Team 1 Sec1

From CyberSecurity
Revision as of 05:01, 23 October 2005 by Ervieitez (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

At the request of the Department of Homeland Security, a team composed of six engineers and policy professionals has tested cyber-security vulnerabilities in the US economy. In particular, the “red team” exercise focuses on testing the security of computers used at homes, corporations (example Walmart) and the financial sector (interacting with the New York Stock Exchange). The type of attack exemplified in this exercise is a relatively simple case of a cyberterrorist attack., which is limited in scope to only information technology (IT) attacks. A plausible terrorist plot would combine an IT attack with other physical components; in that case, the physical action would be worsened by the use of IT, for example by decreasing quick responses to the attack, or proving false information through the Internet to spread fear in the population.

The main attack technique in this red-team exercise is to exploit the “buffer overflow vulnerability”. The evaluation of this exercise includes: (1.1) the vulnerabilities exposed, (1.2) the estimated difficulty and (1.3) the estimated cost/feasibility of defending against other similar attacks in the future. Policy implications of (1.1) through (1.3) are presented in (1.4).

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Team_1_Sec1&oldid=2102"