SlideShare a Scribd company logo

Cyber AttacksProtecting National Infrastructure, 1st ed.Ch.docx

Download as DOCX, PDF
D
dorishigh

Cyber Attacks Protecting National Infrastructure, 1st ed. Chapter 6 Depth Copyright © 2012, Elsevier Inc. All Rights Reserved 1 Introduction Anylayerofdefensecanfailatanytime,thusthe introduction of defense in depth Aseriesofprotectiveelementsisplacedbetweenan asset and the adversary Theintentistoenforcepolicyacrossallaccesspoints Copyright © 2012, Elsevier Inc. All rights Reserved 2 Chapter 6 – Depth Fig. 6.1 – General defense in depth schema Copyright © 2012, Elsevier Inc. All rights Reserved 3 Chapter 6 – Depth Effectiveness of Depth Quantifyingtheeffectivenessofalayereddefenseis often difficult Effectivenessisbestdeterminedbyeducatedguesses Thefollowingarerelevantforestimating effectiveness – Practical experience – Engineering analysis – Use-case studies – Testing and simulation Copyright © 2012, Elsevier Inc. All rights Reserved 4 Chapter 6 – Depth Fig. 6.2 – Moderately effective single layer of protection Copyright © 2012, Elsevier Inc. All rights Reserved 5 Chapter 6 – Depth Effectiveness of Depth • Whenalayerfails,wecanconcludeitwaseither flawed or unsuited to the target environment • Nolayeris100%effective—thegoalofmakinglayers “highly” effective is more realistic Copyright © 2012, Elsevier Inc. All rights Reserved 6 Chapter 6 – Depth Fig. 6.3 – Highly effective single layer of protection Copyright © 2012, Elsevier Inc. All rights Reserved 7 Chapter 6 – Depth Fig. 6.4 – Multiple moderately effective layers of protection Copyright © 2012, Elsevier Inc. All rights Reserved 8 Chapter 6 – Depth Layered Authentication Anationalauthenticationsystemforeverycitizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security Singlesign-on(SSO)wouldaccomplishthis authentication simplification objective However,SSOaccessneedstobepartofa multilayered defense Copyright © 2012, Elsevier Inc. All rights Reserved 9 Chapter 6 – Depth Fig. 6.5 – Schema showing two layers of end-user authentication Copyright © 2012, Elsevier Inc. All rights Reserved 10 Chapter 6 – Depth Fig. 6.6 – Authentication options including direct mobile access Copyright © 2012, Elsevier Inc. All rights Reserved 11 Chapter 6 – Depth Layered E-Mail Virus and Spam Protection Commercialenvironmentsareturningtovirtual,in- the-cloud solutions to filter e-mail viruses and spam Tothatsecuritylayerisaddedfilteringsoftwareon individual computers Antivirussoftwarehelpful,butuselessagainstcertain attacks (like botnet) Copyright © 2012, Elsevier Inc. All rights Reserved 12 Chapter 6 – Depth Fig. 6.7 – Typical architecture with layered e-mail filtering Copyright © 2012, Elsevier Inc. All rights Reserved 13 Chapter 6 – Depth Layered Access Controls • Layeringaccesscontrolsincreasessecurity • Addtothisthelimitingofphysicalaccesstoassets • Fornationalinfrastructure,assetsshouldbecovered by as many l.

Education
1 of 11
Cyber Attacks Protecting National Infrastructure, 1st ed. Chapter 6 Depth Copyright © 2012, Elsevier Inc. All Rights Reserved 1 Introduction Anylayerofdefensecanfailatanytime,thusthe introduction of defense in depth Aseriesofprotectiveelementsisplacedbetweenan asset and the adversary Theintentistoenforcepolicyacrossallaccesspoints Copyright © 2012, Elsevier Inc.
All rights Reserved 2 Chapter 6 – Depth Fig. 6.1 – General defense in depth schema Copyright © 2012, Elsevier Inc. All rights Reserved 3 Chapter 6 – Depth Effectiveness of Depth Quantifyingtheeffectivenessofalayereddefenseis often difficult Effectivenessisbestdeterminedbyeducatedguesses Thefollowingarerelevantforestimating effectiveness – Practical experience – Engineering analysis
– Use-case studies – Testing and simulation Copyright © 2012, Elsevier Inc. All rights Reserved 4 Chapter 6 – Depth Fig. 6.2 – Moderately effective single layer of protection Copyright © 2012, Elsevier Inc. All rights Reserved 5 Chapter 6 – Depth Effectiveness of Depth • Whenalayerfails,wecanconcludeitwaseither flawed or unsuited
to the target environment • Nolayeris100%effective—thegoalofmakinglayers “highly” effective is more realistic Copyright © 2012, Elsevier Inc. All rights Reserved 6 Chapter 6 – Depth Fig. 6.3 – Highly effective single layer of protection Copyright © 2012, Elsevier Inc. All rights Reserved 7 Chapter 6 – Depth Fig. 6.4 – Multiple moderately effective layers of protection Copyright © 2012, Elsevier Inc. All rights Reserved
8 Chapter 6 – Depth Layered Authentication Anationalauthenticationsystemforeverycitizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security Singlesign-on(SSO)wouldaccomplishthis authentication simplification objective However,SSOaccessneedstobepartofa multilayered defense Copyright © 2012, Elsevier Inc. All rights Reserved 9 Chapter 6 – Depth Fig. 6.5 – Schema showing two layers of end-user authentication Copyright © 2012, Elsevier Inc.
All rights Reserved 10 Chapter 6 – Depth Fig. 6.6 – Authentication options including direct mobile access Copyright © 2012, Elsevier Inc. All rights Reserved 11 Chapter 6 – Depth Layered E-Mail Virus and Spam Protection Commercialenvironmentsareturningtovirtual,in- the-cloud solutions to filter e-mail viruses and spam Tothatsecuritylayerisaddedfilteringsoftwareon individual computers Antivirussoftwarehelpful,butuselessagainstcertain attacks (like botnet) Copyright © 2012, Elsevier Inc.
All rights Reserved 12 Chapter 6 – Depth Fig. 6.7 – Typical architecture with layered e-mail filtering Copyright © 2012, Elsevier Inc. All rights Reserved 13 Chapter 6 – Depth Layered Access Controls • Layeringaccesscontrolsincreasessecurity • Addtothisthelimitingofphysicalaccesstoassets • Fornationalinfrastructure,assetsshouldbecovered by as many layers possible – Network-based firewalls – Internal firewalls – Physical security
Copyright © 2012, Elsevier Inc. All rights Reserved 14 Chapter 6 – Depth Fig. 6.8 – Three layers of protection using firewall and access controls Copyright © 2012, Elsevier Inc. All rights Reserved 15 Chapter 6 – Depth Layered Encryption • Fiveencryptionmethodsfornationalinfrastructure protection – Mobile device storage – Network transmission – Secure commerce – Application strengthening – Server and mainframe data storage
Copyright © 2012, Elsevier Inc. All rights Reserved 16 Chapter 6 – Depth Fig. 6.9 – Multple layers of encryption Copyright © 2012, Elsevier Inc. All rights Reserved 17 Chapter 6 – Depth Layered Intrusion Detection Thepromiseoflayeredintrusiondetectionhasnot been fully realized, though it is useful Theinclusionofintrusionresponsemakesthe layered approach more complex Therearethreeopportunitiesfordifferentintrusion detection systems to provide layered protection
– In-band detection – Out-of-band correlation – Signature sharing Copyright © 2012, Elsevier Inc. All rights Reserved 18 Chapter 6 – Depth Fig. 6.10 – Sharing intrusion detection information between systems Copyright © 2012, Elsevier Inc. All rights Reserved 19 Chapter 6 – Depth National Program of Depth • Developingamultilayereddefensefornational infrastructure would require a careful architectural analysis of all assets and protection systems
– Identifying assets – Subjective estimations – Obtaining proprietary information – Identifying all possible access paths Copyright © 2012, Elsevier Inc. All rights Reserved 20 Chapter 6 – Depth

Recommended

Copyright © 2012, Elsevier Inc. All Rights ReservedCh.docx
Copyright © 2012, Elsevier Inc. All Rights ReservedCh.docxCopyright © 2012, Elsevier Inc. All Rights ReservedCh.docx
Copyright © 2012, Elsevier Inc. All Rights ReservedCh.docxbobbywlane695641
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxwoodruffeloisa
 
1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx
1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx
1Running head SHORTENED VERSION OF TITLE8SHORTENE.docxjesusamckone
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JSFestUA
 
Deterring hacking strategies via
Deterring hacking strategies viaDeterring hacking strategies via
Deterring hacking strategies viaIJNSA Journal
 
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESDETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESIJNSA Journal
 
Cyber security innovation_imho v4
Cyber security innovation_imho v4Cyber security innovation_imho v4
Cyber security innovation_imho v4W Fred Seigneur
 

Recommended

Copyright © 2012, Elsevier Inc. All Rights ReservedCh.docx
Copyright © 2012, Elsevier Inc. All Rights ReservedCh.docxCopyright © 2012, Elsevier Inc. All Rights ReservedCh.docx
Copyright © 2012, Elsevier Inc. All Rights ReservedCh.docxbobbywlane695641
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxwoodruffeloisa
 
1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx
1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx
1Running head SHORTENED VERSION OF TITLE8SHORTENE.docxjesusamckone
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...
JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...JSFestUA
 
Deterring hacking strategies via
Deterring hacking strategies viaDeterring hacking strategies via
Deterring hacking strategies viaIJNSA Journal
 
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESDETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIES
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESIJNSA Journal
 
Cyber security innovation_imho v4
Cyber security innovation_imho v4Cyber security innovation_imho v4
Cyber security innovation_imho v4W Fred Seigneur
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-WilheminaRossi174
 
Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxCopyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxbobbywlane695641
 
Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxCopyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxdickonsondorris
 
Portfolio security, analytics and forensic blue coat
Portfolio security, analytics and forensic blue coatPortfolio security, analytics and forensic blue coat
Portfolio security, analytics and forensic blue coatRonaldo Cesar Espíndola Ferreira
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the ThreatIBM Security
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137Spiros Fraganastasis
 
Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the CloudSVForum Cloud SIG
 
Cyber security innovation imho v5
Cyber security innovation imho v5Cyber security innovation imho v5
Cyber security innovation imho v5W Fred Seigneur
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Processphanleson
 
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docxoswald1horne84988
 
Challenges2013
Challenges2013Challenges2013
Challenges2013Lancope, Inc.
 
Application Security
Application SecurityApplication Security
Application SecurityMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
OWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsOWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsIRJET Journal
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...IBM Security
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. Dscoopnewsgroup
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Cyber War versus Cyber Realities Cyber War v.docx
Cyber War versus Cyber Realities Cyber War v.docxCyber War versus Cyber Realities Cyber War v.docx
Cyber War versus Cyber Realities Cyber War v.docxdorishigh
 
Cyber terrorism, by definition, is the politically motivated use.docx
Cyber terrorism, by definition, is the politically motivated use.docxCyber terrorism, by definition, is the politically motivated use.docx
Cyber terrorism, by definition, is the politically motivated use.docxdorishigh
 

More Related Content

Similar to Cyber AttacksProtecting National Infrastructure, 1st ed.Ch.docx

Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-WilheminaRossi174
 
Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxCopyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxbobbywlane695641
 
Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxCopyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxdickonsondorris
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the ThreatIBM Security
 
Cyber security innovation imho v5
Cyber security innovation imho v5Cyber security innovation imho v5
Cyber security innovation imho v5W Fred Seigneur
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Processphanleson
 
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docxoswald1horne84988
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
OWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsOWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsIRJET Journal
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...IBM Security
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. Dscoopnewsgroup
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 

Similar to Cyber AttacksProtecting National Infrastructure, 1st ed.Ch.docx (20)

Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
 
Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxCopyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
 
Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docxCopyright © 2012, Elsevier Inc. All Rights Reserved.docx
Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
 
Portfolio security, analytics and forensic blue coat
Portfolio security, analytics and forensic blue coatPortfolio security, analytics and forensic blue coat
Portfolio security, analytics and forensic blue coat
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
 
Beating ips 34137
Beating ips 34137Beating ips 34137
Beating ips 34137
 
Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the Cloud
 
Cyber security innovation imho v5
Cyber security innovation imho v5Cyber security innovation imho v5
Cyber security innovation imho v5
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Application Security
Application SecurityApplication Security
Application Security
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
OWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention MethodsOWASP Top 10 Web Attacks (2017) with Prevention Methods
OWASP Top 10 Web Attacks (2017) with Prevention Methods
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
Stopping Advanced Attacks on their Onset: A Practical Look at Modern Day Prev...
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. DImperative Induced Innovation - Patrick W. Dowd, Ph. D
Imperative Induced Innovation - Patrick W. Dowd, Ph. D
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 

More from dorishigh

Cyber War versus Cyber Realities Cyber War v.docx
Cyber War versus Cyber Realities Cyber War v.docxCyber War versus Cyber Realities Cyber War v.docx
Cyber War versus Cyber Realities Cyber War v.docxdorishigh
 
Cyber terrorism, by definition, is the politically motivated use.docx
Cyber terrorism, by definition, is the politically motivated use.docxCyber terrorism, by definition, is the politically motivated use.docx
Cyber terrorism, by definition, is the politically motivated use.docxdorishigh
 
Cyber Security ThreatsYassir NourDr. Fonda IngramETCS-690 .docx
Cyber Security ThreatsYassir NourDr. Fonda IngramETCS-690 .docxCyber Security ThreatsYassir NourDr. Fonda IngramETCS-690 .docx
Cyber Security ThreatsYassir NourDr. Fonda IngramETCS-690 .docxdorishigh
 
Cyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docx
Cyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docxCyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docx
Cyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docxdorishigh
 
Cyber Security and the Internet of ThingsVulnerabilities, T.docx
Cyber Security and the Internet of ThingsVulnerabilities, T.docxCyber Security and the Internet of ThingsVulnerabilities, T.docx
Cyber Security and the Internet of ThingsVulnerabilities, T.docxdorishigh
 
Cyber Security Gone too farCarlos Diego LimaExce.docx
Cyber Security Gone too farCarlos Diego LimaExce.docxCyber Security Gone too farCarlos Diego LimaExce.docx
Cyber Security Gone too farCarlos Diego LimaExce.docxdorishigh
 
CW 1R Checklist and Feedback Sheet Student Copy Go through this.docx
CW 1R Checklist and Feedback Sheet Student Copy Go through this.docxCW 1R Checklist and Feedback Sheet Student Copy Go through this.docx
CW 1R Checklist and Feedback Sheet Student Copy Go through this.docxdorishigh
 
CW 1 Car Industry and AIby Victoria StephensonSubmission.docx
CW 1 Car Industry and AIby Victoria StephensonSubmission.docxCW 1 Car Industry and AIby Victoria StephensonSubmission.docx
CW 1 Car Industry and AIby Victoria StephensonSubmission.docxdorishigh
 
CWTS CWFT Module 7 Chapter 2 Eco-maps 1 ECO-MAPS .docx
CWTS CWFT Module 7 Chapter 2 Eco-maps 1 ECO-MAPS .docxCWTS CWFT Module 7 Chapter 2 Eco-maps 1 ECO-MAPS .docx
CWTS CWFT Module 7 Chapter 2 Eco-maps 1 ECO-MAPS .docxdorishigh
 
Cw2 Marking Rubric Managerial Finance0Fail2(1-29) Fail.docx
Cw2 Marking Rubric Managerial Finance0Fail2(1-29) Fail.docxCw2 Marking Rubric Managerial Finance0Fail2(1-29) Fail.docx
Cw2 Marking Rubric Managerial Finance0Fail2(1-29) Fail.docxdorishigh
 
CVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docx
CVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docxCVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docx
CVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docxdorishigh
 
CYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docx
CYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docxCYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docx
CYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docxdorishigh
 
CUSTOMERSERVICE-TRAINIGPROGRAM 2 TA.docx
CUSTOMERSERVICE-TRAINIGPROGRAM 2 TA.docxCUSTOMERSERVICE-TRAINIGPROGRAM 2 TA.docx
CUSTOMERSERVICE-TRAINIGPROGRAM 2 TA.docxdorishigh
 
Customer Service Test (Chapter 6 - 10)Name Multiple Choice.docx
Customer Service Test (Chapter 6 - 10)Name Multiple Choice.docxCustomer Service Test (Chapter 6 - 10)Name Multiple Choice.docx
Customer Service Test (Chapter 6 - 10)Name Multiple Choice.docxdorishigh
 
Customer Value Funnel Questions1. Identify the relevant .docx
Customer Value Funnel Questions1. Identify the relevant .docxCustomer Value Funnel Questions1. Identify the relevant .docx
Customer Value Funnel Questions1. Identify the relevant .docxdorishigh
 
Customer service is something that we have all heard of and have som.docx
Customer service is something that we have all heard of and have som.docxCustomer service is something that we have all heard of and have som.docx
Customer service is something that we have all heard of and have som.docxdorishigh
 
Customer requests areProposed Cloud Architecture (5 pages n.docx
Customer requests areProposed Cloud Architecture (5 pages n.docxCustomer requests areProposed Cloud Architecture (5 pages n.docx
Customer requests areProposed Cloud Architecture (5 pages n.docxdorishigh
 
Customer Relationship Management Presented ByShan Gu Cris.docx
Customer Relationship Management Presented ByShan Gu Cris.docxCustomer Relationship Management Presented ByShan Gu Cris.docx
Customer Relationship Management Presented ByShan Gu Cris.docxdorishigh
 
Custom Vans Inc. Custom Vans Inc. specializes in converting st.docx
Custom Vans Inc. Custom Vans Inc. specializes in converting st.docxCustom Vans Inc. Custom Vans Inc. specializes in converting st.docx
Custom Vans Inc. Custom Vans Inc. specializes in converting st.docxdorishigh
 
Curtis HillTopic 07 Assignment Long-Term Care ChartHA30.docx
Curtis HillTopic 07 Assignment Long-Term Care ChartHA30.docxCurtis HillTopic 07 Assignment Long-Term Care ChartHA30.docx
Curtis HillTopic 07 Assignment Long-Term Care ChartHA30.docxdorishigh
 

More from dorishigh (20)

Cyber War versus Cyber Realities Cyber War v.docx
Cyber War versus Cyber Realities Cyber War v.docxCyber War versus Cyber Realities Cyber War v.docx
Cyber War versus Cyber Realities Cyber War v.docx
 
Cyber terrorism, by definition, is the politically motivated use.docx
Cyber terrorism, by definition, is the politically motivated use.docxCyber terrorism, by definition, is the politically motivated use.docx
Cyber terrorism, by definition, is the politically motivated use.docx
 
Cyber Security ThreatsYassir NourDr. Fonda IngramETCS-690 .docx
Cyber Security ThreatsYassir NourDr. Fonda IngramETCS-690 .docxCyber Security ThreatsYassir NourDr. Fonda IngramETCS-690 .docx
Cyber Security ThreatsYassir NourDr. Fonda IngramETCS-690 .docx
 
Cyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docx
Cyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docxCyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docx
Cyber Security in Industry 4.0Cyber Security in Industry 4.0 (.docx
 
Cyber Security and the Internet of ThingsVulnerabilities, T.docx
Cyber Security and the Internet of ThingsVulnerabilities, T.docxCyber Security and the Internet of ThingsVulnerabilities, T.docx
Cyber Security and the Internet of ThingsVulnerabilities, T.docx
 
Cyber Security Gone too farCarlos Diego LimaExce.docx
Cyber Security Gone too farCarlos Diego LimaExce.docxCyber Security Gone too farCarlos Diego LimaExce.docx
Cyber Security Gone too farCarlos Diego LimaExce.docx
 
CW 1R Checklist and Feedback Sheet Student Copy Go through this.docx
CW 1R Checklist and Feedback Sheet Student Copy Go through this.docxCW 1R Checklist and Feedback Sheet Student Copy Go through this.docx
CW 1R Checklist and Feedback Sheet Student Copy Go through this.docx
 
CW 1 Car Industry and AIby Victoria StephensonSubmission.docx
CW 1 Car Industry and AIby Victoria StephensonSubmission.docxCW 1 Car Industry and AIby Victoria StephensonSubmission.docx
CW 1 Car Industry and AIby Victoria StephensonSubmission.docx
 
CWTS CWFT Module 7 Chapter 2 Eco-maps 1 ECO-MAPS .docx
CWTS CWFT Module 7 Chapter 2 Eco-maps 1 ECO-MAPS .docxCWTS CWFT Module 7 Chapter 2 Eco-maps 1 ECO-MAPS .docx
CWTS CWFT Module 7 Chapter 2 Eco-maps 1 ECO-MAPS .docx
 
Cw2 Marking Rubric Managerial Finance0Fail2(1-29) Fail.docx
Cw2 Marking Rubric Managerial Finance0Fail2(1-29) Fail.docxCw2 Marking Rubric Managerial Finance0Fail2(1-29) Fail.docx
Cw2 Marking Rubric Managerial Finance0Fail2(1-29) Fail.docx
 
CVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docx
CVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docxCVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docx
CVPSales price per unit$75.00Variable Cost per unit$67.00Fixed C.docx
 
CYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docx
CYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docxCYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docx
CYB207 v2Wk 4 – Assignment TemplateCYB205 v2Page 2 of 2.docx
 
CUSTOMERSERVICE-TRAINIGPROGRAM 2 TA.docx
CUSTOMERSERVICE-TRAINIGPROGRAM 2 TA.docxCUSTOMERSERVICE-TRAINIGPROGRAM 2 TA.docx
CUSTOMERSERVICE-TRAINIGPROGRAM 2 TA.docx
 
Customer Service Test (Chapter 6 - 10)Name Multiple Choice.docx
Customer Service Test (Chapter 6 - 10)Name Multiple Choice.docxCustomer Service Test (Chapter 6 - 10)Name Multiple Choice.docx
Customer Service Test (Chapter 6 - 10)Name Multiple Choice.docx
 
Customer Value Funnel Questions1. Identify the relevant .docx
Customer Value Funnel Questions1. Identify the relevant .docxCustomer Value Funnel Questions1. Identify the relevant .docx
Customer Value Funnel Questions1. Identify the relevant .docx
 
Customer service is something that we have all heard of and have som.docx
Customer service is something that we have all heard of and have som.docxCustomer service is something that we have all heard of and have som.docx
Customer service is something that we have all heard of and have som.docx
 
Customer requests areProposed Cloud Architecture (5 pages n.docx
Customer requests areProposed Cloud Architecture (5 pages n.docxCustomer requests areProposed Cloud Architecture (5 pages n.docx
Customer requests areProposed Cloud Architecture (5 pages n.docx
 
Customer Relationship Management Presented ByShan Gu Cris.docx
Customer Relationship Management Presented ByShan Gu Cris.docxCustomer Relationship Management Presented ByShan Gu Cris.docx
Customer Relationship Management Presented ByShan Gu Cris.docx
 
Custom Vans Inc. Custom Vans Inc. specializes in converting st.docx
Custom Vans Inc. Custom Vans Inc. specializes in converting st.docxCustom Vans Inc. Custom Vans Inc. specializes in converting st.docx
Custom Vans Inc. Custom Vans Inc. specializes in converting st.docx
 
Curtis HillTopic 07 Assignment Long-Term Care ChartHA30.docx
Curtis HillTopic 07 Assignment Long-Term Care ChartHA30.docxCurtis HillTopic 07 Assignment Long-Term Care ChartHA30.docx
Curtis HillTopic 07 Assignment Long-Term Care ChartHA30.docx
 

Recently uploaded

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

Cyber AttacksProtecting National Infrastructure, 1st ed.Ch.docx

  • 1. Cyber Attacks Protecting National Infrastructure, 1st ed. Chapter 6 Depth Copyright © 2012, Elsevier Inc. All Rights Reserved 1 Introduction Anylayerofdefensecanfailatanytime,thusthe introduction of defense in depth Aseriesofprotectiveelementsisplacedbetweenan asset and the adversary Theintentistoenforcepolicyacrossallaccesspoints Copyright © 2012, Elsevier Inc.
  • 2. All rights Reserved 2 Chapter 6 – Depth Fig. 6.1 – General defense in depth schema Copyright © 2012, Elsevier Inc. All rights Reserved 3 Chapter 6 – Depth Effectiveness of Depth Quantifyingtheeffectivenessofalayereddefenseis often difficult Effectivenessisbestdeterminedbyeducatedguesses Thefollowingarerelevantforestimating effectiveness – Practical experience – Engineering analysis
  • 3. – Use-case studies – Testing and simulation Copyright © 2012, Elsevier Inc. All rights Reserved 4 Chapter 6 – Depth Fig. 6.2 – Moderately effective single layer of protection Copyright © 2012, Elsevier Inc. All rights Reserved 5 Chapter 6 – Depth Effectiveness of Depth • Whenalayerfails,wecanconcludeitwaseither flawed or unsuited
  • 4. to the target environment • Nolayeris100%effective—thegoalofmakinglayers “highly” effective is more realistic Copyright © 2012, Elsevier Inc. All rights Reserved 6 Chapter 6 – Depth Fig. 6.3 – Highly effective single layer of protection Copyright © 2012, Elsevier Inc. All rights Reserved 7 Chapter 6 – Depth Fig. 6.4 – Multiple moderately effective layers of protection Copyright © 2012, Elsevier Inc. All rights Reserved
  • 5. 8 Chapter 6 – Depth Layered Authentication Anationalauthenticationsystemforeverycitizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security Singlesign-on(SSO)wouldaccomplishthis authentication simplification objective However,SSOaccessneedstobepartofa multilayered defense Copyright © 2012, Elsevier Inc. All rights Reserved 9 Chapter 6 – Depth Fig. 6.5 – Schema showing two layers of end-user authentication Copyright © 2012, Elsevier Inc.
  • 6. All rights Reserved 10 Chapter 6 – Depth Fig. 6.6 – Authentication options including direct mobile access Copyright © 2012, Elsevier Inc. All rights Reserved 11 Chapter 6 – Depth Layered E-Mail Virus and Spam Protection Commercialenvironmentsareturningtovirtual,in- the-cloud solutions to filter e-mail viruses and spam Tothatsecuritylayerisaddedfilteringsoftwareon individual computers Antivirussoftwarehelpful,butuselessagainstcertain attacks (like botnet) Copyright © 2012, Elsevier Inc.
  • 7. All rights Reserved 12 Chapter 6 – Depth Fig. 6.7 – Typical architecture with layered e-mail filtering Copyright © 2012, Elsevier Inc. All rights Reserved 13 Chapter 6 – Depth Layered Access Controls • Layeringaccesscontrolsincreasessecurity • Addtothisthelimitingofphysicalaccesstoassets • Fornationalinfrastructure,assetsshouldbecovered by as many layers possible – Network-based firewalls – Internal firewalls – Physical security
  • 8. Copyright © 2012, Elsevier Inc. All rights Reserved 14 Chapter 6 – Depth Fig. 6.8 – Three layers of protection using firewall and access controls Copyright © 2012, Elsevier Inc. All rights Reserved 15 Chapter 6 – Depth Layered Encryption • Fiveencryptionmethodsfornationalinfrastructure protection – Mobile device storage – Network transmission – Secure commerce – Application strengthening – Server and mainframe data storage
  • 9. Copyright © 2012, Elsevier Inc. All rights Reserved 16 Chapter 6 – Depth Fig. 6.9 – Multple layers of encryption Copyright © 2012, Elsevier Inc. All rights Reserved 17 Chapter 6 – Depth Layered Intrusion Detection Thepromiseoflayeredintrusiondetectionhasnot been fully realized, though it is useful Theinclusionofintrusionresponsemakesthe layered approach more complex Therearethreeopportunitiesfordifferentintrusion detection systems to provide layered protection
  • 10. – In-band detection – Out-of-band correlation – Signature sharing Copyright © 2012, Elsevier Inc. All rights Reserved 18 Chapter 6 – Depth Fig. 6.10 – Sharing intrusion detection information between systems Copyright © 2012, Elsevier Inc. All rights Reserved 19 Chapter 6 – Depth National Program of Depth • Developingamultilayereddefensefornational infrastructure would require a careful architectural analysis of all assets and protection systems
  • 11. – Identifying assets – Subjective estimations – Obtaining proprietary information – Identifying all possible access paths Copyright © 2012, Elsevier Inc. All rights Reserved 20 Chapter 6 – Depth