Cyber Attacks Protecting National Infrastructure
1
Copyright © 2012, Elsevier Inc.
All Rights Reserved
Chapter 6
Depth
Cyber Attacks Protecting National Infrastructure, 1st ed.
2
• Any layer of defense can fail at any time, thus the introduction of defense in depth
• A series of protective elements is placed between an asset and the adversary
• The intent is to enforce policy across all access points
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Introduction
3
Fig. 6.1 – General defense in depth schema
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
4
• Quantifying the effectiveness of a layered defense is often difficult
• Effectiveness is best determined by educated guesses
• The following are relevant for estimating effectiveness – Practical experience
– Engineering analysis
– Use-case studies
– Testing and simulation
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Effectiveness of Depth
5
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.2 – Moderately effective single layer of protection
6
• When a layer fails, we can conclude it was either flawed or unsuited to the target environment
• No layer is 100% effective—the goal of making layers “highly” effective is more realistic
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Effectiveness of Depth
7
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.3 – Highly effective single layer of protection
8
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.4 – Multiple moderately effective layers of protection
9
• A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security
• Single sign-on (SSO) would accomplish this authentication simplification objective
• However, SSO access needs to be part of a multilayered defense
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Layered Authentication
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.5 – Schema showing two layers of end-user authentication
11
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.6 – Authentication options including direct mobile access
12
Layered E-Mail Virus and Spam Protection
• Commercial environments are turning to virtual, in- the-cloud solutions to filter e-mail viruses and spam
• To that security layer is added filtering software on individual computers
• Antivirus software helpful, but useless against certain attacks (like botnet)
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
13
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.7 – Typical architecture with layered e-mail filtering
14
• Layering access controls increases security
• Add to this the limiting of physical access to assets
• For national infrastructure, assets should be covered by as many layers possible – Network-based firewalls
– Internal firewalls
– Physical security
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Layered Access Controls
15
Fig. 6.8 – Three layers of protection using firewall and access controls
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
16
• Five encryption methods for national infrastructure protection – Mobile device storage
– Network transmission
– Secure commerce
– Application strengthening
– Server and mainframe data storage
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Layered Encryption
17
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.9 – Multple layers of encryption
18
• The promise of layered intrusion detection has not been fully realized, though it is useful
• The inclusion of intrusion response makes the layered approach more complex
• There are three opportunities for different intrusion detection systems to provide layered protection – In-band detection
– Out-of-band correlation
– Signature sharing
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Layered Intrusion Detection
19
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.10 – Sharing intrusion detection information between systems
20
• Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems – Identifying assets
– Subjective estimations
– Obtaining proprietary information
– Identifying all possible access paths
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
National Program of Depth
The post Cyber Attacks Protecting National Infrastructure appeared first on graduatepaperhelp.
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"