Case Studies in Stolen Credential Attacks and Solutions for Network Access Control
Time 10/10/07 10:30AM-11:45AM
In recent years, a significant new threat (Stolen Credentials) has emerged that has required the development of new detection, forensic, and remediation techniques, as well as requiring changes in threat assessment. This attack is especially difficult to combat with conventional methods, as attackers use valid credentials from known systems to compromise additional systems. LBL is a pioneer in the study of this new threat and will present actual case studies of international proportions covering detection, forensics, response, mitigation, lessons learned, and law enforcement involvement.
Enterprise Networks have internal monitoring and access control issues which are distinctly different from those which affect its relationship to the Internet as a whole. Internal traffic patterns and threat models are potentially of greater interest and concern to the network administrator than those of the internet at large, due in a substantial degree to the lack of understanding of internal traffic patterns, and the lack of tools to monitor and to enforce internal network policies.
Lawrence Berkerley National Lab is addressing these issues and others via the deployment of extremely cost-effective COTS equipment within each broadcast domain in its enterprise network. This auto-configuring equipment not only passively monitors for network anamolies, such as intra-subnet scanning activity, but also allows for active traffic shaping and control within each broadcast domain.
LBNL's implementation essentially slaves the monitoring and control equipment to central servers which thus have a centralized view and aggregation of the distributed data. Network access and control enforcement is also centralized in an elegant and natural manner due to the nature of the implementation.
Speaker Jim Mellander Lawrence Berkeley National Laboratory
Secondary tracks System and Network Security for Advanced Networks