Home Assignment

Assignment

Each student will write an APA paper with no less than 6 peer reviewed references and no less than 3 pages of findings on one aspect of the weekly readings.

For this week you can choose any topic that is in our material to write on.

Subject Name :

Emerging Threats & Countermeas

Chapter

Separation

Cyber Attacks
Protecting National Infrastructure, 1st ed.

• Using a firewall to separate network assets from
intruders is the most familiar approach in cyber
security

• Networks and systems associated with national
infrastructure assets tend to be too complex for
firewalls to be effective

C
h
a
p
te

r 3
–

S
e
p
a
ra

tio
n

Introduction

• Three new approaches to the use of firewalls are
necessary to achieve optimal separation
– Network-based separation

– Internal separation

– Tailored separation

tio
n

Introduction

Fig. 3.1 – Firewalls in simple and
complex networks

• Separation is a technique that accomplishes one of
the following
– Adversary separation

– Component distribution

What Is Separation?

• A working taxonomy of separation techniques: Three
primary factors involved in the use of separation
– The source of the threat

– The target of the security control

– The approach used in the security control

(See figure 3.2)

Fig. 3.2 – Taxonomy of separation
techniques

• Separation is commonly achieved using an access
control mechanism with requisite authentication and
identity management

• An access policy identifies desired allowances for
users requesting to perform actions on system
entities

• Two approaches
– Distributed responsibility

– Centralized control

– (Both will be required)

Functional Separation?

Fig. 3.3 – Distributed versus centralized
mediation

• Firewalls are placed between a system or enterprise
and an un-trusted network (say, the Internet)

• Two possibilities arise
– Coverage: The firewall might not cover all paths

– Accuracy: The firewall may be forced to allow access that
inadvertently opens access to other protected assets

National Infrastructure Firewalls

Fig. 3.4 – Wide area firewall
aggregation and local area firewall

segregation

• Increased wireless connectivity is a major challenge
to national infrastructure security

• Network service providers offer advantages to
centralized security
– Vantage point: Network service providers can see a lot

– Operations: Network providers have operational capacity
to keep security software current

– Investment: Network service providers have the financial
wherewithal and motivation to invest in security

Fig. 3.5 – Carrier-centric network-based
firewall

• Network-based firewall concept includes device for
throttling distributed denial of service (DDOS) attacks

• Called a DDOS filter

• Modern DDOS attacks take into account a more
advanced filtering system

DDOS Filtering

Fig. 3.6 – DDOS filtering of inbound
attacks on target assets

• SCADA – Supervisory control and data acquisition

• SCADA systems – A set of software, computer, and
networks that provide remote coordination of
control system for tangible infrastructures

• Structure includes the following
– Human-machine interface (HMI)

– Master terminal unit (MTU)

– Remote terminal unit (RTU)

– Field control systems

SCADA Separation Architecture

Fig. 3.7 – Recommended SCADA system
firewall architecture

• Why not simply unplug a system’s external
connections? (Called air gapping)

• As systems and networks grow more complex, it
becomes more likely that unknown or unauthorized
external connections will arise

• Basic principles for truly air-gapped networks:
– Clear policy

– Boundary scanning

– Violation consequences

– Reasonable alternatives

Physical Separation

Fig. 3.8 – Bridging an isolated network
via a dual-homing user

• Hard to defend against a determined insider

• Threats may also come from trusted partners

• Background checks are a start

• Techniques for countering insider attack
– Internal firewalls

– Deceptive honey pots

– Enforcement of data markings

– Data leakage protection (DLP) systems

• Segregation of duties offers another layer of
protection

Insider Separation

Fig. 3.9 – Decomposing work functions
for segregation of duty

• Involves the distribution, replication, decomposition,
or segregation of national assets
– Distribution: creating functionality using multiple

cooperating components that work together as distributed
system

– Replication: copying assets across components so if one
asset is broken, the copy will be available

– Decomposition: breaking complex assets into individual
components so an isolated compromise won’t bring down
asset

– Segregation: separation of assets through special access
controls, data markings, and policy enforcement

Asset Separation

Fig. 3.10 – Reducing DDOS risk through
CDN-hosted content

• Typically, mandatory access controls and audit trail
hooks were embedded into the underlying operating
system kernel

• Popular in the 1980s and 1990s

Multilevel Security (MLS)

Fig. 3.11 – Using MLS logical separation
to protect assets

• Internet separation: Certain assets simply shouldn’t
be accessible from the Internet

• Network-based firewalls: These should be managed
by a centralized group

• DDOS protection: All assets should have protection in
place before an attack

• Internal separation: Critical national infrastructure
settings need an incentive to implement internal
separation policy

• Tailoring requirements: Vendors should be
incentivized to build tailored systems such as firewalls
for special SCADA environments

National Separation Program

Turn in your highest-quality paper
Get a qualified writer to help you with

“ Assignment ”

Get high-quality paper

NEW! AI matching with writer

Hire a Writer

Client Reviews

4.9

Sitejabber

4.6

Trustpilot

4.8

Our Guarantees

100% Confidentiality

Information about customers is confidential and never disclosed to third parties.

Original Writing

We complete all papers from scratch. You can get a plagiarism report.

Timely Delivery

No missed deadlines – 97% of assignments are completed in time.

Money Back

If you're confident that a writer didn't follow your order details, ask for a refund.

New to Your Trusted Assignment Help Service? Sign up & Save

Calculate the price of your order

Type of paper needed:

Pages:

You will get a personal manager and a discount.

Academic level:

We'll send you the first draft for approval by at

Total price:

$0.00

Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.

Power up Your Study Success with Experts We’ve Got Your Back.

Order Now Order Now