Artificial Intelligence In The Cyber Domain

While it’s true that there is a growing need to fill the cyber workforce with human talent, artificial intelligence will play a vital role in the future. This notion often reminds me of the movie the Matrix where a cyber intelligence is self-aware. However, this is a highly exaggerated and fictional scenario.

Automating what can be done with incident response is not science fiction.  However, it is becoming more of a reality. So where does this lead? Even highly technical personnel in software engineering and all things cyber-related must be cognizant of the changes taking place around them and be able to adapt. The skills needed to perform certain job functions will become more technical while some less so. Code will be developed with security in mind, but also rely more on automation. Sound too far-fetched that things will be more automated? Don’t be so sure.

I remember reading an article back in April about MIT making some amazing advances in cyber security. In particular, MIT was able to develop an artificial intelligence system that detected 85% of cyber-attacks. Not bad for a first go around, wouldn’t you say? And that was only earlier this year. I have included a link to the original article here: http://thehackernews.com/2016/04/artificial-intelligence-cyber-security.html It also includes a video demonstration on how this stuff works.

If MIT was able to do this with 85% accuracy, imagine two or three years from now. It then begs the question: What will happen to the human side of cyber-security? Does this now put all of us involved in cyber-security in some kind of jeopardy? To some extent yes. However, there will continue to be a need to have some humans involved with monitoring and maintaining systems.

Fast forward a few months, and there are some other interesting advances being made with artificial intelligence in regards to cyber-security. I won’t list all the details here, but I’m sure you can find them yourself searching google.

So some final thoughts. If you’ve read the book Where Wizards Stay Up Late, Katie Hafner and Matthew Lyon mention Licklider’s interesting view about the role of machines. In his paper, J. C. R. Licklider notes about the symbiotic relationship between man and machine. It’s an interesting paper and I recommend you read it. Machines essentially are not a threat to man’s existence so long as we keep them in check. In reality, there continues to be little evidence of artificial intelligence really overtaking us like in the Terminator scenario. Cyber-security therefore will involve both man and machine working side by side. It is crucial that we have systems that can automate our cyber defenses and offenses, especially given the threats we face around the world. Let’s face it, the bad hackers are winning. With AI on our side however, this changes things drastically.

WEBSITE TRACKDOWN WITH SLOWRIS DOS

A DoS attack is a type of attack where an attacker can suspend services of a host or a website by sending a large amount of traffic and making request constantly from two or more computer or by sending a large number of the packet which makes small servers overload and server goes crash and result “Destination unreachable.”

Here I am going to DOS using Perl base program name Slowloris developed by Robert “RSnake” Hansen. Slowloris is a very useful program which allows a single machine to take down another machine’s web server with minimal bandwidth and side effects on unrelated services and ports. It keeps connection open of the target and keeps sending a request, and after some time some become unresponsive to another request which results in server down. It is straightforward to use this program for which I am going to give step by step tutorial below.

STEP 1 As I said it’s Perl base program, mostly I use this program on some Linux distro but I will use Windows this time so that lots of users can use this. So to run this program, you have to install Per on your computer so first download Perl from: HERE

STEP 2: In this step, you have to copy some text from the Slowloris and paste it to your notepad but for saving time I have already done these steps for you, so you have to download this slowloris program from here: DOWNLOAD

STEP 3: Save it to your c drive, for example, c:”slowloris.”

STEP 4: Now go to command and type cd:

STEP 5 Now type slow.pl to run Slowloris.pl to check you have done the above steps correctly or not. If you have done the steps correctly, then you will see Slowloris.

STEP 4 OK now you have to choose your target as I am going to attack a vulnerable website, here you don’t need to ping the site to get the IP address

STEP 5 OK now we came to the main point in the command type “slow.pl -DNS www.yourtarget.com -port 80 -timeout 500 -num 500 -tcpto 5 -httpready “

Now Slowloris will start sending packets to your target.

And now after waiting some time the site has been taken down as you can see I am pinging to google to prove that my internet is working. 

If you want to make it more powerful then run multiple Slowloris attacks as shown below

but watch out for CPU heat and process

DISCLAIMER: 
This post is for educational purpose only. It depends on the user how do they use it for, I (and developers) are not responsible for any damage cause by the program that user did.

BEST FIREWALL FOR YOUR FIRM

I’ve seen the main facts about Security in the last months, and I still get amazing on how enterprises are being affected by several kinds of attacks. When taking a time to analyze it, we can figure out the main problem for all of these issues – a complete lack of strategies, good practices and architecture for cybersecurity.

I don´t want to blame several great Security Leaders and Corporations, because these leaders are always working on this kind of awareness, however, the culture they work to implement are not properly followed by its employees. In some cases, do the right thing is something that other levels of the companies have a problem to do and go forward, and unfortunately, great names of cybersecurity area in some companies will pay the price for this lack of commitment.

The question in this case is… why does it happens? Obviously we are always dealing with people with a huge technical knowledge and with a high skills at several social engineering methods. In some cases, even we get some old-fashioned threats, some users are caught due to the high social engineering method used to go further in the threat purpose.

At this time we get in the part where your Information Security Team needs to assume the responsibility to create an awareness to all users in the Company to avoid future problem related to Security and a complete and great Information Security Program is the way to move on! After all, you as a Security Practioner have the tools and the knowledge for this.

We can defined it like a place where people feel safe because a wide steal wall is around then avoiding external attacks or stealing attempts. Suddenly something happens and that incorruptible place is invaded and you don´t know what was the root cause for that. After some research you realize a tiny hole in that steal wall which gave to external attacks the possibility of little by little creating a big problem and putting your place as a target.

Maybe that´s the reality of your Company. Even having the best equipment, the best IT and IS professional stuff, if  you don´t have processes, responsibilitiy definition or environment analysis, Surely you will be the next target, soon or later.

How are your environment built? Are you aware about the flow of your network? Servers and workstations are installed according the the best security practices? Security should be considered at the beginning of any project and it´s the key for the success and avoid several problems and costs.

Take a time to create all possible documentation of your environment, assets and processes. use the concepts of RACI Matrix to keep clear who is responsible for each part of the environment. Below a link where you can better understand what RACI Matrix is and how it can help you:

Define an access control policy just to make sure that only authorized people are having access to the critical places and  having the proper access to files and folders.

It´s also important to take note of the main Active Directory Groups – the ones with access to sensitive documents and information in your network. Each department needs to have an owner to control who can have access to its information.

Your company also needs to have a DLP Policy, starting at Human Resources department. Every employee must sign a document of confidentiality to avoid a leakage of sensitive corporate information. Also take care of external devices or pen drives which can be used to steal sensitive data. Most of companies are blocking any kind of USB Storage, allowing it only for authorized people using corporate devices.

Avoid giving users access to their personal emails – it´s a way to steal data.

What´s the core business of your company? Which Security Rules you need to work with? ISO, PCI, etc. Follow a method that fits to your business and goes deep inside to guarantee the most level of security. It´s just some points you should follow when creating a security program to your company. We have several others I will discuss here in future opportunities!

That’s my first contribution for Cybrary Op3n Initiative! It was a pleasure to be part of this! Hope to come back here and write more about security!