Identification and triage of compromised virtual machines
MetadataShow full item record
The increasing volume and sophistication of cyber-attacks, the adoption of virtualization technology, and the slow incorporation of new software on Navy networks has created a unique situation. The status quo has left those responsible for administering and defending Navy networks at a distinct disadvantage. They are unable to leverage current triage tools available to assist in the identification, classification, and recovery aspects of incident response on a computer network. At the same time, their adversaries have no such limitations. This capstone report explores the use of native operating system tools along with mirrored domains in a virtualized environment as a possible strategy to provide these capabilities. For this project, we created a generalized virtual network with mirrored domains. In this environment, we developed a toolkit, comprised of software already available to administrators, and a method for deploying it. We then demonstrated its efficacy in detecting a compromise by inserting malware into a computer in the environment. Finally, we used the mirrored domains within the environment to provide a means for an accelerated recovery. Used together, this native toolset and recovery strategy provide a possible solution for the detection of and response to incidents on a network.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
McDowell, Perry Lewis.; King, Tony Edward (Monterey, California. Naval Postgraduate School, 1995-03);Operational shipboard environments are characterized by uncertainty, short time constraints, stress, multiple sources of information and teamwork. However, most naval training ignores the fundamental three-dimensional and ...
Investigating the utility of coupling COCOMO with a system dynamics simulation of software development Smith, Richard W. (Monterey, California. Naval Postgraduate School, 1991-09);Cost estimation of software, in this era of budgetary constraints, is vitally important to the success or failure of a software project. Although there are many cost estimation models available, cost overruns and late ...
Information Technology and Communications Services (ITACS) (Monterey, California. Naval Postgraduate School, 2016);If there is one word to describe fiscal year 2016, it would be foundational. To understand why this word is so meaningful for FY16, one must recall the past. The creation of ITACS as the centralized IT organization on ...