Annotated Bibliography

sahana

Cyber_Attacks_Chapter04.pdf

Home >Computer Science homework help >Annotated Bibliography

Chapter 4

Diversity

Cyber Attacks Protecting National Infrastructure, 1st ed.

C h a p te

r 4 –

D iv

e rs

ity

Introduction

• The securing any set of national assets should include a diversity strategy

• The deliberate introduction of diversity into national infrastructure to increase security has not been well explored

• Two system are considered diverse if their key attributes differ

• Diversity bucks the trend to standardize assets for efficiency's sake

Fig. 4.1 – Diverse and nondiverse components through attribute

differences

C h a p te

r 4 –

D iv

e rs

ity

C h a p te

r 4 –

D iv

e rs

ity

Diversity and Worm Propagation

• Worm propagation is an example of an attack that relies on a nondiverse target environment

• Worm functionality in three steps: – Step #1: Find a target system on the network for

propagation of worm program

– Step #2: Copy program to that system

– Step #3: Remotely execute program

– Repeat

• Diversity may be expensive to introduce, but saves money on response costs in the long run

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.2 – Mitigating worm activity through diversity

C h a p te

r 4 –

D iv

e rs

ity

Desktop Computer System Diversity

• Most individual computers run the same operating system software on a standard processor platform and browse the Internet through one or two popular search engines with the one of only a couple browsers

• The typical configuration is a PC running Windows on an Intel platform, browsing the Internet with Internet Explorer, searching with Google

• This makes the average home PC user a highly predictable target

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.3 – Typical PC configuration showing diversity

C h a p te

r 4 –

D iv

e rs

ity

Desktop Computer System Diversity

• Three Considerations – Platform costs

– Application interoperability

– Support and training

• Ultimate solution for making desktops more secure involves their removal – Not a practical solution

• Cloud computing may offer home PC users a diverse, protected environment

C h a p te

r 4 –

D iv

e rs

ity

Diversity Paradox of Cloud Computing

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.4 – Spectrum of desktop diversity options

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.5 – Diversity and attack difficulty with option of removal

• Modern telecommunications consist of the following two types of technologies – Circuit-switched

– Packet-switched

• When compared to one another, these two technologies automatically provide diversity

• Diversity may not always be a feasible goal – Maximizing diversity may defend against large-scale

attacks, but one must also look closely at the entire architecture

C h a p te

r 4 –

D iv

e rs

ity

Network Technology Diversity

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.6 – Worm nonpropagation benefit from diverse telecommunications

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.7 – Potential for impact propagation over shared fiber

• Any essential computing or networking asset that serves a critical function must include physical distribution to increase survivability

• Physical diversity has been part of the national asset system for years – Backup center diversity

– Supplier/vendor diversity

– Network route diversity

C h a p te

r 4 –

D iv

e rs

ity

Physical Diversity

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.8 – Diverse hubs in satellite SCADA configurations

• A national diversity program would coordinate between companies and government agencies – Critical path analysis

– Cascade modeling

– Procurement discipline

C h a p te

r 4 –

D iv

e rs

ity

National Diversity Program