Practical Reflection

Buddhaland

Chapter03_Lecture_Separation.pdf

Home >Computer Science homework help >Practical Reflection

Chapter 3

Separation

Cyber Attacks Protecting National Infrastructure, 1st ed.

• Using a firewall to separate network assets from intruders is the most familiar approach in cyber security

• Networks and systems associated with national infrastructure assets tend to be too complex for firewalls to be effective

C h a p te

r 3 –

S e p a ra

tio n

Introduction

• Three new approaches to the use of firewalls are necessary to achieve optimal separation – Network-based separation

– Internal separation

– Tailored separation

C h a p te

r 3 –

S e p a ra

tio n

Introduction

Fig. 3.1 – Firewalls in simple and complex networks

C h a p te

r 3 –

S e p a ra

tio n

• Separation is a technique that accomplishes one of the following – Adversary separation

– Component distribution

C h a p te

r 3 –

S e p a ra

tio n

What Is Separation?

• A working taxonomy of separation techniques: Three primary factors involved in the use of separation – The source of the threat

– The target of the security control

– The approach used in the security control

(See figure 3.2)

C h a p te

r 3 –

S e p a ra

tio n

What Is Separation?

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.2 – Taxonomy of separation techniques

• Separation is commonly achieved using an access control mechanism with requisite authentication and identity management

• An access policy identifies desired allowances for users requesting to perform actions on system entities

• Two approaches – Distributed responsibility

– Centralized control

– (Both will be required)

C h a p te

r 3 –

S e p a ra

tio n

Functional Separation?

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.3 – Distributed versus centralized mediation

• Firewalls are placed between a system or enterprise and an un-trusted network (say, the Internet)

• Two possibilities arise – Coverage: The firewall might not cover all paths

– Accuracy: The firewall may be forced to allow access that inadvertently opens access to other protected assets

C h a p te

r 3 –

S e p a ra

tio n

National Infrastructure Firewalls

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.4 – Wide area firewall aggregation and local area firewall

segregation

• Increased wireless connectivity is a major challenge to national infrastructure security

• Network service providers offer advantages to centralized security – Vantage point: Network service providers can see a lot

– Operations: Network providers have operational capacity to keep security software current

– Investment: Network service providers have the financial wherewithal and motivation to invest in security

C h a p te

r 3 –

S e p a ra

tio n

National Infrastructure Firewalls

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.5 – Carrier-centric network-based firewall

• Network-based firewall concept includes device for throttling distributed denial of service (DDOS) attacks

• Called a DDOS filter

• Modern DDOS attacks take into account a more advanced filtering system

C h a p te

r 3 –

S e p a ra

tio n

DDOS Filtering

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.6 – DDOS filtering of inbound attacks on target assets

• SCADA – Supervisory control and data acquisition

• SCADA systems – A set of software, computer, and networks that provide remote coordination of control system for tangible infrastructures

• Structure includes the following – Human-machine interface (HMI)

– Master terminal unit (MTU)

– Remote terminal unit (RTU)

– Field control systems

C h a p te

r 3 –

S e p a ra

tio n

SCADA Separation Architecture

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.7 – Recommended SCADA system firewall architecture

• Why not simply unplug a system’s external connections? (Called air gapping)

• As systems and networks grow more complex, it becomes more likely that unknown or unauthorized external connections will arise

• Basic principles for truly air-gapped networks: – Clear policy

– Boundary scanning

– Violation consequences

– Reasonable alternatives

C h a p te

r 3 –

S e p a ra

tio n

Physical Separation

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.8 – Bridging an isolated network via a dual-homing user

• Hard to defend against a determined insider

• Threats may also come from trusted partners

• Background checks are a start

• Techniques for countering insider attack – Internal firewalls

– Deceptive honey pots

– Enforcement of data markings

– Data leakage protection (DLP) systems

• Segregation of duties offers another layer of protection

C h a p te

r 3 –

S e p a ra

tio n

Insider Separation

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.9 – Decomposing work functions for segregation of duty

• Involves the distribution, replication, decomposition, or segregation of national assets – Distribution: creating functionality using multiple

cooperating components that work together as distributed system

– Replication: copying assets across components so if one asset is broken, the copy will be available

– Decomposition: breaking complex assets into individual components so an isolated compromise won’t bring down asset

– Segregation: separation of assets through special access controls, data markings, and policy enforcement

C h a p te

r 3 –

S e p a ra

tio n

Asset Separation

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.10 – Reducing DDOS risk through CDN-hosted content

• Typically, mandatory access controls and audit trail hooks were embedded into the underlying operating system kernel

• Popular in the 1980s and 1990s

C h a p te

r 3 –

S e p a ra

tio n

Multilevel Security (MLS)

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.11 – Using MLS logical separation to protect assets

• Internet separation: Certain assets simply shouldn’t be accessible from the Internet

• Network-based firewalls: These should be managed by a centralized group

• DDOS protection: All assets should have protection in place before an attack

• Internal separation: Critical national infrastructure settings need an incentive to implement internal separation policy

• Tailoring requirements: Vendors should be incentivized to build tailored systems such as firewalls for special SCADA environments

C h a p te

r 3 –

S e p a ra

tio n

National Separation Program