National Program of Depth

saikrishnathota1

ITS834Chapter6Depth.pdf

Home >Computer Science homework help >National Program of Depth

Chapter 6

Depth

Cyber Attacks Protecting National Infrastructure, 1st ed.

• Any layer of defense can fail at any time, thus the introduction of defense in depth

• A series of protective elements is placed between an asset and the adversary

• The intent is to enforce policy across all access points

C hapter 6 –

D epth

Introduction

Fig. 6.1 – General defense in depth schema

C hapter 6 –

D epth

• Quantifying the effectiveness of a layered defense is often difficult

• Effectiveness is best determined by educated guesses • The following are relevant for estimating

effectiveness – Practical experience – Engineering analysis – Use-case studies – Testing and simulation

C hapter 6 –

D epth

Effectiveness of Depth

C hapter 6 –

D epth

Fig. 6.2 – Moderately effective single layer of protection

• When a layer fails, we can conclude it was either flawed or unsuited to the target environment

• No layer is 100% effective—the goal of making layers “highly” effective is more realistic

C hapter 6 –

D epth

Effectiveness of Depth

C hapter 6 –

D epth

Fig. 6.3 – Highly effective single layer of protection

C hapter 6 –

D epth

Fig. 6.4 – Multiple moderately effective layers of protection

• A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security

• Single sign-on (SSO) would accomplish this authentication simplification objective

• However, SSO access needs to be part of a multilayered defense

C hapter 6 –

D epth

Layered Authentication

C hapter 6 –

D epth

Fig. 6.5 – Schema showing two layers of end-user authentication

C hapter 6 –

D epth

Fig. 6.6 – Authentication options including direct mobile access

Layered E-Mail Virus and Spam Protection

• Commercial environments are turning to virtual, in- the-cloud solutions to filter e-mail viruses and spam

• To that security layer is added filtering software on individual computers

• Antivirus software helpful, but useless against certain attacks (like botnet)

C hapter 6 –

D epth

C hapter 6 –

D epth

Fig. 6.7 – Typical architecture with layered e-mail filtering

• Layering access controls increases security • Add to this the limiting of physical access to assets • For national infrastructure, assets should be covered

by as many layers possible – Network-based firewalls – Internal firewalls – Physical security

C hapter 6 –

D epth

Layered Access Controls

Fig. 6.8 – Three layers of protection using firewall and access controls

C hapter 6 –

D epth

• Five encryption methods for national infrastructure protection – Mobile device storage – Network transmission – Secure commerce – Application strengthening – Server and mainframe data storage

C hapter 6 –

D epth

Layered Encryption

C hapter 6 –

D epth

Fig. 6.9 – Multple layers of encryption

• The promise of layered intrusion detection has not been fully realized, though it is useful

• The inclusion of intrusion response makes the layered approach more complex

• There are three opportunities for different intrusion detection systems to provide layered protection – In-band detection – Out-of-band correlation – Signature sharing

C hapter 6 –

D epth

Layered Intrusion Detection

C hapter 6 –

D epth

Fig. 6.10 – Sharing intrusion detection information between systems

• Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems – Identifying assets – Subjective estimations – Obtaining proprietary information – Identifying all possible access paths

C hapter 6 –

D epth

National Program of Depth