Recommended
Recommended
More Related Content
Similar to 1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
Similar to 1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx (20)
More from oswald1horne84988
More from oswald1horne84988 (20)
Recently uploaded
Recently uploaded (20)
1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved .docx
- 1. 1 1 Copyright © 2012, Elsevier Inc. All Rights Reserved Chapter 1 Introduction Cyber Attacks Protecting National Infrastructure, 1st ed. 2 • Na#onal infrastructure – Refers to the complex, underlying delivery and support systems for all large-‐scale
- 2. services considered absolutely essen#al to a na#on • Conven#onal approach to cyber security not enough • New approach needed – Combining best elements of exis#ng security techniques with challenges that face complex,
- 3. large-‐scale na#onal services Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Introduc#on 3 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.1 – Na#onal infrastructure cyber and physical aDacks
- 4. 4 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.2 – Differences between small-‐ and large-‐scale cyber security 5 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction • Three types of malicious
- 5. adversaries – External adversary – Internal adversary – Supplier adversary Na#onal Cyber Threats, Vulnerabili#es, and ADacks 6 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.3 –
- 6. Adversaries and exploita#on points in na#onal infrastructure 7 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction • Three exploita#on points – Remote access – System administra#on and normal usage
- 7. – Supply chain Na#onal Cyber Threats, Vulnerabili#es, and ADacks 8 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction • Infrastructure threatened by most common security concerns: – Confiden#ality – Integrity
- 8. – Availability – TheQ Na#onal Cyber Threats, Vulnerabili#es, and ADacks 9 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Botnet Threat • What is a botnet a(ack?
- 9. – The remote collec#on of compromised end-‐user machines (usually broadband-‐connected PCs) is used to aDack a target. – Sources of aDack are scaDered and difficult to iden#fy – Five en##es that comprise botnet aDack:
- 10. botnet operator, botnet controller, collec0on of bots, botnot so3ware drop, botnet target 10 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction • Five en##es that comprise botnet aDack: – Botnet operator
- 11. – Botnet controller – Collec#on of bots – Botnot soQware drop – Botnet target • Distributed denial of service (DDOS) aDack: bots create “cyber traffic jam” Botnet Threat
- 12. 11 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.4 – Sample DDOS aDack from a botnet 12 Na#onal Cyber Security Methodology Components Copyright © 2012, Elsevier Inc. All rights Reserved
- 13. C hapter 1 – Introduction • Ten basic design and opera#on principles: – Decep#on – Discre#on – Separa#on – Collec#on – Diversity – Correla#on – Commonality – Awareness – Depth
- 15. • Decep#on enables forensic analysis of intruder ac#vity • The acknowledged use of decep#on may be a deterrent to intruders (every vulnerability may actually be a trap) Copyright © 2012, Elsevier Inc. All rights Reserved
- 16. C hapter 1 – Introduction Decep#on 14 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.5 – Components of an interface with decep#on 15 • Separa#on involves enforced
- 17. access policy restric#ons on users and resources in a compu#ng environment • Most companies use enterprise firewalls, which are complemented by the following: – Authen#ca#on and iden#ty management – Logical access controls
- 18. – LAN controls – Firewalls Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Separa#on 16 Fig. 1.6 – Firewall enhancements for na#onal infrastructure Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction
- 19. 17 • Diversity is the principle of using technology and systems that are inten#onally different in substan#ve ways. • Diversity hard to implement – A single soQware vendor tends to
- 20. dominate the PC opera#ng system business landscape – Diversity conflicts with organiza#onal goals of simplifying supplier and vendor rela#onships Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Diversity 18
- 21. Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.7 – Introducing diversity to na#onal infrastructure 19 • Consistency involves uniform aDen#on to security best prac#ces across na#onal infrastructure components
- 22. • Greatest challenge involves audi#ng • A na#onal standard is needed Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Commonality 20 • Depth involves using mul#ple security layers to protect
- 23. na#onal infrastructure assets • Defense layers are maximized by using a combina#on of func#onal and procedural controls Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Depth 21 Copyright © 2012, Elsevier Inc.
- 24. All rights Reserved C hapter 1 – Introduction Fig. 1.8 – Na#onal infrastructure security through defense in depth 22 • Discre#on involves individuals and groups making good decisions to obscure sensi#ve informa#on
- 25. about na#onal infrastructure • This is not the same as “security through obscurity” Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Discre#on 23 • Collec#on involves automated gathering of system-‐ related
- 26. informa#on about na#onal infrastructure to enable security analysis • Data is processed by a security informa0on management system. • Opera#onal challenges – What type of informa#on should be collected? – How
- 27. much informa#on should be collected? Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Collec#on 24 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.9 – Collec#ng na#onal infrastructure-‐related security
- 29. • Past ini#a#ves included real-‐#me correla#on of data at fusion center – Difficult to implement Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Correla#on 26 Fig. 1.10 – Na#onal infrastructure
- 30. high-‐ level correla#on approach Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction 27 • Awareness involves an organiza#on understanding the differences between observed and normal status in na#onal infrastructure • Most
- 31. agree on the need for awareness, but how can awareness be achieved? Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Awareness 28 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.11
- 33. layer • Current prac#ce in smaller corporate environments of reducing “false posi#ves” by wai#ng to confirm disaster is not acceptable for na#onal infrastructure Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Response
- 34. 30 Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Fig. 1.12 – Na#onal infrastructure security response approach 31 • Commissions and groups • Informa#on sharing • Interna#onal coopera#on
- 35. • Technical and opera#onal costs Copyright © 2012, Elsevier Inc. All rights Reserved C hapter 1 – Introduction Implemen#ng the Principles Na#onally