Chat with us, powered by LiveChat Emerging Threats and Countermeas | Writedemy

Emerging Threats and Countermeas

13 Jun Emerging Threats and Countermeas

Posted at 20:36h in 2General studies by

1

Copyright © 2012, Elsevier Inc.

All Rights Reserved

Chapter 3

Separation

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• Using a firewall to separate network assets from intruders is the most familiar approach in cyber security

• Networks and systems associated with national infrastructure assets tend to be too complex for firewalls to be effective

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Introduction

3

• Three new approaches to the use of firewalls are necessary to achieve optimal separation – Network-based separation

– Internal separation

– Tailored separation

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Introduction

4

Fig. 3.1 – Firewalls in simple and complex networks

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

5

• Separation is a technique that accomplishes one of the following – Adversary separation

– Component distribution

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

What Is Separation?

6

• A working taxonomy of separation techniques: Three primary factors involved in the use of separation – The source of the threat

– The target of the security control

– The approach used in the security control

(See figure 3.2)

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

What Is Separation?

7

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.2 – Taxonomy of separation techniques

8

• Separation is commonly achieved using an access control mechanism with requisite authentication and identity management

• An access policy identifies desired allowances for users requesting to perform actions on system entities

• Two approaches – Distributed responsibility

– Centralized control

– (Both will be required)

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Functional Separation?

9

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.3 – Distributed versus centralized mediation

10

• Firewalls are placed between a system or enterprise and an un-trusted network (say, the Internet)

• Two possibilities arise – Coverage: The firewall might not cover all paths

– Accuracy: The firewall may be forced to allow access that inadvertently opens access to other protected assets

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

National Infrastructure Firewalls

11

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.4 – Wide area firewall aggregation and local area firewall

segregation

12

• Increased wireless connectivity is a major challenge to national infrastructure security

• Network service providers offer advantages to centralized security – Vantage point: Network service providers can see a lot

– Operations: Network providers have operational capacity to keep security software current

– Investment: Network service providers have the financial wherewithal and motivation to invest in security

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

National Infrastructure Firewalls

13

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.5 – Carrier-centric network-based firewall

14

• Network-based firewall concept includes device for throttling distributed denial of service (DDOS) attacks

• Called a DDOS filter

• Modern DDOS attacks take into account a more advanced filtering system

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

DDOS Filtering

15

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.6 – DDOS filtering of inbound attacks on target assets

16

• SCADA – Supervisory control and data acquisition

• SCADA systems – A set of software, computer, and networks that provide remote coordination of control system for tangible infrastructures

• Structure includes the following – Human-machine interface (HMI)

– Master terminal unit (MTU)

– Remote terminal unit (RTU)

– Field control systems

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

SCADA Separation Architecture

17

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.7 – Recommended SCADA system firewall architecture

18

• Why not simply unplug a system’s external connections? (Called air gapping)

• As systems and networks grow more complex, it becomes more likely that unknown or unauthorized external connections will arise

• Basic principles for truly air-gapped networks: – Clear policy

– Boundary scanning

– Violation consequences

– Reasonable alternatives

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Physical Separation

19

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.8 – Bridging an isolated network via a dual-homing user

20

• Hard to defend against a determined insider

• Threats may also come from trusted partners

• Background checks are a start

• Techniques for countering insider attack – Internal firewalls

– Deceptive honey pots

– Enforcement of data markings

– Data leakage protection (DLP) systems

• Segregation of duties offers another layer of protection

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Insider Separation

21

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.9 – Decomposing work functions for segregation of duty

22

• Involves the distribution, replication, decomposition, or segregation of national assets – Distribution: creating functionality using multiple

cooperating components that work together as distributed system

– Replication: copying assets across components so if one asset is broken, the copy will be available

– Decomposition: breaking complex assets into individual components so an isolated compromise won’t bring down asset

– Segregation: separation of assets through special access controls, data markings, and policy enforcement

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Asset Separation

23

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.10 – Reducing DDOS risk through CDN-hosted content

24

• Typically, mandatory access controls and audit trail hooks were embedded into the underlying operating system kernel

• Popular in the 1980s and 1990s

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Multilevel Security (MLS)

25

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.11 – Using MLS logical separation to protect assets

26

• Internet separation: Certain assets simply shouldn’t be accessible from the Internet

• Network-based firewalls: These should be managed by a centralized group

• DDOS protection: All assets should have protection in place before an attack

• Internal separation: Critical national infrastructure settings need an incentive to implement internal separation policy

• Tailoring requirements: Vendors should be incentivized to build tailored systems such as firewalls for special SCADA environments

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 3 –

S e p a ra

tio n

National Separation Program

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Writedemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Print page