National Program of Depth
saikrishnathota1Cyber Attacks
Protecting National Infrastructure, 1st ed.
Chapter 6
Depth
Copyright © 2012, Elsevier Inc.
All Rights Reserved 1
Introduction
- Anylayerofdefensecanfailatanytime,thusthe
introduction of defense in depth - Aseriesofprotectiveelementsisplacedbetweenan
asset and the adversary - Theintentistoenforcepolicyacrossallaccesspoints
Copyright © 2012, Elsevier Inc.
All rights Reserved 2
Chapter 6 – Depth
Fig. 6.1 – General defense in depth schema
Copyright © 2012, Elsevier Inc.
All rights Reserved 3
Chapter 6 – Depth
Effectiveness of Depth
- Quantifyingtheeffectivenessofalayereddefenseis often difficult
- Effectivenessisbestdeterminedbyeducatedguesses
- Thefollowingarerelevantforestimating
effectiveness
– Practical experience
– Engineering analysis
– Use-case studies
– Testing and simulation
Copyright © 2012, Elsevier Inc.
All rights Reserved 4
Chapter 6 – Depth
Fig. 6.2 – Moderately effective single layer of protection
Copyright © 2012, Elsevier Inc.
All rights Reserved 5
Chapter 6 – Depth
Effectiveness of Depth
• Whenalayerfails,wecanconcludeitwaseither
flawed or unsuited to the target environment
• Nolayeris100%effective—thegoalofmakinglayers “highly” effective is more realistic
Copyright © 2012, Elsevier Inc.
All rights Reserved 6
Chapter 6 – Depth
Fig. 6.3 – Highly effective single layer of protection
Copyright © 2012, Elsevier Inc.
All rights Reserved 7
Chapter 6 – Depth
Fig. 6.4 – Multiple moderately effective layers of protection
Copyright © 2012, Elsevier Inc.
All rights Reserved 8
Chapter 6 – Depth
Layered Authentication
- Anationalauthenticationsystemforeverycitizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security
- Singlesign-on(SSO)wouldaccomplishthis authentication simplification objective
- However,SSOaccessneedstobepartofa multilayered defense
Copyright © 2012, Elsevier Inc.
All rights Reserved 9
Chapter 6 – Depth
Fig. 6.5 – Schema showing two layers of end-user authentication
Copyright © 2012, Elsevier Inc.
All rights Reserved 10
Chapter 6 – Depth
Fig. 6.6 – Authentication options including direct mobile access
Copyright © 2012, Elsevier Inc.
All rights Reserved 11
Chapter 6 – Depth
Layered E-Mail Virus and Spam Protection
- Commercialenvironmentsareturningtovirtual,in- the-cloud solutions to filter e-mail viruses and spam
- Tothatsecuritylayerisaddedfilteringsoftwareon individual computers
- Antivirussoftwarehelpful,butuselessagainstcertain attacks (like botnet)
Copyright © 2012, Elsevier Inc.
All rights Reserved 12
Chapter 6 – Depth
Fig. 6.7 – Typical architecture with layered e-mail filtering
Copyright © 2012, Elsevier Inc.
All rights Reserved 13
Chapter 6 – Depth
Layered Access Controls
• Layeringaccesscontrolsincreasessecurity
• Addtothisthelimitingofphysicalaccesstoassets
• Fornationalinfrastructure,assetsshouldbecovered by as many layers possible
– Network-based firewalls – Internal firewalls
– Physical security
Copyright © 2012, Elsevier Inc.
All rights Reserved 14
Chapter 6 – Depth
Fig. 6.8 – Three layers of protection using firewall and access controls
Copyright © 2012, Elsevier Inc.
All rights Reserved 15
Chapter 6 – Depth
Layered Encryption
• Fiveencryptionmethodsfornationalinfrastructure protection
– Mobile device storage – Network transmission
– Secure commerce
– Application strengthening
– Server and mainframe data storage
Copyright © 2012, Elsevier Inc.
All rights Reserved 16
Chapter 6 – Depth
Fig. 6.9 – Multple layers of encryption
Copyright © 2012, Elsevier Inc.
All rights Reserved 17
Chapter 6 – Depth
Layered Intrusion Detection
- Thepromiseoflayeredintrusiondetectionhasnot been fully realized, though it is useful
- Theinclusionofintrusionresponsemakesthe layered approach more complex
- Therearethreeopportunitiesfordifferentintrusion detection systems to provide layered protection
– In-band detection
– Out-of-band correlation – Signature sharing
Copyright © 2012, Elsevier Inc.
All rights Reserved 18
Chapter 6 – Depth
Fig. 6.10 – Sharing intrusion detection information between systems
Copyright © 2012, Elsevier Inc.
All rights Reserved 19
Chapter 6 – Depth
National Program of Depth
• Developingamultilayereddefensefornational infrastructure would require a careful architectural analysis of all assets and protection systems
– Identifying assets
– Subjective estimations
– Obtaining proprietary information – Identifying all possible access paths
Copyright © 2012, Elsevier Inc.
All rights Reserved 20
Chapter 6 – Depth
7 years ago
10
- critique need it in 3 hours
- EDU 671 Week 2 Assignment ( Literature Review Matrix ) ~ ( Latest Syllabus - Perfect Tutorial - Scored 100% )
- Financial analysis (ultimate_writer)
- ABC has many bonds trading on the NYSW. Suppose ABC’s bonds have identical coupon rates of 8.75%
- Deleted
- View the following chart, and discuss the ethical implications of these facts. Is hypocrisy involved? Economic interest considerations? Your view.
- Reflection paper,Environment and Religion class. "Book reading"
- Write an essay consisting of at least 500 words addressing all of the following topics (a through f):
- CIS
- JAVA NOW!!
