Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/22/2010
12:50 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

DHS To Pilot Enhanced Network Intrusion Prevention Technology

The Department of Homeland Security (DHS) will be partnering with a government agency and an internet service provider to trial an enhanced and upcoming version Einstein, a system used to help secure the networks of certain federal departments and agencies.

The Department of Homeland Security (DHS) will be partnering with a government agency and an internet service provider to trial an enhanced and upcoming version Einstein, a system used to help secure the networks of certain federal departments and agencies.According to a Privacy Impact Assessment (PIA) released (.PDF) last week by the DHS, the latest version of the system, known as Einstein 3, will not only identify potential attacks, as the previous versions did, but also block them. From the description in the PIA:

EINSTEIN 3, will draw on commercial technology and specialized government technology to conduct real-time full packet inspection and threat-based decision-making on network traffic entering or leaving these executive branch networks. The goal of EINSTEIN 3 is to identify and characterize malicious network traffic to enhance cybersecurity analysis, situational awareness and security response.

The pilot will use combinations of early versions of Einstein plus new intrusion prevention technologies, as well as technologies developed by the NSA. The pilot will demonstrate the viability of a commercial ISP and a government agency for the US-CERT to apply intrusion detection and prevention technology on that traffic.

Some of the threats the system aims to identify and possibly block are phishing attacks, IP spoofing, botnets, denials of service, distributed denials of service, man-in-the-middle attacks, and other types of malware.

The system will also help support more security data sharing:

The EINSTEIN 3 system will also support enhanced information sharing by US-CERT with federal departments and agencies by giving DHS the ability to automate alerting of detected network intrusion attempts and, when deemed necessary by DHS, to send alerts that do not contain the content of communications to the NSA so that DHS efforts may be supported by NSA exercising its lawfully authorized missions.

Such deep analysts of network traffic by the government will certainly raise privacy concerns. Last summer, the Center for Democracy and Technology (CDT) issued a report that called on the government to release information about the role the NSA will have in building and running Einstein 3. The PIA on Einstein 3 may not answer all of the CDT's questions on privacy, but it's the most detailed information on Einstein 3 I've yet to be able to find.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21513
PUBLISHED: 2021-03-02
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin acces...
CVE-2021-21514
PUBLISHED: 2021-03-02
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.
CVE-2020-25902
PUBLISHED: 2021-03-02
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class.
CVE-2020-1936
PUBLISHED: 2021-03-02
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
CVE-2021-27904
PUBLISHED: 2021-03-02
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.