StudyDaddy Computer Science Your final research paper assignment is to write a research paper that explains how defense-in-depth (chapter 6) and awareness (chapter 10) are complimentary techniques to detect emerging threats and

Your final research paper assignment is to write a research paper that explains how defense-in-depth (chapter 6) and awareness (chapter 10) are complimentary techniques to detect emerging threats and

1 Copyright © 2012, Elsevier Inc. All Rights Reser ved Chapter 6 Depth Cyber Attacks Protecting National Infrastructure, 1 st ed. 2 • Any layer of defense can fail at any time, thus the introduction of defense in depth • A series of protective elements is placed between an asset and the adversary • The intent is to enforce policy across all access points Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Introduction 3 Fig. 6.1 – General defense in depth schema Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth 4 • Quantifying the effectiveness of a layered defense is often difficult • Effectiveness is best determined by educated guesses • The following are relevant for estimating effectiveness – Practical experience – Engineering analysis – Use -case studies – Testing and simulation Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Effectiveness of Depth 5 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Fig. 6.2 – Moderately effective single layer of protection 6 • When a layer fails, we can conclude it was either flawed or unsuited to the target environment • No layer is 100% effective — the goal of making layers “highly” effective is more realistic Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Effectiveness of Depth 7 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Fig. 6.3 – Highly effective single layer of protection 8 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Fig. 6.4 – Multiple moderately effective layers of protection 9 • A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security • Single sign -on (SSO) would accomplish this authentication simplification objective • However, SSO access needs to be part of a multilayered defense Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Layered Authentication 10 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Fig. 6.5 – Schema showing two layers of end - user authentication 11 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Fig. 6.6 – Authentication options including direct mobile access 12 Layered E - Mail Virus and Spam Protection • Commercial environments are turning to virtual, in - the -cloud solutions to filter e -mail viruses and spam • To that security layer is added filtering software on individual computers • Antivirus software helpful, but useless against certain attacks (like botnet) Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth 13 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Fig. 6.7 – Typical architecture with layered e - mail filtering 14 • Layering access controls increases security • Add to this the limiting of physical access to assets • For national infrastructure, assets should be covered by as many layers possible – Network -based firewalls – Internal firewalls – Physical security Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Layered Access Controls 15 Fig. 6.8 – Three layers of protection using firewall and access controls Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth 16 • Five encryption methods for national infrastructure protection – Mobile device storage – Network transmission – Secure commerce – Application strengthening – Server and mainframe data storage Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Layered Encryption 17 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Fig. 6.9 – Multple layers of encryption 18 • The promise of layered intrusion detection has not been fully realized, though it is useful • The inclusion of intrusion response makes the layered approach more complex • There are three opportunities for different intrusion detection systems to provide layered protection – In -band detection – Out -of -band correlation – Signature sharing Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Layered Intrusion Detection 19 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth Fig. 6.10 – Sharing intrusion detection information between systems 20 • Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems – Identifying assets – Subjective estimations – Obtaining proprietary information – Identifying all possible access paths Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 6 – Depth National Program of Depth

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!