Throughout history, man has worked to improve the quality of life. A brief history of the 20th century reveals countless inventions from automobiles to airplanes, vacuums to microwave ovens, and contact lenses to Viagra. Many things we use every day were once a dream in the inventor’s eye but the invention of the computer has taken us even further that any dream could ever hope.
Today, the computer is everywhere. Computers are the tools used in banks and businesses, by engineers, scientists, and educators as well as millions of people around the world. Computers can accomplish many tasks with extreme accuracy and speed. We can gain a lot of information using the computer and we can store a huge amount of data on it. We could not imagine a world without the computer but no great invention has ever come about with an element of risk.
The history of computer hacking dates back to the onset of computers. A computer hacker is one who develops, changes or attempts to circumvent computer security hardware and software. People hack computers for positive and negative (criminal) reasons. Criminal hackers develop computer malware or spyware to gain access to confidential information. This type of exploration may have started as a game but has rapidly, and dangerously progressed due to increasing reliance upon the computer.
As the business of hacking becomes more sophisticated, so has the art of defense techniques in detecting and destroying computer threats. A new class of threats called “Advanced Persistent Threat” (APT) targets highly sensitive economic, proprietary, and national security computer networks.
Lockheed Martin is a global security company specializing in the protection of some of the most sensitive information systems in the world. Lockheed Martin believes it is possible to understand, anticipate, and even lessen the damage based upon knowledge of that threat. The term “Cyber Kill Chain” is the process used to describe the different stages of cyber-attack.
Each stage of the chain completes a specific step along the path to attacking a given system, these may occur in parallel or sequence of previous stages can be switch. The main strength of using the kill chain model is showing how long an attacker can progress in their attack, amount of damage, and what kind of forensic investigation must be performed as a result. For each type of attack the system administrator can ask these question: “Was this a successful breach” and “Did the attackers get to their intended goal”. A typically attack is based on how much the attack knows of how the structure and process of the system was devolved, thus the response should be based on the same structure and process an attacker might use. This allows an IT department to develop a result oriented set of security procedures to prevent attacks against the system. Yet this model does have a weakness focusing only on the perceived weakness in the system without any proof that the target is of any value to the attacker. Using the cyber kill chain and understanding the signature of an APT can help defensive harden capabilities, this includes security controls and action that can be implemented or improved to detect, deny, and contain and attack scenario.