cyber security

*

Copyright © 2012, Elsevier Inc. All Rights Reserved

Chapter 6

Depth

Cyber Attacks

Protecting National Infrastructure, 1st ed.

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

• Any layer of defense can fail at any time, thus the introduction of defense in depth
• A series of protective elements is placed between an asset and the adversary
• The intent is to enforce policy across all access points

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Introduction

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Fig. 6.1 – General defense in depth schema

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

*

• Quantifying the effectiveness of a layered defense is often difficult
• Effectiveness is best determined by educated guesses
• The following are relevant for estimating effectiveness
• Practical experience
• Engineering analysis
• Use-case studies
• Testing and simulation

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Effectiveness of Depth

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Fig. 6.2 – Moderately effective single layer of protection

*

• When a layer fails, we can conclude it was either flawed or unsuited to the target environment
• No layer is 100% effective—the goal of making layers “highly” effective is more realistic

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Effectiveness of Depth

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Fig. 6.3 – Highly effective single layer of protection

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Fig. 6.4 – Multiple moderately effective layers of protection

*

• A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security
• Single sign-on (SSO) would accomplish this authentication simplification objective
• However, SSO access needs to be part of a multilayered defense

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Layered Authentication

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Fig. 6.5 – Schema showing two layers of end-user authentication

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Fig. 6.6 – Authentication options including direct mobile access

*

Layered E-Mail Virus and Spam Protection

• Commercial environments are turning to virtual, in-the-cloud solutions to filter e-mail viruses and spam
• To that security layer is added filtering software on individual computers
• Antivirus software helpful, but useless against certain attacks (like botnet)

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Fig. 6.7 – Typical architecture with layered e-mail filtering

*

• Layering access controls increases security
• Add to this the limiting of physical access to assets
• For national infrastructure, assets should be covered by as many layers possible
• Network-based firewalls
• Internal firewalls
• Physical security

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Layered Access Controls

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Fig. 6.8 – Three layers of protection using firewall and access controls

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

*

• Five encryption methods for national infrastructure protection
• Mobile device storage
• Network transmission
• Secure commerce
• Application strengthening
• Server and mainframe data storage

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Layered Encryption

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Fig. 6.9 – Multple layers of encryption

*

• The promise of layered intrusion detection has not been fully realized, though it is useful
• The inclusion of intrusion response makes the layered approach more complex
• There are three opportunities for different intrusion detection systems to provide layered protection
• In-band detection
• Out-of-band correlation
• Signature sharing

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Layered Intrusion Detection

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

Fig. 6.10 – Sharing intrusion detection information between systems

*

• Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems
• Identifying assets
• Subjective estimations
• Obtaining proprietary information
• Identifying all possible access paths

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 6 – Depth

National Program of Depth

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer