emerging threats3

What is separation and what role does it play in a program of national infrastructure protection?

Refer attachment

Don't use plagiarized sources. Get Your Custom Essay on

emerging threats3

Just from $13/Page

Order Essay

*

Copyright © 2012, Elsevier Inc. All Rights Reserved
Chapter 3
Separation
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Copyright © 2012, Elsevier Inc. All Rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Using a firewall to separate network assets from intruders is the most familiar approach in cyber security
Networks and systems associated with national infrastructure assets tend to be too complex for firewalls to be effective
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Introduction
Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Three new approaches to the use of firewalls are necessary to achieve optimal separation
Network-based separation
Internal separation
Tailored separation
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Introduction

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Fig. 3.1 – Firewalls in simple and complex networks
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Copyright © 2012, Elsevier Inc. All rights Reserved

*

Separation is a technique that accomplishes one of the following
Adversary separation
Component distribution
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
What Is Separation?

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

A working taxonomy of separation techniques: Three primary factors involved in the use of separation
The source of the threat
The target of the security control
The approach used in the security control

(See figure 3.2)
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
What Is Separation?

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.2 – Taxonomy of separation techniques

*

Separation is commonly achieved using an access control mechanism with requisite authentication and identity management
An access policy identifies desired allowances for users requesting to perform actions on system entities
Two approaches
Distributed responsibility
Centralized control
(Both will be required)
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Functional Separation?

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.3 – Distributed versus centralized mediation

*

Firewalls are placed between a system or enterprise and an un-trusted network (say, the Internet)
Two possibilities arise
Coverage: The firewall might not cover all paths
Accuracy: The firewall may be forced to allow access that inadvertently opens access to other protected assets
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
National Infrastructure Firewalls

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.4 – Wide area firewall aggregation and local area firewall segregation

*

Increased wireless connectivity is a major challenge to national infrastructure security
Network service providers offer advantages to centralized security
Vantage point: Network service providers can see a lot
Operations: Network providers have operational capacity to keep security software current
Investment: Network service providers have the financial wherewithal and motivation to invest in security
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
National Infrastructure Firewalls

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.5 – Carrier-centric network-based firewall

*

Network-based firewall concept includes device for throttling distributed denial of service (DDOS) attacks
Called a DDOS filter
Modern DDOS attacks take into account a more advanced filtering system
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
DDOS Filtering

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.6 – DDOS filtering of inbound attacks on target assets

*

SCADA – Supervisory control and data acquisition
SCADA systems – A set of software, computer, and networks that provide remote coordination of control system for tangible infrastructures
Structure includes the following
Human-machine interface (HMI)
Master terminal unit (MTU)
Remote terminal unit (RTU)
Field control systems
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
SCADA Separation Architecture

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.7 – Recommended SCADA system firewall architecture

*

Why not simply unplug a system’s external connections? (Called air gapping)
As systems and networks grow more complex, it becomes more likely that unknown or unauthorized external connections will arise
Basic principles for truly air-gapped networks:
Clear policy
Boundary scanning
Violation consequences
Reasonable alternatives
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Physical Separation

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.8 – Bridging an isolated network via a dual-homing user

*

Hard to defend against a determined insider
Threats may also come from trusted partners
Background checks are a start
Techniques for countering insider attack
Internal firewalls
Deceptive honey pots
Enforcement of data markings
Data leakage protection (DLP) systems
Segregation of duties offers another layer of protection
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Insider Separation

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.9 – Decomposing work functions for segregation of duty

*

Involves the distribution, replication, decomposition, or segregation of national assets
Distribution: creating functionality using multiple cooperating components that work together as distributed system
Replication: copying assets across components so if one asset is broken, the copy will be available
Decomposition: breaking complex assets into individual components so an isolated compromise won’t bring down asset
Segregation: separation of assets through special access controls, data markings, and policy enforcement
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Asset Separation

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.10 – Reducing DDOS risk through CDN-hosted content

*

Typically, mandatory access controls and audit trail hooks were embedded into the underlying operating system kernel
Popular in the 1980s and 1990s
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Multilevel Security (MLS)

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
Fig. 3.11 – Using MLS logical separation to protect assets

*

Internet separation: Certain assets simply shouldn’t be accessible from the Internet
Network-based firewalls: These should be managed by a centralized group
DDOS protection: All assets should have protection in place before an attack
Internal separation: Critical national infrastructure settings need an incentive to implement internal separation policy
Tailoring requirements: Vendors should be incentivized to build tailored systems such as firewalls for special SCADA environments
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 3 – Separation
National Separation Program

The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

Chapter 2 — Instructions: Language of the Computer

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

Order Now Talk to Us

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

Most Qualified Writer $10FREE
Plagiarism Scan Report $10FREE
Unlimited Revisions $08FREE
Paper Formatting $05FREE
Cover Page $05FREE
Referencing & Bibliography $10FREE
Dedicated User Area $08FREE
24/7 Order Tracking $05FREE
Periodic Email Alerts $05FREE

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

On-time Delivery
24/7 Order Tracking
Access to Authentic Sources

Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Sign Up Talk to Us

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

Categories

All samples

Essay (any type)

Essay (any type)

The Value of a Nursing Degree

Undergrad. (yrs 3-4)

Nursing

2

View this sample

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

Call Us +1 (877) 657-8180 Discuss Order Details Now

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

Clear elicitation of your requirements.
Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

Proactive analysis of your writing.
Active communication to understand requirements.

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

Thorough research and analysis for every order.
Deliverance of reliable writing service to improve your grades.

Place an Order Start Chat Now