Counter Measures to Emerging Cyber Threats Emerging Threats and Countermeasures Chapter 3: Separation In today’s world, both government and the private
Counter Measures to Emerging Cyber Threats Emerging Threats and Countermeasures
Chapter 3: Separation
In today’s world, both government and the private sector are struggling to provide a secure, efficient, timely, and separate means of delivering essential services internationally. As a result, these critical national infrastructure systems remain at risk from potential attacks via the Internet.
It is the policy of the United States to prevent or minimize disruptions to the critical national information infrastructure in order to protect the public, the economy, government services, and the national security of the United States.The Federal Government is continually increasing capabilities to address cyber risk associated with critical networks and information systems.
Please explain how you would reduce potential vulnerabilities, protect against intrusion attempts, and better anticipate future threats.
You must do the following:
1) Create a new thread. As indicated above, please explain how you would reduce potential vulnerabilities, protect against intrusion attempts, and better anticipate future threats.
2) Select AT LEAST 3 other students’ threads and post substantive comments on those threads. Your comments should extend the conversation started with the thread. Cyber Attacks
Protecting National Infrastructure, 1st ed.
Chapter 3
Separation
Copyright © 2012, Elsevier Inc.
All Rights Reserved
1
• Using a firewall to separate network assets from
intruders is the most familiar approach in cyber
security
• Networks and systems associated with national
infrastructure assets tend to be too complex for
firewalls to be effective
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Introduction
2
• Three new approaches to the use of firewalls are
necessary to achieve optimal separation
Chapter 3 – Separation
Introduction
– Network-based separation
– Internal separation
– Tailored separation
Copyright © 2012, Elsevier Inc.
All rights Reserved
3
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.1 – Firewalls in simple and
complex networks
4
• Separation is a technique that accomplishes one of
the following
Chapter 3 – Separation
What Is Separation?
– Adversary separation
– Component distribution
Copyright © 2012, Elsevier Inc.
All rights Reserved
5
• A working taxonomy of separation techniques: Three
primary factors involved in the use of separation
Chapter 3 – Separation
What Is Separation?
– The source of the threat
– The target of the security control
– The approach used in the security control
(See figure 3.2)
Copyright © 2012, Elsevier Inc.
All rights Reserved
6
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.2 – Taxonomy of separation
techniques
7
• Separation is commonly achieved using an access
control mechanism with requisite authentication and
identity management
• An access policy identifies desired allowances for
users requesting to perform actions on system
entities
• Two approaches
Chapter 3 – Separation
Functional Separation?
– Distributed responsibility
– Centralized control
– (Both will be required)
Copyright © 2012, Elsevier Inc.
All rights Reserved
8
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.3 – Distributed versus centralized
mediation
9
• Firewalls are placed between a system or enterprise
and an un-trusted network (say, the Internet)
• Two possibilities arise
Chapter 3 – Separation
National Infrastructure Firewalls
– Coverage: The firewall might not cover all paths
– Accuracy: The firewall may be forced to allow access that
inadvertently opens access to other protected assets
Copyright © 2012, Elsevier Inc.
All rights Reserved
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.4 – Wide area firewall
aggregation and local area firewall
segregation
11
• Increased wireless connectivity is a major challenge
to national infrastructure security
• Network service providers offer advantages to
centralized security
Chapter 3 – Separation
National Infrastructure Firewalls
– Vantage point: Network service providers can see a lot
– Operations: Network providers have operational capacity
to keep security software current
– Investment: Network service providers have the financial
wherewithal and motivation to invest in security
Copyright © 2012, Elsevier Inc.
All rights Reserved
12
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.5 – Carrier-centric network-based
firewall
13
• Network-based firewall concept includes device for
throttling distributed denial of service (DDOS) attacks
• Called a DDOS filter
• Modern DDOS attacks take into account a more
advanced filtering system
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
DDOS Filtering
14
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.6 – DDOS filtering of inbound
attacks on target assets
15
• SCADA – Supervisory control and data acquisition
• SCADA systems – A set of software, computer, and
networks that provide remote coordination of
control system for tangible infrastructures
• Structure includes the following
–
–
–
–
Chapter 3 – Separation
SCADA Separation Architecture
Human-machine interface (HMI)
Master terminal unit (MTU)
Remote terminal unit (RTU)
Field control systems
Copyright © 2012, Elsevier Inc.
All rights Reserved
16
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.7 – Recommended SCADA system
firewall architecture
17
• Why not simply unplug a system’s external
connections? (Called air gapping)
• As systems and networks grow more complex, it
becomes more likely that unknown or unauthorized
external connections will arise
• Basic principles for truly air-gapped networks:
–
–
–
–
Chapter 3 – Separation
Physical Separation
Clear policy
Boundary scanning
Violation consequences
Reasonable alternatives
Copyright © 2012, Elsevier Inc.
All rights Reserved
18
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.8 – Bridging an isolated network
via a dual-homing user
19
•
•
•
•
Hard to defend against a determined insider
Threats may also come from trusted partners
Background checks are a start
Techniques for countering insider attack
–
–
–
–
Chapter 3 – Separation
Insider Separation
Internal firewalls
Deceptive honey pots
Enforcement of data markings
Data leakage protection (DLP) systems
• Segregation of duties offers another layer of
protection
Copyright © 2012, Elsevier Inc.
All rights Reserved
20
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.9 – Decomposing work functions
for segregation of duty
21
• Involves the distribution, replication, decomposition,
or segregation of national assets
Chapter 3 – Separation
Asset Separation
– Distribution: creating functionality using multiple
cooperating components that work together as distributed
system
– Replication: copying assets across components so if one
asset is broken, the copy will be available
– Decomposition: breaking complex assets into individual
components so an isolated compromise won’t bring down
asset
– Segregation: separation of assets through special access
controls, data markings, and policy enforcement
Copyright © 2012, Elsevier Inc.
All rights Reserved
22
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.10 – Reducing DDOS risk through
CDN-hosted content
23
• Typically, mandatory access controls and audit trail
hooks were embedded into the underlying operating
system kernel
• Popular in the 1980s and 1990s
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Multilevel Security (MLS)
24
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.11 – Using MLS logical separation
to protect assets
25
• Internet separation: Certain assets simply shouldn’t
be accessible from the Internet
• Network-based firewalls: These should be managed
by a centralized group
• DDOS protection: All assets should have protection in
place before an attack
• Internal separation: Critical national infrastructure
settings need an incentive to implement internal
separation policy
• Tailoring requirements: Vendors should be
incentivized to build tailored systems such as firewalls
for special SCADA environments
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
National Separation Program
26
https://www.whitehouse.gov/presidential-actions/presidential-executive-orderstrengthening-cybersecurity-federal-networks-critical-infrastructure/
Purchase answer to see full
attachment