1Copyright__2012_Elsevier_IncAll_Rights_ReservedChapter

1

Chapter 3

Separation

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• Using a firewall to separate network assets from intruders is the most familiar approach in cyber security

• Networks and systems associated with national infrastructure assets tend to be too complex for firewalls to be effective

C h a p te

r 3 –

S e p a ra

tio n

Introduction

3

• Three new approaches to the use of firewalls are necessary to achieve optimal separation – Network-based separation

– Internal separation

– Tailored separation

C h a p te

r 3 –

S e p a ra

tio n

Introduction

4

Fig. 3.1 – Firewalls in simple and complex networks

C h a p te

r 3 –

S e p a ra

tio n

5

• Separation is a technique that accomplishes one of the following – Adversary separation

– Component distribution

C h a p te

r 3 –

S e p a ra

tio n

What Is Separation?

6

• A working taxonomy of separation techniques: Three primary factors involved in the use of separation – The source of the threat

– The target of the security control

– The approach used in the security control

(See figure 3.2)

C h a p te

r 3 –

S e p a ra

tio n

What Is Separation?

7

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.2 – Taxonomy of separation techniques

8

• Separation is commonly achieved using an access control mechanism with requisite authentication and identity management

• An access policy identifies desired allowances for users requesting to perform actions on system entities

• Two approaches – Distributed responsibility

– Centralized control

– (Both will be required)

C h a p te

r 3 –

S e p a ra

tio n

Functional Separation?

9

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.3 – Distributed versus centralized mediation

10

• Firewalls are placed between a system or enterprise and an un-trusted network (say, the Internet)

• Two possibilities arise – Coverage: The firewall might not cover all paths

– Accuracy: The firewall may be forced to allow access that inadvertently opens access to other protected assets

C h a p te

r 3 –

S e p a ra

tio n

National Infrastructure Firewalls

11

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.4 – Wide area firewall aggregation and local area firewall

segregation

12

• Increased wireless connectivity is a major challenge to national infrastructure security

• Network service providers offer advantages to centralized security – Vantage point: Network service providers can see a lot

– Operations: Network providers have operational capacity to keep security software current

– Investment: Network service providers have the financial wherewithal and motivation to invest in security

C h a p te

r 3 –

S e p a ra

tio n

National Infrastructure Firewalls

13

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.5 – Carrier-centric network-based firewall

14

• Network-based firewall concept includes device for throttling distributed denial of service (DDOS) attacks

• Called a DDOS filter

• Modern DDOS attacks take into account a more advanced filtering system

C h a p te

r 3 –

S e p a ra

tio n

DDOS Filtering

15

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.6 – DDOS filtering of inbound attacks on target assets

16

• SCADA – Supervisory control and data acquisition

• SCADA systems – A set of software, computer, and networks that provide remote coordination of control system for tangible infrastructures

• Structure includes the following – Human-machine interface (HMI)

– Master terminal unit (MTU)

– Remote terminal unit (RTU)

– Field control systems

C h a p te

r 3 –

S e p a ra

tio n

SCADA Separation Architecture

17

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.7 – Recommended SCADA system firewall architecture

18

• Why not simply unplug a system’s external connections? (Called air gapping)

• As systems and networks grow more complex, it becomes more likely that unknown or unauthorized external connections will arise

• Basic principles for truly air-gapped networks: – Clear policy

– Boundary scanning

– Violation consequences

– Reasonable alternatives

C h a p te

r 3 –

S e p a ra

tio n

Physical Separation

19

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.8 – Bridging an isolated network via a dual-homing user

20

• Hard to defend against a determined insider

• Threats may also come from trusted partners

• Background checks are a start

• Techniques for countering insider attack – Internal firewalls

– Deceptive honey pots

– Enforcement of data markings

– Data leakage protection (DLP) systems

• Segregation of duties offers another layer of protection

C h a p te

r 3 –

S e p a ra

tio n

Insider Separation

21

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.9 – Decomposing work functions for segregation of duty

22

• Involves the distribution, replication, decomposition, or segregation of national assets – Distribution: creating functionality using multiple

cooperating components that work together as distributed system

– Replication: copying assets across components so if one asset is broken, the copy will be available

– Decomposition: breaking complex assets into individual components so an isolated compromise won’t bring down asset

– Segregation: separation of assets through special access controls, data markings, and policy enforcement

C h a p te

r 3 –

S e p a ra

tio n

Asset Separation

23

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.10 – Reducing DDOS risk through CDN-hosted content

24

• Typically, mandatory access controls and audit trail hooks were embedded into the underlying operating system kernel

• Popular in the 1980s and 1990s

C h a p te

r 3 –

S e p a ra

tio n

Multilevel Security (MLS)

25

C h a p te

r 3 –

S e p a ra

tio n

Fig. 3.11 – Using MLS logical separation to protect assets

26

• Internet separation: Certain assets simply shouldn’t be accessible from the Internet

• Network-based firewalls: These should be managed by a centralized group

• DDOS protection: All assets should have protection in place before an attack

• Internal separation: Critical national infrastructure settings need an incentive to implement internal separation policy

• Tailoring requirements: Vendors should be incentivized to build tailored systems such as firewalls for special SCADA environments

C h a p te

r 3 –

S e p a ra

tio n

National Separation Program

Project Part 2: Access Controls Procedure Guide

Scenario

Changing access controls can have some undesirable effects. Therefore, it is important to carefully consider changes before making them and provide mechanisms to reverse changes if they have unexpected consequences.

Always Fresh management has asked you to develop procedures for changing any access controls. The purpose of these procedures is to ensure that staff:

· Understand and document the purpose of each access control change request

· Know what access controls were in place before any changes

· Get an approval of change by management

· Understand the scope of the change, both with respect to users, computers, and objects

· Have evaluated the expected impact of the change

· Know how to evaluate whether the change meets the goals

· Understand how to undo any change if necessary

Tasks

Create a guide that security personnel will use that includes procedures for implementing an access control change.

The procedure guide must contain the steps Always Fresh security personnel should take to evaluate and implement an access control change. You can assume any change requests you receive are approved.

Ensure that your procedures include the following:

· Status or setting prior to any change

· Reason for the change

· Change to implement

· Scope of the change

· Impact of the change

· Status or setting after the change

· Process to evaluate the change

Required Resources

· Internet access

· Course textbook

Submission Requirements

· Format: Microsoft Word (or compatible)

· Font: Arial, size 12, double-space

· Citation Style: Follow your school’s preferred style guide

· Length: 2 to 4 pages

Self-Assessment Checklist

· I created a procedure guide that provides clear instructions that anyone with a basic technical knowledge base can follow.

· I created a well-developed and formatted procedure guide with proper grammar, spelling, and punctuation.

· I followed the submission guidelines.

1

Chapter 6

Depth

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• Any layer of defense can fail at any time, thus the introduction of defense in depth

• A series of protective elements is placed between an asset and the adversary

• The intent is to enforce policy across all access points

C h a p te

r 6 –

D e p th

Introduction

3

Fig. 6.1 – General defense in depth schema

C h a p te

r 6 –

D e p th

4

• Quantifying the effectiveness of a layered defense is often difficult

• Effectiveness is best determined by educated guesses

• The following are relevant for estimating effectiveness – Practical experience

– Engineering analysis

– Use-case studies

– Testing and simulation

C h a p te

r 6 –

D e p th

Effectiveness of Depth

5

C h a p te

r 6 –

D e p th

Fig. 6.2 – Moderately effective single layer of protection

6

• When a layer fails, we can conclude it was either flawed or unsuited to the target environment

• No layer is 100% effective—the goal of making layers “highly” effective is more realistic

C h a p te

r 6 –

D e p th

Effectiveness of Depth

7

C h a p te

r 6 –

D e p th

Fig. 6.3 – Highly effective single layer of protection

8

C h a p te

r 6 –

D e p th

Fig. 6.4 – Multiple moderately effective layers of protection

9

• A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security

• Single sign-on (SSO) would accomplish this authentication simplification objective

• However, SSO access needs to be part of a multilayered defense

C h a p te

r 6 –

D e p th

Layered Authentication

10

C h a p te

r 6 –

D e p th

Fig. 6.5 – Schema showing two layers of end-user authentication

11

C h a p te

r 6 –

D e p th

Fig. 6.6 – Authentication options including direct mobile access

12

Layered E-Mail Virus and Spam Protection

• Commercial environments are turning to virtual, in- the-cloud solutions to filter e-mail viruses and spam

• To that security layer is added filtering software on individual computers

• Antivirus software helpful, but useless against certain attacks (like botnet)

C h a p te

r 6 –

D e p th

13

C h a p te

r 6 –

D e p th

Fig. 6.7 – Typical architecture with layered e-mail filtering

14

• Layering access controls increases security

• Add to this the limiting of physical access to assets

• For national infrastructure, assets should be covered by as many layers possible – Network-based firewalls

– Internal firewalls

– Physical security

C h a p te

r 6 –

D e p th

Layered Access Controls

15

Fig. 6.8 – Three layers of protection using firewall and access controls

C h a p te

r 6 –

D e p th

16

• Five encryption methods for national infrastructure protection – Mobile device storage

– Network transmission

– Secure commerce

– Application strengthening

– Server and mainframe data storage

C h a p te

r 6 –

D e p th

Layered Encryption

17

C h a p te

r 6 –

D e p th

Fig. 6.9 – Multple layers of encryption

18

• The promise of layered intrusion detection has not been fully realized, though it is useful

• The inclusion of intrusion response makes the layered approach more complex

• There are three opportunities for different intrusion detection systems to provide layered protection – In-band detection

– Out-of-band correlation

– Signature sharing

C h a p te

r 6 –

D e p th

Layered Intrusion Detection

19

C h a p te

r 6 –

D e p th

Fig. 6.10 – Sharing intrusion detection information between systems

20

• Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems – Identifying assets

– Subjective estimations

– Obtaining proprietary information

– Identifying all possible access paths

C h a p te

r 6 –

D e p th

National Program of Depth

1

Chapter 8

Collection

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• Diligent and ongoing observation of computing and networking behavior can highlight malicious activity – The processing and analysis required for this must be done

within a program of data collection

• A national collection process that combines local, regional, and aggregated data does not exist in an organized manner

C h a p te

r 8 –

C o lle

c tio

n

Introduction

3

Fig. 8.1 – Local, regional, and national data collection with aggregation

C h a p te

r 8 –

C o lle

c tio

n

4

• At local and national levels data collection decisions for national infrastructure should be based on the following security goals – Preventing an attack

– Mitigating an attack

– Analyzing an attack

• Data collection must be justified (who is collecting and why)

• The quality of data is more important than the quantity

C h a p te

r 8 –

C o lle

c tio

n

Introduction

5

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.2 – Justification-based decision analysis template for data collection

6

• Metadata is perhaps the most useful type of data for collection in national infrastructure – Metadata is information about data, not what the data is

about

• Data collection systems need to keep pace with growth of carrier backbones

• Sampling data takes less time, but unsampled data may be reveal more

C h a p te

r 8 –

C o lle

c tio

n

Collecting Network Data

7

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.3 – Generic data collection schematic

8

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.4 – Collection detects evidence of vulnerability in advance of notification

9

• National initiatives have not traditionally collected data from mainframes, servers, and PCs

• The ultimate goal should be to collect data from all relevant computers, even if that goal is beyond current capacity

• System monitoring may reveal troubling patterns

• Two techniques useful for embedding system management data – Inventory process needed to identify critical systems

– Process of instrumenting or reusing data collection facilities must be identified

C h a p te

r 8 –

C o lle

c tio

n

Collecting System Data

10

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.5 – Collecting data from mainframes, servers, and PCs

11

Security Information and Event Management

• Security information and event management (SIEM) is the process of aggregating system data from multiple sources for purpose of protection

• Each SIEM system (in a national system of data collection) would collect, filter, and process data

• Objections to this approach include both the cost of setting up the architecture and the fact that embedded SIEM functionality might introduce problems locally

C h a p te

r 8 –

C o lle

c tio

n

12

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.6 – Generic SIEM architecture

13

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.7 – Generic national SIEM architecture

14

• Identifying trends is the most fundamental processing technique for data collected across the infrastructure

• Simplest terms – Some quantities go up (growth)

– Some quantities go down (reduction)

– Some quantities stay the same (leveling)

– Some quantities doing none of the above (unpredictability)

C h a p te

r 8 –

C o lle

c tio

n

Large-Scale Trending

15

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.8 – Growth trend in botnet behavior over 9-month period (2006–

2007)

16

• Some basic practical considerations that must be made by security analysts before a trend can be trusted – Underlying collection

– Volunteered data

– Relevant coverage

C h a p te

r 8 –

C o lle

c tio

n

Large-Scale Trending

17

• Collecting network metadata allows security analysts track a worm’s progress and predict its course

• Consensus holds that worms work too fast for data collection to be an effective defense – There’s actually some evidence that a closer look at the

data might provide early warning of worm threats

• After collecting and analyzing, the next step is acting on the data in a timely manner

C h a p te

r 8 –

C o lle

c tio

n

Tracking a Worm

18

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.9 – Coarse view of UDP traffic spike from SQL/Slammer worm

(Figure courtesy of Dave Gross and Brian Rexroad)

19

C h a p te

r 8 –

C o lle

c tio

n

Fig. 8.10 – Fine view of UDP traffic spike from SQL/Slammer worm (Figure courtesy of Dave Gross and Brian Rexroad)

20

• Once the idea for a national data collection program is accepted, the following need to be addressed – Data sources

– Protected transit

– Storage considerations

– Data reduction emphasis

C h a p te

r 8 –

C o lle

c tio

n

National Collection Program

1

Chapter 5

Commonality

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack

• Best practices, standards, and audits establish a low- water mark for all relevant organizations

• Audits must be both meaningful and measurable – Often the most measurable things aren’t all that

meaningful

C h a p te

r 5 –

C o m

m o n a lity

Introduction

3

• Common security-related best practices/standards – Federal Information Security Management Act (FISMA)

– Health Insurance Portability and Accountability Act (HIPAA)

– Payment Card Industry Data Security Standard (PCI DSS)

– ETSI Cyber Security Technical Committee (TC-CYBER)

– ISO/IEC 27000 Standard family (ISO27K) • ISO 27001 – Security management systems

• ISO 27002 – Code of practice for InfoSec controls

– COBIT - Control Objectives for Information and related Technology

– NIST Cybersecurity Framework

C h a p te

r 5 –

C o m

m o n a lity

Introduction

4

Fig. 5.1 – Illustrative security audits for two organizations

C h a p te

r 5 –

C o m

m o n a lity

5

C h a p te

r 5 –

C o m

m o n a lity

Fig. 5.2 – Relationship between meaningful and measurable

requirements

6

• The primary motivation for proper infrastructure protection should be success based and economic – Not the audit score

• Security of critical components relies on – Step #1: Standard audit

– Step #2: World-class focus

• Sometimes security audit standards and best practices proven through experience are in conflict

C h a p te

r 5 –

C o m

m o n a lity

Meaningful Best Practices for Infrastructure Protection

7

C h a p te

r 5 –

C o m

m o n a lity

Fig. 5.3 – Methodology to achieve world-class infrastructure

protection practices

8

• Four basic security policy considerations are recommended – Enforceable: Policies without enforcement are not

valuable

– Small: Keep it simple and current

– Online: Policy info needs to be online and searchable

– Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment

C h a p te

r 5 –

C o m

m o n a lity

Locally Relevant and Appropriate Security Policy

9

C h a p te

r 5 –

C o m

m o n a lity

Fig. 5.4 – Decision process for security policy analysis

10

• Create an organizational culture of security protection

• Culture of security is one where standard operating procedures provide a secure environment

• Ideal environment marries creativity and interest in new technologies with caution and a healthy aversion to risk

C h a p te

r 5 –

C o m

m o n a lity

Culture of Security Protection

11

C h a p te

r 5 –

C o m

m o n a lity

Fig. 5.5 – Spectrum of organizational culture of security options

12

• Organizations should be explicitly committed to infrastructure simplification

• Common problems found in design and operation of national infrastructure – Lack of generalization

– Clouding the obvious

– Stream-of-consciousness design

– Nonuniformity

C h a p te

r 5 –

C o m

m o n a lity

Infrastructure Simplification

13

C h a p te

r 5 –

C o m

m o n a lity

Fig. 5.6 – Sample cluttered engineering chart

14

C h a p te

r 5 –

C o m

m o n a lity

Fig. 5.7 – Simplified engineering chart

15

• How to simplify a national infrastructure environment – Reduce its size

– Generalize concepts

– Clean interfaces

– Highlight patterns

– Reduce clutter

C h a p te

r 5 –

C o m

m o n a lity

Infrastructure Simplification

16

• Key decision-makers need certification and education programs

• Hundred percent end-user awareness is impractical; instead focus on improving security competence of decision-makers – Senior Managers

– Designers and developers

– Administrators

– Security team members

• Create low-cost, high-return activities to certify and educate end users

C h a p te

r 5 –

C o m

m o n a lity

Certification and Education

17

C h a p te

r 5 –

C o m

m o n a lity

Fig. 5.8 – Return on investment (ROI) trends for security education

18

• Create and establish career paths and reward structures for security professionals

• These elements should be present in national infrastructure environments – Attractive salaries

– Career paths

– Senior managers

C h a p te

r 5 –

C o m

m o n a lity

Career Path and Reward Structure

19

• Companies and agencies being considered for national infrastructure work should be required to demonstrate past practice in live security incidents

• Companies and agencies must do a better job of managing their inventory of live incidents

C h a p te

r 5 –

C o m

m o n a lity

Responsible Past Security Practice

20

• Companies and agencies being considered for national infrastructure work should provide evidence of the following past practices – Past damage

– Past prevention

– Past response

C h a p te

r 5 –

C o m

m o n a lity

Responsible Past Security Practice

21

• A national commonality plan involves balancing the following concerns – Plethora of existing standards

– Low-water mark versus world class

– Existing commissions and boards

C h a p te

r 5 –

C o m

m o n a lity

National Commonality Program

1

Chapter 7

Discretion

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• Proprietary information will be exposed if discovered by hackers

• National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place

– More practically: Include a customized program focused mainly on the most critical information

C h a p te

r 7 –

D is

c re

tio n

Introduction

3

• A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security

• A national infrastructure security protection program will include – Mandatory controls

– Discretionary policy

• A smaller, less complext TCB is easier to protect

C h a p te

r 7 –

D is

c re

tio n

Trusted Computing Base

4

Fig. 7.1 – Size comparison issues in a trusted computing base

C h a p te

r 7 –

D is

c re

tio n

5

• Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance

– Fixes

– Limits

– Legality

– Damage

– Need

C h a p te

r 7 –

D is

c re

tio n

Trusted Computing Base

6

• Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities

– Long-term suppression of information

• Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture

– E.g., revealing a flaw before it’s fixed can lead to rushed work and an unnecessary complication of the situation

C h a p te

r 7 –

D is

c re

tio n

Security Through Obscurity

7

C h a p te

r 7 –

D is

c re

tio n

Fig. 7.2 – Knowledge lifecycle for security through obscurity

8

C h a p te

r 7 –

D is

c re

tio n

Fig. 7.3 – Vulnerability disclosure lifecycle

9

• Information sharing may be inadvertent, secretive, or willful

• Government most aggressive promoting information sharing

• Government requests information from industry for the following reasons – Government assistance to industry

– Government situational awareness

– Politics

• Government and industry have conflicting motivations

C h a p te

r 7 –

D is

c re

tio n

Information Sharing

10

C h a p te

r 7 –

D is

c re

tio n

Fig. 7.4 – Inverse value of information sharing for government and industry

11

• Adversaries regularly scout ahead and plan before an attack

• Reconnaissance planning levels – Level #1: Broad, wide-reaching collection from a variety of

sources

– Level #2: Targeted collection, often involving automation

– Level #3: Directly accessing the target

C h a p te

r 7 –

D is

c re

tio n

Information Reconnaissance

12

C h a p te

r 7 –

D is

c re

tio n

Fig. 7.5 – Three stages of reconnaissance for cyber security

13

• At each stage of reconnaissance, security engineers can introduce information obscurity

• The specific types of information that should be obscured are – Attributes

– Protections

– Vulnerabilities

C h a p te

r 7 –

D is

c re

tio n

Information Reconnaissance

14

• Layering methods of obscurity and discretion adds depth to defensive security program

• Even with layered obscurity, asset information can find a way out – Public speaking

– Approved external site

– Search for leakage

C h a p te

r 7 –

D is

c re

tio n

Obscurity Layers

15

C h a p te

r 7 –

D is

c re

tio n

Fig. 7.6 – Obscurity layers to protect asset information

16

• Governments have been successful at protecting information by compartmentalizing information and individuals – Information is classified

– Groups of individuals are granted clearance

• Compartmentalization defines boundaries, which helps guides decisions

• Private companies can benefit from this model

C h a p te

r 7 –

D is

c re

tio n

Organizational Compartments

17

C h a p te

r 7 –

D is

c re

tio n

Fig. 7.7 – Using clearances and classifications to control information

disclosure

18

C h a p te

r 7 –

D is

c re

tio n

Fig. 7.8 – Example commercial mapping of clearances and classifications

19

• To implement a national discretion program will require – TCB definition

– Reduced emphasis on information sharing

– Coexistence with hacking community

– Obscurity layered model

– Commercial information protection models

C h a p te

r 7 –

D is

c re

tio n

National Discretion Program

1

Chapter 4

Diversity

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

C h a p te

r 4 –

D iv

e rs

ity

Introduction

• The securing any set of national assets should include a diversity strategy

• The deliberate introduction of diversity into national infrastructure to increase security has not been well explored

• Two system are considered diverse if their key attributes differ

• Diversity bucks the trend to standardize assets for efficiency's sake

3

Fig. 4.1 – Diverse and nondiverse components through attribute

differences

C h a p te

r 4 –

D iv

e rs

ity

4

C h a p te

r 4 –

D iv

e rs

ity

Diversity and Worm Propagation

• Worm propagation is an example of an attack that relies on a nondiverse target environment

• Worm functionality in three steps: – Step #1: Find a target system on the network for

propagation of worm program

– Step #2: Copy program to that system

– Step #3: Remotely execute program

– Repeat

• Diversity may be expensive to introduce, but saves money on response costs in the long run

5

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.2 – Mitigating worm activity through diversity

6

C h a p te

r 4 –

D iv

e rs

ity

Desktop Computer System Diversity

• Most individual computers run the same operating system software on a standard processor platform and browse the Internet through one or two popular search engines with the one of only a couple browsers

• The typical configuration is a PC running Windows on an Intel platform, browsing the Internet with Internet Explorer, searching with Google

• This makes the average home PC user a highly predictable target

7

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.3 – Typical PC configuration showing diversity

8

C h a p te

r 4 –

D iv

e rs

ity

Desktop Computer System Diversity

• Three Considerations – Platform costs

– Application interoperability

– Support and training

9

• Ultimate solution for making desktops more secure involves their removal – Not a practical solution

• Cloud computing may offer home PC users a diverse, protected environment

C h a p te

r 4 –

D iv

e rs

ity

Diversity Paradox of Cloud Computing

10

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.4 – Spectrum of desktop diversity options

11

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.5 – Diversity and attack difficulty with option of removal

12

• Modern telecommunications consist of the following two types of technologies – Circuit-switched

– Packet-switched

• When compared to one another, these two technologies automatically provide diversity

• Diversity may not always be a feasible goal – Maximizing diversity may defend against large-scale

attacks, but one must also look closely at the entire architecture

C h a p te

r 4 –

D iv

e rs

ity

Network Technology Diversity

13

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.6 – Worm nonpropagation benefit from diverse telecommunications

14

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.7 – Potential for impact propagation over shared fiber

15

• Any essential computing or networking asset that serves a critical function must include physical distribution to increase survivability

• Physical diversity has been part of the national asset system for years – Backup center diversity

– Supplier/vendor diversity

– Network route diversity

C h a p te

r 4 –

D iv

e rs

ity

Physical Diversity

16

C h a p te

r 4 –

D iv

e rs

ity

Fig. 4.8 – Diverse hubs in satellite SCADA configurations

17

• A national diversity program would coordinate between companies and government agencies – Critical path analysis

– Cascade modeling

– Procurement discipline

C h a p te

r 4 –

D iv

e rs

ity

National Diversity Program

blog6

Project Part 2: Access Controls Procedure Guide

Scenario

Tasks

Required Resources

Submission Requirements

Self-Assessment Checklist

Get help from top-rated tutors in any subject.