The National Academies Press

Currently Skimming:

7 Category 4 - Deterring Would-Be Attackers and Penalizing Attackers
Pages 169-180

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 169... ... 7 Category 4 -- Deterring Would-Be Attackers and Penalizing Attackers T he goal of requirements in Category 4 -- Deterring would-be attack ers and penalizing attackers, is that of deterring would-be attackers from taking actions that could result in the compromise of a system or network and penalizing attackers who do take such actions. This broad category in the committee's illustrative research agenda includes legal and policy measures that could be taken to penalize or impose consequences on cyberattackers and technologies that support such measures. Read the entire page →
From page 170... ... In principle, of course, cyberattackers can be held accountable for actions that cause harm in cyberspace through criminal or civil penalties. Such action requires a good characterization of what constitutes behavior that warrants criminal penalties, as well as the ability to identify the party responsible (see Section 5.1) Read the entire page →
From page 171... ... Straub, Seymour Goodman, and Richard Baskerville (eds.) , Information Security: Policies, Processes, and Practices, M.E. Read the entire page →
From page 172... ... TowARd A SAFeR And moRe SeCuRe CyBeRSPACe gather as much information about attacker activity as possible.2 Honeypots of the first type can be quite simple to install and manage, although the information they provide on attackers may be limited, and the nature of the honeypot itself may be more susceptible to discovery by a skilled attacker. Honeypots of the second type are considerably more complicated, requiring much more skill to set up and manage, although the richness of information that they are capable of gleaning about attackers and techniques also increases, while the true nature of these honeypots may also be more difficult for attackers to discover. Read the entire page →
From page 173... ... CATeGoRy -- deTeRRInG And PenALIZInG ATTACKeRS discovered the nature of the honeypot and how the attacker might try to hide his or her tracks (e.g., altering log files, attempting to damage or crash the honeypot, and so on) Read the entire page →
From page 174... ... In 1984, the Federal Bureau of Investigation established its Computer Analysis and Response Team to address the needs of investigators and prosecutors to examine computer evidence in a structured and programmatic manner. What was then called computer forensics has evolved to include any evidence in digital form (e.g., audio, video, and data) Read the entire page →
From page 175... ... ," th national Computer Security Conference, pp. 641-650, October 1992. Read the entire page →
From page 176... ... TowARd A SAFeR And moRe SeCuRe CyBeRSPACe rigor.16 This foundation is required in order to mandate and interpret the standards applied to digital evidence and to establish the qualifications of digital forensics professionals through a certification process.17 Military and business forensics needs range across a broad spectrum, from traffic analysis tools and instrumentation of embedded systems to handling massive data volume and network monitoring, and they require a similar foundation to deal with increasing complexity and broader application.18 The embedding of computational resources in other devices, for instance, seems likely to increase the complexity of digital forensics and the extent of its usefulness. Two examples are the recovering and reconstructing of detail from Global Positioning System units built into cars to determine recent movements of a suspect auto, and the recovery of phone books, notes, and call information from cellular telephones. Read the entire page →
From page 177... ... CATeGoRy -- deTeRRInG And PenALIZInG ATTACKeRS • ssues of integrity in digital evidence. This research would address I the need to ensure the integrity of digital evidence, which is inher ently fragile and almost always suspect. Read the entire page →
From page 178... ... TowARd A SAFeR And moRe SeCuRe CyBeRSPACe potentially relevant information may be stored means that new protocols and tools must be developed for each device. Relevant information may be buried amidst large volumes of other irrel evant information and may be distributed across many different devices or locations. Read the entire page →
From page 179... ... 32 Tyler Moore, "The Economics of Digital Forensics," presented at the Fifth Annual Work shop on the Economics and Information Security, Cambridge, England, June 26-28, 2006. Read the entire page →
From page 180... ... 0 TowARd A SAFeR And moRe SeCuRe CyBeRSPACe One example of a significant policy issue is that of addressing the tension between forensics and privacy. Concerns about privacy have motivated the development of counter-forensic tools. Read the entire page →

From page 169...

... 7 Category 4 -- Deterring Would-Be Attackers and Penalizing Attackers T he goal of requirements in Category 4 -- Deterring would-be attack ers and penalizing attackers, is that of deterring would-be attackers from taking actions that could result in the compromise of a system or network and penalizing attackers who do take such actions. This broad category in the committee's illustrative research agenda includes legal and policy measures that could be taken to penalize or impose consequences on cyberattackers and technologies that support such measures.

Read the entire page →

From page 170...

... In principle, of course, cyberattackers can be held accountable for actions that cause harm in cyberspace through criminal or civil penalties. Such action requires a good characterization of what constitutes behavior that warrants criminal penalties, as well as the ability to identify the party responsible (see Section 5.1)

Read the entire page →

From page 171...

... Straub, Seymour Goodman, and Richard Baskerville (eds.) , Information Security: Policies, Processes, and Practices, M.E.

Read the entire page →

From page 172...

... TowARd A SAFeR And moRe SeCuRe CyBeRSPACe gather as much information about attacker activity as possible.2 Honeypots of the first type can be quite simple to install and manage, although the information they provide on attackers may be limited, and the nature of the honeypot itself may be more susceptible to discovery by a skilled attacker. Honeypots of the second type are considerably more complicated, requiring much more skill to set up and manage, although the richness of information that they are capable of gleaning about attackers and techniques also increases, while the true nature of these honeypots may also be more difficult for attackers to discover.

Read the entire page →

From page 173...

... CATeGoRy -- deTeRRInG And PenALIZInG ATTACKeRS discovered the nature of the honeypot and how the attacker might try to hide his or her tracks (e.g., altering log files, attempting to damage or crash the honeypot, and so on)

Read the entire page →

From page 174...

... In 1984, the Federal Bureau of Investigation established its Computer Analysis and Response Team to address the needs of investigators and prosecutors to examine computer evidence in a structured and programmatic manner. What was then called computer forensics has evolved to include any evidence in digital form (e.g., audio, video, and data)

Read the entire page →

From page 175...

... ," th national Computer Security Conference, pp. 641-650, October 1992.

Read the entire page →

From page 176...

... TowARd A SAFeR And moRe SeCuRe CyBeRSPACe rigor.16 This foundation is required in order to mandate and interpret the standards applied to digital evidence and to establish the qualifications of digital forensics professionals through a certification process.17 Military and business forensics needs range across a broad spectrum, from traffic analysis tools and instrumentation of embedded systems to handling massive data volume and network monitoring, and they require a similar foundation to deal with increasing complexity and broader application.18 The embedding of computational resources in other devices, for instance, seems likely to increase the complexity of digital forensics and the extent of its usefulness. Two examples are the recovering and reconstructing of detail from Global Positioning System units built into cars to determine recent movements of a suspect auto, and the recovery of phone books, notes, and call information from cellular telephones.

Read the entire page →

From page 177...

... CATeGoRy -- deTeRRInG And PenALIZInG ATTACKeRS • ssues of integrity in digital evidence. This research would address I the need to ensure the integrity of digital evidence, which is inher ently fragile and almost always suspect.

Read the entire page →

From page 178...

... TowARd A SAFeR And moRe SeCuRe CyBeRSPACe potentially relevant information may be stored means that new protocols and tools must be developed for each device. Relevant information may be buried amidst large volumes of other irrel evant information and may be distributed across many different devices or locations.

Read the entire page →

From page 179...

... 32 Tyler Moore, "The Economics of Digital Forensics," presented at the Fifth Annual Work shop on the Economics and Information Security, Cambridge, England, June 26-28, 2006.

Read the entire page →

From page 180...

... 0 TowARd A SAFeR And moRe SeCuRe CyBeRSPACe One example of a significant policy issue is that of addressing the tension between forensics and privacy. Concerns about privacy have motivated the development of counter-forensic tools.

Read the entire page →

Key Terms

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

7 Category 4 - Deterring Would-Be Attackers and Penalizing Attackers Pages 169-180

7 Category 4 - Deterring Would-Be Attackers and Penalizing Attackers
Pages 169-180