SD Cyber cluster identified and documented by SDADT for SOeC and will be maintained CSI-SD will lead research for the region, generating new businesses and supporting the existing members 6
30 CSI-SD We will work with all clusters, seeking a lead for each to serve as SDADT does for defense We will transition research to our clusters for integration into their businesses We will seek funding for research from public agencies as well as private enterprises and will protect intellectual property for economic benefit of the inventors as well as the region
31 Testing COTS Technology Virtual Education Laboratory (VEL) A Test-Bed Success Story in Cyber Space Questions? Thank you for listening Barry Brueseke inetwork, Inc.
32 Network Vulnerability Analysis New (unpracticed) Presentation
33 Topological Vulnerability Analysis Proactive Management to Improve your cyber security profile
34 Cyber Challenges Threats are expanding too much surface area to cover Silo solutions address specific problems... Overwhelmed by data Empowering the workforce Still need: Situational Awareness Common Operating Picture Visualization of Vulnerabilities
35 Elements of Cyber Security Time Cycles Scans once every two weeks ACL changes once each week Evented log files on demand every hour every minute Rhythms Different tools to gather Different purposes Different skill sets required Different remediation plans
36 DHS CAESARS Framework Most vendors focus on the expanding toolset for monitoring. Gathering the data is just the beginning. Expanded data sets are overwhelming cyber specialists. See Know Do framework Ref: Department of Homeland Security Federal Network Security Branch Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report September 2010
37 DHS CAESARS Framework Evidence of the evolution of security monitoring. Cauldron is the result of 8 years of R&D. Cauldron is functional now, by aggregating data independently or will integrate into this framework.
38 DHS CAESARS Framework Evidence of the evolution of security monitoring. Cauldron is the result of 8 years of R&D. Cauldron is functional now, by aggregating data independently or will integrate into this framework.
39 Our Approach Vulnerability Database Exploit Conditions Network Capture NVD FoundScan Vulnerability Scanning Environment Model Asset Inventory Firewall Rules Attack Scenario Graph Engine Visual Analysis Optimal Counter Measures Network Capture builds a model of the network. represents data in terms of corresponding elements in Vulnerability Reporting and Exploit Specifications. Vulnerability Database a comprehensive repository of reported vulnerabilities Graph Engine simulates multi-step attacks through the network, for a given user-defined Attack Scenario. analyzes vulnerability dependencies, matching exploit preconditions and post-conditions, generates all possible paths through the network (for a given attack scenario).
40 Cyber Security is an Ecosystem Common Operating Picture Situational Awareness Patching servers vs changing firewalls Combined vulnerabilities are real Firewalls Logs, etc Vulnerability Scans Patch Mgmt/ Asset Mgmt
41 Aggregate/Correlate/Visualize We analyze vulnerability dependencies Calculates the impact of individual and combined vulnerabilities on overall security We show all possible attack paths into a network Transforms raw security data into a roadmap All known attack paths from attacker to target are succinctly depicted Supports both offensive (e.g., penetration testing) and defensive (e.g., network hardening) applications Strategic Proactively prepare for attacks, manage vulnerability risks, and have current situational awareness A response strategy can be more easily created.
42 Cauldron Components Host Vulnerability Data Firewall Data Access Rule Interpreter Access Rules Access Rules Vulnerability Modeler Network Topology Policy Modeler Network Model Network Model Analyzer/ Visualizer
43 Visualizing Just Firewall Policies visualizing back doors
44 Combining Dissimilar Data in a Proof of Concept Scans tell you one thing Subnet configurations support the scan information
45 Visualized Combined Data Sets
46 What the Access Control List really says Greater access than expected Outside the network
47 Visualizing/discovering high Outside the known network risks
48 The Role of Filtering Attack Graph Before Remediation
54 Foundational Concepts Any network device is filtering data flow Network Device 1 Network Device j Subnet 1 Subnet k Devices can connect to other devices or to subnets Network Device Access List (Rules) Each network device has unique Access rules/policies
55 The Challenge Firewalls can be configured a variety of ways SN4 SN6 SN7 Example - Subnet 1 can reach Subnet 7 or 10 using a variety of paths but not directly SN1 SN2 SN3 ND 1 ND2 SN5 ND 3 SN8 ND 4 ND 5 SN9 SN10
56 Example: Supply chain management Partners to /25:0
57 Simple changes modeled can have significant impact Both firewalls: Partners to /25:80 only
58 DHS CAESARS Framework From Executive Summary These tools can provide current security status to network operations centers and security operations centers, but they typically do not support prioritized remediation actions and do not provide direct incentive for improvements in risk posture.
59 Cauldron Benefits Individual Firewalls can be reviewed faster Prioritized remediation plans Situational Awareness by programs, etc High priority assets are contextual Security elements become more granular More can be done with less
Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations Leveraging Configuration and Vulnerability Analysis for Critical Assets and Infrastructure May 2015 (Revision 2) Table of
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
BUILT FOR THE FUTURE, READY NOW. Clouds Microsoft Private Cloud: Evaluation Guide Copyright Information 2013 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and
Chapter 7 Service Fulfillment Upon completing this chapter, you should be able to understand the following: Cloud service fulfillment (cloud service provisioning) using ITIL processes Steps involved in
Customer Cloud Architecture for Big Data and Analytics Executive Overview Using analytics reveals patterns, trends and associations in data that help an organization understand the behavior of the people
CYBERSECURITY WORKFORCE DEVELOPMENT MATRIX RESOURCE GUIDE October 2011 CIO.GOV Workforce Development Matrix Resource Guide 1 Table of Contents Introduction & Purpose... 2 The Workforce Development Matrix
JANUARY 2013 REPORT OF THE DEFENSE SCIENCE BOARD TASK FORCE ON Cyber Security and Reliability in a Digital Cloud JANUARY 2013 Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
Program Proposal for Master of Information Technology Security Submission to Post-secondary Education Quality Assessment Board February 3, 2004 Master of Information Technology Security 1 1 ORGANIZATION
DATA CENTER DESIGN White Paper JAN KREMER CONSULTING SERVICES Data Center Design White Paper Page 1 TABLE OF CONTENTS 1. INTRODUCTION... 4 1.1. DOCUMENT OUTLINE... 4 2. GENERAL DESIGN PRINCIPLES... 5 2.1.
February 2009 Seeding the Clouds: Key Infrastructure Elements for Cloud Computing Page 2 Table of Contents Executive summary... 3 Introduction... 4 Business value of cloud computing... 4 Evolution of cloud
PeopleSoft Red Paper Series Securing Your PeopleSoft Application Environment July 2010 Including: How to Plan for Security How to Secure Customized System Exposing PeopleSoft outside the Firewall Securing
whitepaper Using Risk Modeling & Attack Simulation for Proactive Cyber Security Predictive Solutions for Effective Security Risk Management Executive Summary For years, security concerns have been a major
SOUTH DAKOTA BOARD OF REGENTS Full Board AGENDA ITEM: 26 1 (a) DATE: April 2-3, 2014 ****************************************************************************** SUBJECT: New Program: DSU D.Sc. in Cyber
IT@Intel White Paper Intel IT IT Best Practices Cloud Computing and Information Security January 2012 Virtualizing High-Security Servers in a Private Cloud Executive Overview Our HTZ architecture and design
[DRAFT] A Model Curriculum for Programs of Study A Model Curriculum for Programs of Study in Information Security and Assurance in Information Security and Assurance v. 6.0 February 2013 [DRAFT] http://infosec.kennesaw.edu/infoseccurriculummodel.pdf
IT@Intel White Paper Intel Information Technology Business Solutions June 2010 An Enterprise Private Cloud Architecture and Implementation Roadmap The private cloud is a shared multi-tenant environment
Clouds IT Microsoft Private Cloud- Making It Real Contents Copyright information... 3 The Microsoft Cloud OS... 4 The Private Cloud in your datacenter.... 5 Windows Server 2012 built from the cloud up...
Guide to Understanding FedRAMP Version 1.0 June 5, 2012 Executive Summary This document provides helpful hints and guidance to make it easier to understand FedRAMP s requirements. The primary purpose of
Guide to Understanding FedRAMP Version 1.0 June 4, 2012 Executive Summary This document provides helpful hints and guidance to make it easier to understand FedRAMP s requirements. The primary purpose of
2013 2014 INSERT COMPANY LOGO HERE 2014 Global 2013 Continuous North American Innovation SSL Certificate in Network Security Company Product Leadership of the Year Award Contents Background and Company
Cloud Computing Payback An explanation of where the ROI comes from November, 2009 Richard Mayo Senior Market Manager Cloud Computing email@example.com Charles Perng IBM T.J. Watson Research Center firstname.lastname@example.org
Designed-In Cyber Security for Cyber-Physical Systems Workshop Report by the Cyber Security Research Alliance 4-5 April 2013 in Gaithersburg, Maryland Co-sponsored with the National Institute of Standards
Whitepaper The ABC of Private Clouds A viable option or another cloud gimmick? Although many organizations have adopted the cloud and are reaping the benefits of a cloud computing platform, there are still
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of