|
|
|
sNET Philosophy (Sun Tzu)
How do the strategies of Sun Tzu relate to the sNET product line? "All warfare is based on deception. Therefore, when capable, feign incapacity; when active, inactivity." - 1:18 & 19 To deceive is to defeat. For thousands of years, the commanders of armies have studied the military strategies of the Chinese General Sun Tzu. These very same principles, which he described in his book The Art of War, can be used to create an effective information security strategy. "What is of supreme importance in war is to attack the enemy's strategy." - 3:4 Firewalls and intrusion detection systems react to attacks that are already in progress, and experienced intruders understand how to neutralize these systems before they attack their target. In order to defend against this type of adversary, you need to interfere with them before they are able to launch the attack. The key is to be able to deceive attackers before they expect a security system to be active (i.e., while they are still gathering information to prepare for the attack). By altering the data that an attacker will use, you can manipulate their actions, redirecting them away from your vital network resources. "Attack where he is unprepared; sally out when he does not expect you." - 1:26 To be effective, a complete security system must have both active and passive components. It must be able to combat an attack, but it must also be able to prevent an attack. By acting before it is expected, a complete security solution can use deception to stop or alter the nature of an attack so that the potential intruder's efforts only affect himself, allowing your connections to customers and business partners to continue to function without interruptions. "Offer the enemy a bait to lure him; feign disorder and strike him." - 1:20 Deception systems should have multiple layers, and each layer should create confusion within the mind of potential attackers. Our goal is to prevent them from ever seeing their true objective. The first layer of deception that ought to be deployed is a traditional honeypot such as Recourse Technologies' excellent product ManTrap. This type of honeypot should be placed in a conspicuous location in the network, preferably one that has little or no protection from attackers. This computer is usually configured to resemble a poorly administered server that runs several vulnerable services. A honeypot like this box will attract the less experienced intruders who engage in the vast majority of computer network attacks, but will be bypassed by criminals experienced enough to recognize the nature of this target. |
|
|
|
| Back to top | |
|
|
|
The second layer to deploy is the "unprotected deception environment." This layer is used to confuse attackers who are more sophisticated. These adversaries use complex attacks that require advanced planning and information gathering. This layer of deception may involve simulating targets that are part of the network infrastructure, such as switches, bridges, or routers, but also incorporates methods to alter or skew the data that the attacker gathers as he or she enumerates the network. This layer serves the dual goals of altering the nature of the attack and providing false targets for those attacks. The third layer of deception is the "protected deception environment," and serves to confuse and thwart the professional criminal who is capable of breaching or bypassing firewalls, evading intrusion detection systems, and entering your trusted internal network. This layer must be more subtle than the previous layers. The targets you present must be flexible enough to change their roles in mid-attack. They should, if the situation requires this, be able to redirect his attack back outside of your firewall. "For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill." - 3:3 Other security products react to or interfere with attacks, but ours do much more. Sun Tzu's principles teach us that to be truly effective, we need a product that can also misdirect attacks so that they will fail before any actions can be taken against our networks. sNet is this product. (Quotes from Samuel B. Griffith's Oxford University Press translation of Sun Tzu's Art of War) |
|
| To go back to the main site... click here to close window! | |
|
|
| Back to top | |
|
|
|
|
© Copyright 2001 sNET Systems Corporation. All rights reserved | Site designed by: |