Validating and Restoring efense in epth Using Attack Graphs Richard Lippmann, Kyle Ingols, hris Scott, Keith Piwowarski, Kendra Kratkiewicz, Mike Artz, Robert unningham MIT Lincoln Laboratory 244 Wood Street Lexington, Massachusetts Abstract efense in depth is a common strategy that uses layers of firewalls to protect Supervisory ontrol and ata Acquisition (SAA) subnets and other critical resources on enterprise networks.
Simulations on networks with up to 50,000 hosts demonstrate that this approach scales well to enterprise-size networks. INTROUTION efense in depth is a common strategy used to protect critical resources on enterprise networks as well as Supervisory ontrol and ata Acquisition (SAA) and other process control subnets.
(Patent Abstract) Ingols, K., Lippmann, R., Piwowarski, K., Pratical Attack Graph Generation for Network Defense, Computer Security Applications Conference, Miami Beach, Florida, December 11, 2006. W., An Interactive Attack Graph Cascade and Reachability Display, VIZSEC 2007, Sacramento, CA.
(Full Paper) Lippmann, R., Ingols, K., An Annotated Review of Past Papers on Attack Graphs - PR-IA-1, MIT Lincoln laboratory Project Report, 31 March 2005. W., Plugging the Right Holes, MIT Lincoln Laboratory Journal, Lexington, MA. (Journal Article) Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Cunningham, R., Validating and Restoring Defense in Depth using Attack Graphs, MILCOM 2006, Washington, DC, 23 October 2006.
We implemented our technique in a tool suite and tested it on a small network example, which includes models of a firewall and an intrusion detection system.
We propose empirically testing security products’ detection rates by linking multiple pieces of data such as network traffic, executable files, and an email to the attack that generated all the data.
The foregoing being true may result in a substantial examination of the problem but it leaves the human factor area untended.
If systems (devices, computers, routers, switches) are not the answer to security why is it then the human factor is ignored?
There is often a perimeter firewall between a corporate enterprise network and the internet, internal firewalls protect subnets for separate enterprise units, and deeper internal firewalls protect critical subnets.
Although carefully collected, accuracy cannot be guaranteed. Differing provisions from the publisher's actual policy or licence agreement may be applicable.
Lippmann, R., Ingols, K., and Piwowarski, K., Generating a Multiple-Prerequisite Attack Graph, Patent 7,971,252, Issued 28 June 2011.
Construction by hand, however, is tedious, error prone, and impractical for attack graphs larger than a hundred nodes.
In this paper we present an automated technique for generating and analyzing attack graphs.