Identification and triage of compromised virtual machines
MetadataShow full item record
The increasing volume and sophistication of cyber-attacks, the adoption of virtualization technology, and the slow incorporation of new software on Navy networks has created a unique situation. The status quo has left those responsible for administering and defending Navy networks at a distinct disadvantage. They are unable to leverage current triage tools available to assist in the identification, classification, and recovery aspects of incident response on a computer network. At the same time, their adversaries have no such limitations. This capstone report explores the use of native operating system tools along with mirrored domains in a virtualized environment as a possible strategy to provide these capabilities. For this project, we created a generalized virtual network with mirrored domains. In this environment, we developed a toolkit, comprised of software already available to administrators, and a method for deploying it. We then demonstrated its efficacy in detecting a compromise by inserting malware into a computer in the environment. Finally, we used the mirrored domains within the environment to provide a means for an accelerated recovery. Used together, this native toolset and recovery strategy provide a possible solution for the detection of and response to incidents on a network.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
McDowell, Perry Lewis.; King, Tony Edward (Monterey, California. Naval Postgraduate School, 1995-03);Operational shipboard environments are characterized by uncertainty, short time constraints, stress, multiple sources of information and teamwork. However, most naval training ignores the fundamental three-dimensional and ...
Investigating the utility of coupling COCOMO with a system dynamics simulation of software development Smith, Richard W. (Monterey, California. Naval Postgraduate School, 1991-09);Cost estimation of software, in this era of budgetary constraints, is vitally important to the success or failure of a software project. Although there are many cost estimation models available, cost overruns and late ...
Current, Michael; Gilbert, David; Golden, Bruce; Lennartz, John; Real Consultants - Real Results, Ltd. (Monterey, California. Naval Postgraduate School, 2007-09);EXECUTIVE SUMMARY: Commonly shared situational awareness is essential to the success of almost any team endeavor. Many information networks and processes in the military environment are specifically designed to collect, ...