Cyber Attacks Protecting National Infrastructure, 1st ed. Chapter 6 Depth Copyright © 2012, Elsevier Inc. All Rights Reserved 1 Introduction Anylayerofdefensecanfailatanytime,thusthe introduction of defense in depth Aseriesofprotectiveelementsisplacedbetweenan asset and the adversary Theintentistoenforcepolicyacrossallaccesspoints Copyright © 2012, Elsevier Inc. All rights Reserved 2 Chapter 6 – Depth Fig. 6.1 – General defense in depth schema Copyright © 2012, Elsevier Inc. All rights Reserved 3 Chapter 6 – Depth Effectiveness of Depth Quantifyingtheeffectivenessofalayereddefenseis often difficult Effectivenessisbestdeterminedbyeducatedguesses Thefollowingarerelevantforestimating effectiveness – Practical experience – Engineering analysis – Use-case studies – Testing and simulation Copyright © 2012, Elsevier Inc. All rights Reserved 4 Chapter 6 – Depth Fig. 6.2 – Moderately effective single layer of protection Copyright © 2012, Elsevier Inc. All rights Reserved 5 Chapter 6 – Depth Effectiveness of Depth • Whenalayerfails,wecanconcludeitwaseither flawed or unsuited to the target environment • Nolayeris100%effective—thegoalofmakinglayers “highly” effective is more realistic Copyright © 2012, Elsevier Inc. All rights Reserved 6 Chapter 6 – Depth Fig. 6.3 – Highly effective single layer of protection Copyright © 2012, Elsevier Inc. All rights Reserved 7 Chapter 6 – Depth Fig. 6.4 – Multiple moderately effective layers of protection Copyright © 2012, Elsevier Inc. All rights Reserved 8 Chapter 6 – Depth Layered Authentication Anationalauthenticationsystemforeverycitizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security Singlesign-on(SSO)wouldaccomplishthis authentication simplification objective However,SSOaccessneedstobepartofa multilayered defense Copyright © 2012, Elsevier Inc. All rights Reserved 9 Chapter 6 – Depth Fig. 6.5 – Schema showing two layers of end-user authentication Copyright © 2012, Elsevier Inc. All rights Reserved 10 Chapter 6 – Depth Fig. 6.6 – Authentication options including direct mobile access Copyright © 2012, Elsevier Inc. All rights Reserved 11 Chapter 6 – Depth Layered E-Mail Virus and Spam Protection Commercialenvironmentsareturningtovirtual,in- the-cloud solutions to filter e-mail viruses and spam Tothatsecuritylayerisaddedfilteringsoftwareon individual computers Antivirussoftwarehelpful,butuselessagainstcertain attacks (like botnet) Copyright © 2012, Elsevier Inc. All rights Reserved 12 Chapter 6 – Depth Fig. 6.7 – Typical architecture with layered e-mail filtering Copyright © 2012, Elsevier Inc. All rights Reserved 13 Chapter 6 – Depth Layered Access Controls • Layeringaccesscontrolsincreasessecurity • Addtothisthelimitingofphysicalaccesstoassets • Fornationalinfrastructure,assetsshouldbecovered by as many l.