After reading chapter 1, evaluate the threats of a botnet attack. Your response should be at least 200+ words, and contain at least one external citation and reference in APA format. You are also required to post a response to a minimum of two other stud

profileFAST ANSWERS_PHD
Cyber_Attacks_Chapter01_PowerPoint_Lecture_Slides.pdf

11

Copyright © 2012, Elsevier Inc.

All Rights Reserved

Chapter 1

Introduction

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• National infrastructure – Refers to the complex, underlying delivery and support

systems for all large-scale services considered absolutely essential to a nation

• Conventional approach to cyber security not enough

• New approach needed – Combining best elements of existing security techniques

with challenges that face complex, large-scale national services

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Introduction

3

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.1 – National infrastructure cyber and physical attacks

4

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.2 – Differences between small- and large-scale cyber security

5

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n• Three types of malicious adversaries – External adversary

– Internal adversary

– Supplier adversary

National Cyber Threats, Vulnerabilities, and Attacks

6

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.3 – Adversaries and exploitation points in national

infrastructure

7

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n• Three exploitation points – Remote access

– System administration and normal usage

– Supply chain

National Cyber Threats, Vulnerabilities, and Attacks

8

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n• Infrastructure threatened by most common security concerns:

– Confidentiality

– Integrity

– Availability

– Theft

National Cyber Threats, Vulnerabilities, and Attacks

9

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Botnet Threat

• What is a botnet attack? – The remote collection of compromised end-user machines

(usually broadband-connected PCs) is used to attack a target.

– Sources of attack are scattered and difficult to identify

– Five entities that comprise botnet attack: botnet operator, botnet controller, collection of bots, botnot software drop, botnet target

10

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

• Five entities that comprise botnet attack:

– Botnet operator

– Botnet controller

– Collection of bots

– Botnot software drop

– Botnet target

• Distributed denial of service (DDOS) attack: bots create “cyber traffic jam”

Botnet Threat

11

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.4 – Sample DDOS attack from a botnet

12

National Cyber Security Methodology Components

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n• Ten basic design and operation principles:

– Deception – Discretion

– Separation – Collection

– Diversity – Correlation

– Commonality – Awareness

– Depth – Response

13

• Deliberately introducing misleading functionality or misinformation for the purpose of tricking an adversary – Computer scientists call this functionality a honey pot

• Deception enables forensic analysis of intruder activity

• The acknowledged use of deception may be a deterrent to intruders (every vulnerability may actually be a trap)

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Deception

14

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.5 – Components of an interface with deception

15

• Separation involves enforced access policy restrictions on users and resources in a computing environment

• Most companies use enterprise firewalls, which are complemented by the following:

– Authentication and identity management

– Logical access controls

– LAN controls

– Firewalls

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Separation

16

Fig. 1.6 – Firewall enhancements for national infrastructure

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

17

• Diversity is the principle of using technology and systems that are intentionally different in substantive ways.

• Diversity hard to implement – A single software vendor tends to dominate the PC

operating system business landscape

– Diversity conflicts with organizational goals of simplifying supplier and vendor relationships

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Diversity

18

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.7 – Introducing diversity to national infrastructure

19

• Consistency involves uniform attention to security best practices across national infrastructure components

• Greatest challenge involves auditing

• A national standard is needed

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Commonality

20

• Depth involves using multiple security layers to protect national infrastructure assets

• Defense layers are maximized by using a combination of functional and procedural controls

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Depth

21

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.8 – National infrastructure security through defense in depth

22

• Discretion involves individuals and groups making good decisions to obscure sensitive information about national infrastructure

• This is not the same as “security through obscurity”

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Discretion

23

• Collection involves automated gathering of system- related information about national infrastructure to enable security analysis

• Data is processed by a security information management system.

• Operational challenges – What type of information should be collected?

– How much information should be collected?

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Collection

24

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.9 – Collecting national infrastructure-related security

information

25

• Correlation involves a specific type of analysis that can be performed on factors related to national infrastructure protection – This type of comparison-oriented analysis is indispensable

• Past initiatives included real-time correlation of data at fusion center – Difficult to implement

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Correlation

26

Fig. 1.10 – National infrastructure high- level correlation approach

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

27

• Awareness involves an organization understanding the differences between observed and normal status in national infrastructure

• Most agree on the need for awareness, but how can awareness be achieved?

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Awareness

28

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.11 – Real-time situation awareness process flow

29

• Response involves the assurance that processes are in place to react to any security-related indicator – Indicators should flow from the awareness layer

• Current practice in smaller corporate environments of reducing “false positives” by waiting to confirm disaster is not acceptable for national infrastructure

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Response

30

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Fig. 1.12 – National infrastructure security response approach

31

• Commissions and groups

• Information sharing

• International cooperation

• Technical and operational costs

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 –

In tro

d u c tio

n

Implementing the Principles Nationally