National Program of Depth

by | Jun 17, 2020 | Uncategorized

  

Cyber Attacks
Protecting National Infrastructure, 1st ed.

Chapter 6
Depth

Copyright © 2012, Elsevier Inc.

All Rights Reserved 1

Introduction

Anylayerofdefensecanfailatanytime,thusthe

introduction of defense in depth
Aseriesofprotectiveelementsisplacedbetweenan

asset and the adversary
Theintentistoenforcepolicyacrossallaccesspoints

Copyright © 2012, Elsevier Inc.

All rights Reserved 2

Chapter 6 – Depth

Fig. 6.1 – General defense in depth schema

Copyright © 2012, Elsevier Inc.

All rights Reserved 3

Chapter 6 – Depth

Effectiveness of Depth

Quantifyingtheeffectivenessofalayereddefenseis often difficult
Effectivenessisbestdeterminedbyeducatedguesses
Thefollowingarerelevantforestimating

effectiveness

– Practical experience

– Engineering analysis

– Use-case studies

– Testing and simulation

Copyright © 2012, Elsevier Inc.

All rights Reserved 4

Chapter 6 – Depth

Fig. 6.2 – Moderately effective single layer of protection

Copyright © 2012, Elsevier Inc.

All rights Reserved 5

Chapter 6 – Depth

Effectiveness of Depth

• Whenalayerfails,wecanconcludeitwaseither
flawed or unsuited to the target environment
• Nolayeris100%effective—thegoalofmakinglayers “highly” effective is more realistic

Copyright © 2012, Elsevier Inc.

All rights Reserved 6

Chapter 6 – Depth

Fig. 6.3 – Highly effective single layer of protection

Copyright © 2012, Elsevier Inc.

All rights Reserved 7

Chapter 6 – Depth

Fig. 6.4 – Multiple moderately effective layers of protection

Copyright © 2012, Elsevier Inc.

All rights Reserved 8

Chapter 6 – Depth

Layered Authentication

Anationalauthenticationsystemforeverycitizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security
Singlesign-on(SSO)wouldaccomplishthis authentication simplification objective
However,SSOaccessneedstobepartofa multilayered defense

Copyright © 2012, Elsevier Inc.

All rights Reserved 9

Chapter 6 – Depth

Fig. 6.5 – Schema showing two layers of end-user authentication

Copyright © 2012, Elsevier Inc.

All rights Reserved 10

Chapter 6 – Depth

Fig. 6.6 – Authentication options including direct mobile access

Copyright © 2012, Elsevier Inc.

All rights Reserved 11

Chapter 6 – Depth

Layered E-Mail Virus and Spam Protection

Commercialenvironmentsareturningtovirtual,in- the-cloud solutions to filter e-mail viruses and spam
Tothatsecuritylayerisaddedfilteringsoftwareon individual computers
Antivirussoftwarehelpful,butuselessagainstcertain attacks (like botnet)

Copyright © 2012, Elsevier Inc.

All rights Reserved 12

Chapter 6 – Depth

Fig. 6.7 – Typical architecture with layered e-mail filtering

Copyright © 2012, Elsevier Inc.

All rights Reserved 13

Chapter 6 – Depth

Layered Access Controls
• Layeringaccesscontrolsincreasessecurity
• Addtothisthelimitingofphysicalaccesstoassets
• Fornationalinfrastructure,assetsshouldbecovered by as many layers possible
– Network-based firewalls – Internal firewalls

– Physical security

Copyright © 2012, Elsevier Inc.

All rights Reserved 14

Chapter 6 – Depth

Fig. 6.8 – Three layers of protection using firewall and access controls

Copyright © 2012, Elsevier Inc.

All rights Reserved 15

Chapter 6 – Depth

Layered Encryption
• Fiveencryptionmethodsfornationalinfrastructure protection
– Mobile device storage – Network transmission
– Secure commerce

– Application strengthening

– Server and mainframe data storage

Copyright © 2012, Elsevier Inc.

All rights Reserved 16

Chapter 6 – Depth

Fig. 6.9 – Multple layers of encryption

Copyright © 2012, Elsevier Inc.

All rights Reserved 17

Chapter 6 – Depth

Layered Intrusion Detection

Thepromiseoflayeredintrusiondetectionhasnot been fully realized, though it is useful
Theinclusionofintrusionresponsemakesthe layered approach more complex
Therearethreeopportunitiesfordifferentintrusion detection systems to provide layered protection

– In-band detection

– Out-of-band correlation – Signature sharing

Copyright © 2012, Elsevier Inc.

All rights Reserved 18

Chapter 6 – Depth

Fig. 6.10 – Sharing intrusion detection information between systems

Copyright © 2012, Elsevier Inc.

All rights Reserved 19

Chapter 6 – Depth

National Program of Depth
• Developingamultilayereddefensefornational infrastructure would require a careful architectural analysis of all assets and protection systems
– Identifying assets

– Subjective estimations

– Obtaining proprietary information – Identifying all possible access paths

Copyright © 2012, Elsevier Inc.

All rights Reserved 20

Chapter 6 – Depth

  

Why work with us?

Authenticity:

All of our papers are authentic, as each paper of ours is composed according to your unique requirements. Confidentiality: We value you data. Our company is extremely efficient in guarding the privacy of our clients. 100% Money Back Guarantee: In the event you cancel your order, you get your money back as soon as possible, we give a 100% refund. 24/7 Support: Our team members are available via email, live chat, and phone. Revision Policy: You can apply for a revision if you think your paper could be better. In this case, your paper will be revised either by the specialist assigned to you or by another writer.

How the Platform Works

  • Click on 'Place Your Order' tab on the menu or click on 'Order Now' tab at the bottom and a new order page will appear
  • Fill in your requirements depending on your needs under the 'PAPER DETAILS' area
  • In the next section, fill in the academic level, required number of pages, paper deadline as provided in the drop-down menus.
  • To enter your registration details, click on 'CREATE ACCOUNT & SIGN IN'. This step allows you to create an account with us for purposes of record-keeping. Click on 'PROCEED TO CHECK OUT' at the bottom of the page
  • The next section requires you to fill in the payment details. Follow the guided process and soon your order will be available for our team to work on.