Hardening The Internet: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
 
(17 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Full Title of Reference==
==Full Title of Reference==
Hardening The Internet : Final Report and Recommendations by the Council
Hardening The Internet: Final Report and Recommendations by the Council


==Full Citation==
==Full Citation==


Nat'l Infrastructure Advisory Council ''Hardening The Internet'' (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  ''Web''] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf ''AltWeb'']
Nat'l Infrastructure Advisory Council, ''Hardening The Internet'' (2004). [http://www.cyber.st.dhs.gov/docs/NIAC%20Internet%20Hardening.pdf  ''Web''] [http://www.dhs.gov/xlibrary/assets/niac/NIAC_HardeningInternetPaper_Jan05.pdf ''AltWeb'']


[http://cyber.law.harvard.edu/cybersecurity/?title=Special:Bibliography&view=detailed&startkey=NIAC:2004&f=wikibiblio.bib BibTeX]
[http://cyber.law.harvard.edu/cybersecurity/Special:Bibliography?f=wikibiblio.bib&title=Special:Bibliography&view=detailed&action=&keyword=NIAC:2004 ''BibTeX'']


==Categorization==
==Categorization==
* Resource by Type: [[US Government Reports and Documents]]
* Resource by Type: [[US Government Reports and Documents]]
* Issues: [[Public-Private Cooperation]]
* Approaches: [[Government Organizations]]; [[Private Efforts/Organizations]]; [[Technology]]


==Key Words==
==Key Words==
[[Keyword_Index_and_Glossary_of_Core_Ideas#Best_Practices | Best Practices]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Botnet | Botnet]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Computer_Network_Attack | Computer Network Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Crime | Cyber Crime]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Security_as_a_Public_Good | Cyber Security as a Public Good]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&_Development | Research & Development]]
[[Keyword_Index_and_Glossary_of_Core_Ideas#DDoS_Attack | DDoS Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Intelligence_Infrastructure/Information_Infrastructure | Intelligence Infrastructure/Information Infrastructure]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Internet_Service_Providers | Internet Service Providers]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Malware | Malware]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Phishing | Phishing]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Research_&_Development | Research & Development]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#Worm | Worm]]


==Synopsis==
==Synopsis==
The Council’s report focuses its recommendations in the following three areas:  
'''Executive Summary:'''


1) Near-term Approaches: Encouraging the adoption of Best Current Practices as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;
The Internet was designed 35 years ago as a robust, distributed network without centralized control in order to provide resiliency against a multitude of attacks, including nuclear war.
Globally, the Internet has been substantially built out and built up throughout the last decade.  The Internet is more than just a network of routers. Across the world, it has a network of computers, ranging from high-end computing environments and server farms in offices to enduser, personal computers in households. This distributed network of systems has proven
resilient, especially to point failures such as the 9/11 terrorist attacks, natural disasters, or backhoes. The most consequential events to affect the functioning of the Internet and its dependent businesses have been attacks coming from within the Internet itself (e.g., the spread of worms, such as the Morris and Slammer worms and denial of service attacks against the services and protocols that make up key sections of the Internet).


2) Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;
While education and awareness programs, research and development, and increased law enforcement activities are ongoing to harden the Internet, the Council has developed more effective and efficient recommendations the Federal Government can implement, in partnership with industry to protect the network infrastructure, computers, and other devices attached to the Internet. This has become particularly important because more needs to be done to address the dynamic, changing environment and increasingly new audience of end-users. 


3) Empowerment: In the near and long term, Internet Service Providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.
Specifically, the National Strategy to Secure Cyberspace, which was released in February 2003, has provided foundational guidance to harden the Internet, providing effective cyber-security tools and education to home users and small businesses through many outreach, awareness, and education efforts. The establishment of the US Computer Emergency Response Team (US-CERT) and its National Cyber Alert System provide a step toward a national awareness campaign. The alert system provides periodic alerts, tips, best practices and other guidance for dissemination to all sectors of our society. The Department of Homeland Security (DHS) also provides cyber security tips to home users and small businesses through the  National Cyber Security alliance’s StaySafeOnline campaign to help educate all users about basic security practices, and to increase overall awareness as well as cyber security tool kits
that can be disseminated to both groups.  


Despite progress, cyber attacks are costing the government and industry billions of dollars annually, which will likely increase in years to come. To help further progress, the President asked the Council in July 2003, to examine ways to harden the Internet. As a result, the Council created a Working Group to evaluate the work of many organizations and recommend ways for the Federal Government to address the President’s request. Such organizations include: the National Security Telecommunications Advisory Council, the National Cyber Security Partnership, and US-CERT. The Working Group relied on the expertise of more than thirty study group participants, including individuals who were involved in designing the Internet 35 years ago.
The Council’s report focuses its recommendations in the following three areas:
# Near-term Approaches: Encouraging the adoption of Best Current Practices (BCPs)2 as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;
# Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;
# Empowerment: In the near and long term, Internet Service Providers (ISPs)3 and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.
The Council recognizes that other NIAC reports have considered a host of other issues surrounding the health of the Internet including:
* Vulnerability disclosure
* Regulatory and proper role of government intervention
* Prioritizing vulnerabilities
* Vulnerability scoring
* Information sharing, and interdependency and risk assessment.
This report does not seek to revisit those issues. Following the Background section are the specific recommendations made by the Council. Detailed discussions of the recommendations
are found in the Recommendation Discussion sections. This report concludes with a list of resources the Council found useful and of interest within the Internet security arena.


==Additional Notes and Highlights==
==Additional Notes and Highlights==
Expertise Required: Technology - High
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl
For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl


For another working group's report from the same day see PRIORITIZING CYBER VULNERABILITIES at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf
For another working group's report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf
 


Outline:
Outline:
  ACKNOWLEDGEMENTS
  Acknowledgements
  EXECUTIVE SUMMARY
  Executive Summary
  BACKGROUND
  Background
   RECOMMENDATION AREA I  
   Recommendation Area I  
   Recommendations: Adoption of Security Best Practices  
   Recommendations: Adoption of Security Best Practices  
   Recommendations: Awareness of Security Best Practices   
   Recommendations: Awareness of Security Best Practices   
   RECOMMENDATION AREA II  
   Recommendation Area II
   Recommendations: Research and Development  
   Recommendations: Research and Development  
   RECOMMENDATION AREA III  
   Recommendation Area III  
   Recommendations: Empowering Service Providers and Law Enforcement   
   Recommendations: Empowering Service Providers and Law Enforcement   
  SECTION 2 – RECOMMENDATION DISCUSSION
  Section 2 – Recommendation Discussion
   RECOMMENDATION AREA I   
   Recommendation Area I   
   Adoption of Security Best Practices  
   Adoption of Security Best Practices  
     1A: Measuring Best Practice Adoption   
     1A: Measuring Best Practice Adoption   
     1B: Route and Packet Filtering   
     1B: Route And Packet Filtering   
   Awareness of Security Best Practices  
   Awareness of Security Best Practices  
     1C: End-User or General Public Education   
     1C: End-User or General Public Education   
     1D: Industry Continuing Education   
     1D: Industry Continuing Education   
   RECOMMENDATION AREA II  
   Recommendation Area II  
     2A: Routing Registries for Securing Inter-Domain Routing   
     2A: Routing Registries for Securing Inter-Domain Routing   
     2B: Scalable Management and Anomaly Detection Tools   
     2B: Scalable Management and Anomaly Detection Tools   
     2C: Forensics at High Data Rates  
     2C: Forensics at High Data Rates  
     2D: Scalable Vulnerability and Flow Analysis  
     2D: Scalable Vulnerability and Flow Analysis  
   RECOMMENDATION AREA III  
   Recommendation Area III  
     3A: Empowering Internet Service Providers  
     3A: Empowering Internet Service Providers  
     3B: Enhancement of Online Law Enforcement
     3B: Enhancement of Online Law Enforcement
  APPENDIX A: ORGANIZATIONAL RESOURCES
  Appendix A: Organizational Resources
  APPENDIX B: DOCUMENTS AND RESEARCH PAPERS
  Appendix B: Documents and Research Papers

Latest revision as of 14:49, 30 July 2010

Full Title of Reference

Hardening The Internet: Final Report and Recommendations by the Council

Full Citation

Nat'l Infrastructure Advisory Council, Hardening The Internet (2004). Web AltWeb

BibTeX

Categorization

Key Words

Best Practices, Botnet, Computer Network Attack, Cyber Crime, Cyber Security as a Public Good, Department of Homeland Security, DDoS Attack, Intelligence Infrastructure/Information Infrastructure, Internet Service Providers, Malware, Phishing, Research & Development, Worm

Synopsis

Executive Summary:

The Internet was designed 35 years ago as a robust, distributed network without centralized control in order to provide resiliency against a multitude of attacks, including nuclear war. Globally, the Internet has been substantially built out and built up throughout the last decade. The Internet is more than just a network of routers. Across the world, it has a network of computers, ranging from high-end computing environments and server farms in offices to enduser, personal computers in households. This distributed network of systems has proven resilient, especially to point failures such as the 9/11 terrorist attacks, natural disasters, or backhoes. The most consequential events to affect the functioning of the Internet and its dependent businesses have been attacks coming from within the Internet itself (e.g., the spread of worms, such as the Morris and Slammer worms and denial of service attacks against the services and protocols that make up key sections of the Internet).

While education and awareness programs, research and development, and increased law enforcement activities are ongoing to harden the Internet, the Council has developed more effective and efficient recommendations the Federal Government can implement, in partnership with industry to protect the network infrastructure, computers, and other devices attached to the Internet. This has become particularly important because more needs to be done to address the dynamic, changing environment and increasingly new audience of end-users.

Specifically, the National Strategy to Secure Cyberspace, which was released in February 2003, has provided foundational guidance to harden the Internet, providing effective cyber-security tools and education to home users and small businesses through many outreach, awareness, and education efforts. The establishment of the US Computer Emergency Response Team (US-CERT) and its National Cyber Alert System provide a step toward a national awareness campaign. The alert system provides periodic alerts, tips, best practices and other guidance for dissemination to all sectors of our society. The Department of Homeland Security (DHS) also provides cyber security tips to home users and small businesses through the National Cyber Security alliance’s StaySafeOnline campaign to help educate all users about basic security practices, and to increase overall awareness as well as cyber security tool kits that can be disseminated to both groups.

Despite progress, cyber attacks are costing the government and industry billions of dollars annually, which will likely increase in years to come. To help further progress, the President asked the Council in July 2003, to examine ways to harden the Internet. As a result, the Council created a Working Group to evaluate the work of many organizations and recommend ways for the Federal Government to address the President’s request. Such organizations include: the National Security Telecommunications Advisory Council, the National Cyber Security Partnership, and US-CERT. The Working Group relied on the expertise of more than thirty study group participants, including individuals who were involved in designing the Internet 35 years ago.

The Council’s report focuses its recommendations in the following three areas:

  1. Near-term Approaches: Encouraging the adoption of Best Current Practices (BCPs)2 as the most effective approach to harden existing defenses against attack. The Council centers these recommendations on education and awareness initiatives and research into the adoption of BCPs;
  2. Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centers these recommendations on more robust research and development;
  3. Empowerment: In the near and long term, Internet Service Providers (ISPs)3 and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.

The Council recognizes that other NIAC reports have considered a host of other issues surrounding the health of the Internet including:

  • Vulnerability disclosure
  • Regulatory and proper role of government intervention
  • Prioritizing vulnerabilities
  • Vulnerability scoring
  • Information sharing, and interdependency and risk assessment.

This report does not seek to revisit those issues. Following the Background section are the specific recommendations made by the Council. Detailed discussions of the recommendations are found in the Recommendation Discussion sections. This report concludes with a list of resources the Council found useful and of interest within the Internet security arena.

Additional Notes and Highlights

Expertise Required: Technology - High

For a list of Best Current Practices, see the National Reliability and Interoperability Council’s Best Practices Selector at http://www.bell-labs.com/cgiuser/krauscher/bestp.pl

For another working group's report from the same day see Prioritizing Cyber Vulnerabilities at http://www.dhs.gov/xlibrary/assets/niac/NIAC_CyberVulnerabilitiesPaper_Feb05.pdf


Outline:

Acknowledgements 
Executive Summary
Background
 Recommendation Area I 
  Recommendations: Adoption of Security Best Practices 
  Recommendations: Awareness of Security Best Practices  
 Recommendation Area II
  Recommendations: Research and Development 
 Recommendation Area III 
  Recommendations: Empowering Service Providers and Law Enforcement  
Section 2 – Recommendation Discussion
 Recommendation Area I  
  Adoption of Security Best Practices 
   1A: Measuring Best Practice Adoption  
   1B: Route And Packet Filtering  
  Awareness of Security Best Practices 
   1C: End-User or General Public Education  
   1D: Industry Continuing Education  
 Recommendation Area II 
   2A: Routing Registries for Securing Inter-Domain Routing  
   2B: Scalable Management and Anomaly Detection Tools  
   2C: Forensics at High Data Rates 
   2D: Scalable Vulnerability and Flow Analysis 
 Recommendation Area III 
   3A: Empowering Internet Service Providers 
   3B: Enhancement of Online Law Enforcement
Appendix A: Organizational Resources
Appendix B: Documents and Research Papers