Dear Security Focus Community: This is an announcement for the public release of the publication "A Treatise on Informational Warfare". It is available for download in PDF format at http://63.230.73.253/treatiseiw.pdf and the table of contents is included at the end of this announcement so that you can determine if you have an interest. This research paper involves making connections between informational warfare and enterprise security design. The research focuses on a proposed "Informational Warfare Model" that is based on strategic, operational, and tactical design. It builds on my previous publication "Computer Vulnerabilities" that was released to BugTraq about three years ago, and greatly expands on the conceptualizations that were originally presented. The research should be used to provide assistance on the construction of enterprise security models currently being developed as well as give security professionals a way to predict and understand computer security advancements in technology and their meaning in a networked environment. The publication also provides a moderately detailed explanation and comparison of IW warfare that the proposed framework is capable of which may be interesting reading for non-designers. It covers a capability analysis for human against computerized agent, agent against agent, agent against combined enterprise security, and combined security against combined security. I have made a considerable effort to make this document a detailed and well thought out example and to keep as much speculation as I could out of the text. I certainly welcome all comments and discussion on the model I've presented. Thank you, Eric Knight --------------- "A TREATISE ON INFORMATIONAL WARFARE" TABLE OF CONTENTS Forward. 1 Introduction. 2 Informational Warfare Model 7 Command Layer 9 Communications Layer 9 Agent Layer 10 Functional Layer 10 Facilitators Layer 10 Vulnerabilities Layer 10 Inherent Layer Characteristics. 11 Layer Design Idealisms. 12 Effectiveness Measurements. 12 Command Layer 14 Command Console. 15 Log Repository. 15 Analysis Components. 16 History Analysis. 16 Game Theory. 16 Expert Engine. 17 Heuristic and Statistic Reporting. 17 Scheduling. 17 Account Management 18 Network Component Awareness. 18 Security Policy Management 18 Security Tool Repository. 18 Early Warning System.. 19 Communications Layer 20 Channel Communications. 20 Open Channel 21 Secure Channels. 21 Isolated Channels. 21 Covert Channels. 22 Polymorphic Channels. 22 Alternative Channels. 23 Switching Channels. 23 Public Key Infrastructure. 24 Conventional Encryption. 24 Trust Relationships. 25 Protocol 25 Uniform Standard Protocol 25 Covert Protocol 26 Alternative Protocol 26 Polymorphic Protocol 26 Agent Layer 27 Command Interface. 28 Host Console. 28 Response Reporting. 29 Mission Intelligence. 29 Process Control 29 Sensors and Sensor Analysis. 30 Agent Sensors. 30 Sensor Analysis. 32 Artificial Intelligence. 32 Agent Overload. 32 Functional Layer 34 Layer Considerations. 36 Facilitators. 38 Fastest Order of Discovery. 39 Vulnerabilities Layer 42 Command Layer Construction. 45 Agent Status and Control 46 Command Control 46 Artificial Intelligence. 46 Higher Authority. 47 Agent Layer Construction. 49 Security Network. 50 Artificial Intelligence. 50 Data Processing. 50 Function Control 51 Log File Sensors. 51 Streaming Sensors. 51 Boolean Sensors. 51 Result Sensors. 52 Functional Layer Standardization. 52 Common Network Attack Strategies. 54 Hacker Attack. 54 Viral Infestation. 55 Bee Swarm.. 55 Conscription. 56 Invasion. 57 Crawler 58 Amoeba. 59 Infiltration. 60 Attack Method Comparison. 60 Agent vs Agent Warfare. 62 Agent Attacks. 62 Shutting down processes. 63 Promoting access level 63 Seizure of Security Tools. 63 Creating New Services. 64 Downgrading. 64 Removing the opposition. 64 Disrupting communication. 65 Backdoor 65 Highest Level Access. 65 Binary Scan. 66 Compromising the opposition. 66 Call for help. 66 Ghosts. 67 Analysis Disruption. 67 Sandbox Modification. 67 Resource Starvation. 68 Overload. 68 Rebooting. 68 Agent Defenses. 69 Deep Embedding. 69 Polymorphism.. 69 Advance Awareness. 70 Agent Required for Use. 70 Encrypted Binary Executable. 71 Quarantine. 71 Scuttle. 71 Hide valuables. 72 Honeypot 72 Replication. 72 Mutually assured destruction. 73 Forfeiture of Duties. 73 Aftermath. 74 Scavenging. 74 Searching for valuables. 74 Cleaning the Logs. 75 Customizing the environment 75 Selecting a new target 75 Reporting. 76 Promotion/demotion. 76 Fulfilling the Mission. 76 Event of Capture. 77 Tools in Random Access Memory. 77 Deletion After Execution. 77 Emulation Engines and Polymorphic Machine Code. 77 Polymorphic Machine Code. 77 Emulation Engines. 78 Encryption. 78 Human vs Agent 79 Physical Access. 80 Stolen Password/Identity. 80 Insider Cooperation. 80 Internal Access Point 81 Wiring Control 81 Human Effectiveness. 81 Mission Goals. 83 Espionage. 85 Sabotage. 85 Camouflage. 86 Subterfuge. 86 Programming Evolutions Required for Missions. 87 Agent Communication Structures. 89 Communications Room.. 90 Designated Computer 90 Broadcast Protocol 91 Peer-To-Peer 91 Relay. 92 Private Communication. 93 Three Channel Method. 94 Security Network Warfare. 95 Combined Capabilities. 96 Speed of Communication. 96 Combined Calculation. 96 Robustness of Tools. 96 Artificial Intelligence. 97 Combined Calculation Danger Rating. 97 Complexities of the Mission. 98 Natural Warfare Advantages. 98 Attacking. 98 Ambush Advantage. 98 Mission Advantage. 99 Deterioration Advantage. 99 Anonymity. 99 Siege Advantage. 99 Defending. 99 Preparation Advantage. 99 Network Speed Advantage. 100 Awareness Advantage. 100 Design Advantage. 100 Cyber-Pandemonium.. 101 Conclusion. 103
