Discussion: Emerging risks and counter strikes
Evaluate the advantages and disadvantages of a honey pot. Your response should be at least 200+ words, and contain at least one external citation and reference in APA format.
*
*
Copyright © 2012, Elsevier Inc. All Rights Reserved
Chapter 1
Introduction
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Copyright © 2012, Elsevier Inc. All Rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
National infrastructure
Refers to the complex, underlying delivery and support systems for all large-scale services considered absolutely essential to a nation
Conventional approach to cyber security not enough
New approach needed
Combining best elements of existing security techniques with challenges that face complex, large-scale national services
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Introduction
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.1 – National infrastructure cyber and physical attacks
Copyright © 2012, Elsevier Inc. All rights Reserved
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.2 – Differences between small- and large-scale cyber security
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Three types of malicious adversaries
External adversary
Internal adversary
Supplier adversary
National Cyber Threats,
Vulnerabilities, and Attacks
Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.3 – Adversaries and exploitation points in national infrastructure
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Three exploitation points
Remote access
System administration and normal usage
Supply chain
National Cyber Threats,
Vulnerabilities, and Attacks
Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Infrastructure threatened by most common security concerns:
Confidentiality
Integrity
Availability
Theft
National Cyber Threats,
Vulnerabilities, and Attacks
Copyright © 2012, Elsevier Inc. All rights Reserved
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Botnet Threat
What is a botnet attack?
The remote collection of compromised end-user machines (usually broadband-connected PCs) is used to attack a target.
Sources of attack are scattered and difficult to identify
Five entities that comprise botnet attack: botnet operator, botnet controller, collection of bots, botnot software drop, botnet target
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Five entities that comprise botnet attack:
Botnet operator
Botnet controller
Collection of bots
Botnot software drop
Botnet target
Distributed denial of service (DDOS) attack: bots create “cyber traffic jam”
Botnet Threat
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.4 – Sample DDOS attack from a botnet
*
National Cyber Security
Methodology Components
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Ten basic design and operation principles:
Deception – Discretion
Separation – Collection
Diversity – Correlation
Commonality – Awareness
Depth – Response
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Deliberately introducing misleading functionality or misinformation for the purpose of tricking an adversary
Computer scientists call this functionality a honey pot
Deception enables forensic analysis of intruder activity
The acknowledged use of deception may be a deterrent to intruders (every vulnerability may actually be a trap)
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Deception
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.5 – Components of an interface with deception
*
Separation involves enforced access policy restrictions on users and resources in a computing environment
Most companies use enterprise firewalls, which are complemented by the following:
Authentication and identity management
Logical access controls
LAN controls
Firewalls
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Separation
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Fig. 1.6 – Firewall enhancements for national infrastructure
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
*
Diversity is the principle of using technology and systems that are intentionally different in substantive ways.
Diversity hard to implement
A single software vendor tends to dominate the PC operating system business landscape
Diversity conflicts with organizational goals of simplifying supplier and vendor relationships
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Diversity
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.7 – Introducing diversity to national infrastructure
*
Consistency involves uniform attention to security best practices across national infrastructure components
Greatest challenge involves auditing
A national standard is needed
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Commonality
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Depth involves using multiple security layers to protect national infrastructure assets
Defense layers are maximized by using a combination of functional and procedural controls
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Depth
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.8 – National infrastructure security through defense in depth
*
Discretion involves individuals and groups making good decisions to obscure sensitive information about national infrastructure
This is not the same as “security through obscurity”
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Discretion
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Collection involves automated gathering of system-related information about national infrastructure to enable security analysis
Data is processed by a security information management system.
Operational challenges
What type of information should be collected?
How much information should be collected?
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Collection
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.9 – Collecting national infrastructure-related security information
*
Correlation involves a specific type of analysis that can be performed on factors related to national infrastructure protection
This type of comparison-oriented analysis is indispensable
Past initiatives included real-time correlation of data at fusion center
Difficult to implement
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Correlation
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Fig. 1.10 – National infrastructure high-level correlation approach
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
*
Awareness involves an organization understanding the differences between observed and normal status in national infrastructure
Most agree on the need for awareness, but how can awareness be achieved?
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Awareness
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.11 – Real-time situation awareness process flow
*
Response involves the assurance that processes are in place to react to any security-related indicator
Indicators should flow from the awareness layer
Current practice in smaller corporate environments of reducing “false positives” by waiting to confirm disaster is not acceptable for national infrastructure
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Response
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer
*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Fig. 1.12 – National infrastructure security response approach
*
Commissions and groups
Information sharing
International cooperation
Technical and operational costs
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 1 – Introduction
Implementing the Principles Nationally
The University of Adelaide, School of Computer Science
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*
Chapter 2 — Instructions: Language of the Computer