Sunday, May 31, 2009

The National Cyber Security Effort

Inside the last three months, I have restarted my network security business: RMF Network Security (www.rmfnetworksecurity.com). I have been in research mode and I am still in some type of stealth mode, as I think about the implications of restarting a consulting business in the ever dangerous and now crime-ridden world of network security. The last time I did this, I didn't do enough "product development" and research in advance of my marketing efforts.  

However, the last year of network security 'awareness' may change my need to do extensive marketing. Our President has just announced the results of the sixty day Cyber Security Review. More than 100 source papers were consulted. See my initial analysis below. I started this obscure blog with the idea that I could use the motivation of internet publishing to gauge my re-education and business progress. Inside the first month, I have had the same extensive (web interest) in my blog from American military, military-industrial complex, telecom, educational institutions that I had with my Powershell Blog (also network centric),  but this time with lots of added hits now from Russia, China, ex-Eastern bloc and Brazil IP addresses. Interestingly, 'researchers' are mostly finding their way to my blog by googling IP addresses from my script dumps!

Apparently, my visitors are either expressing interest in the same Source Internet Protocol Addresses I am logging (SIPs) simultaneously or (worse case), those SIPs are looking at me while I discuss them.   The network security business has changed since I last participated in developing IDS systems with NAI and Hiverworld. Things are bigger, badder and scarier - more criminal and nation-state oriented simultaneously. Firewalls and IPS software are being pushed beyond their intended capacities and organized crime and nation-state terrorists have become systemized at IPS evasion, spamming, botnets, bot herding,  inserting key stroke loggers, malware, etc. "Cyberwarfare" has a new and significant government interest. Here are some reads I have found lately to prepare myself for changes in the field:

    * "The Shadow Government" (James Bamford)  This book documents the build-out in the cyber capacities of the National Security Agency in the last 8 years. Among other discussions it documents  how the NSA has purchased industrial strengthcontext searching software from select software companies to analyze traffic from top network access points across all U.S. telecoms.  This apparently is the book that broke the "warrantless wiretapping" scandal a year or so back.
    * "McMafia" Misha Glenny discusses in detail recruitment the young and poor as cyber hackers for nation state terrorists and criminal organizations in Russia, Brazil, China, ex-Eastern Bloc nations and elsewhere.  He also discusses world crime and world crime sophistication to date. A downright terrifying read. Apparently, the average computer in the U.S. is seen as a potential botnet member by most of the world's criminal syndicates/hackers.
    * FOIA from Wired Magazine on the FBI's CIPAV spyware : http://www.wired.com/threatlevel/2009/04/get-your-fbi-sp Also a very inetersting read...Criminals use spyware and so does our government...Surprise!

I had some difficultly searching all the 100 assorted papers on line at http://www.whitehouse.gov/cyberreview/documents/ and resorted to mixing Cygwin and cmd.exe shells to do so. I did an initial context search, which admittedly lost papers and data at each command line.  In any event, the papers may prove interesting reading yet, although they appear at first glance more policy oriented than technical.

[from cmd.exe or Cygwin]
lynx -source http://www.whitehouse.gov/cyberreview/documents/ | grep pdf | gawk -F\" '{print $4}' > source.txt
[from cmd.exe]
for /f "delims==" %i in (source.txt) do wget "%i"
[from cmd.exe or Cygwin]
ls -1 *.pdf > source2.txt
[from cmd.exe]
@(for /f "delims==" %i in (source2.txt) do pdftotext -f 1 -l 1500 "%i" pdf.txt && cat pdf.txt >> pdf.all.txt)
[from Cygwin]
for i in `cat file`; do echo `pcregrep -w -i -c $i pdf.all.txt` `echo $i` >> context1.txt;done
[from Cygwin]
$ cat context1.txt | sort -nr
499 Infrastructure
215 Services
194 Financial
53 criminal
52 crime
45 organized
45 loss
41 spam
39 malware
27 losses
24 Firewalls
20 botnets
16 Firewall
15 tax
14 organize
14 crimes
14 China
12 botnet
9 Russia
7 Linux
6 Windows
5 IDS
4 trojans
4 bot
4 IPS
3 bots
2 trojan
2 Israel
2 India
1 IE
1 France
1 Firefox
1 Apple
0 tcpdump
0 syslogd
0 sysklogd
0 spamming
0 keyloggers
0 keylogger
0 key-strokes
0 key-stroke
0 evasion
0 Snort
0 QNX
0 Opera
0 OpenBSD
0 Chrome
0 Bulgaria
0 Brazil
0 BRIC

If you are interested and have the time, let me know if you find my blog approachable, and what interests you think would most drive your businesses and professions to read and think about network security.  I think I am gearing up to producing some white papers tailored to many audience types: business, personal, home user, etc.  The goal is to generate interest for consulting contracts. 

No comments:

Post a Comment