Discussion3: Emerging threats and counter sticks
After reading chapter 3, analyze how separation within a network is a great technical control. The response must contain at least one external citation and reference in APA format.
1
Copyright © 2012, Elsevier Inc.
All Rights Reserved
Chapter
3
Separation
Cyber Attacks
Protecting National Infrastructure, 1st ed.
2
• Using a firewall to separate network assets from
intruders is the most familiar approach in cyber
security
• Networks and systems associated with national
infrastructure assets tend to be too complex for
firewalls to be effective
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Introduction
3
• Three new approaches to the use of firewalls are
necessary to achieve optimal separation
– Network-based separation
– Internal separation
– Tailored separation
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Introduction
4
Fig. 3.1 – Firewalls in simple and
complex networks
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
5
• Separation is a technique that accomplishes one of
the following
– Adversary separation
– Component distribution
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
What Is Separation?
6
• A working taxonomy of separation techniques: Three
primary factors involved in the use of separation
– The source of the threat
– The target of the security control
– The approach used in the security control
(See figure 3.2)
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
What Is Separation?
7
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.2 – Taxonomy of separation
techniques
8
• Separation is commonly achieved using an access
control mechanism with requisite authentication and
identity management
• An access policy identifies desired allowances for
users requesting to perform actions on system
entities
• Two approaches
– Distributed responsibility
– Centralized control
– (Both will be required)
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Functional Separation?
9
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.3 – Distributed versus centralized
mediation
10
• Firewalls are placed between a system or enterprise
and an un-trusted network (say, the Internet)
• Two possibilities arise
– Coverage: The firewall might not cover all paths
– Accuracy: The firewall may be forced to allow access that
inadvertently opens access to other protected assets
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
National Infrastructure Firewalls
11
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.4 – Wide area firewall
aggregation and local area firewall
segregation
12
• Increased wireless connectivity is a major challenge
to national infrastructure security
• Network service providers offer advantages to
centralized security
– Vantage point: Network service providers can see a lot
– Operations: Network providers have operational capacity
to keep security software current
– Investment: Network service providers have the financial
wherewithal and motivation to invest in security
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
National Infrastructure Firewalls
13
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.5 – Carrier-centric network-based
firewall
14
• Network-based firewall concept includes device for
throttling distributed denial of service (DDOS) attacks
• Called a DDOS filter
• Modern DDOS attacks take into account a more
advanced filtering system
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
DDOS Filtering
15
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.6 – DDOS filtering of inbound
attacks on target assets
16
• SCADA – Supervisory control and data acquisition
• SCADA systems – A set of software, computer, and
networks that provide remote coordination of
control system for tangible infrastructures
• Structure includes the following
– Human-machine interface (HMI)
– Master terminal unit (MTU)
– Remote terminal unit (RTU)
– Field control systems
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
SCADA Separation Architecture
17
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.7 – Recommended SCADA system
firewall architecture
18
• Why not simply unplug a system’s external
connections? (Called air gapping)
• As systems and networks grow more complex, it
becomes more likely that unknown or unauthorized
external connections will arise
• Basic principles for truly air-gapped networks:
– Clear policy
– Boundary scanning
– Violation consequences
– Reasonable alternatives
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Physical Separation
19
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.8 – Bridging an isolated network
via a dual-homing user
20
• Hard to defend against a determined insider
• Threats may also come from trusted partners
• Background checks are a start
• Techniques for countering insider attack
– Internal firewalls
– Deceptive honey pots
– Enforcement of data markings
– Data leakage protection (DLP) systems
• Segregation of duties offers another layer of
protection
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Insider Separation
21
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.9 – Decomposing work functions
for segregation of duty
22
• Involves the distribution, replication, decomposition,
or segregation of national assets
– Distribution: creating functionality using multiple
cooperating components that work together as distributed
system
– Replication: copying assets across components so if one
asset is broken, the copy will be available
– Decomposition: breaking complex assets into individual
components so an isolated compromise won’t bring down
asset
– Segregation: separation of assets through special access
controls, data markings, and policy enforcement
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Asset Separation
23
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.10 – Reducing DDOS risk through
CDN-hosted content
24
• Typically, mandatory access controls and audit trail
hooks were embedded into the underlying operating
system kernel
• Popular in the 1980s and 1990s
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Multilevel Security (MLS)
25
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
Fig. 3.11 – Using MLS logical separation
to protect assets
26
• Internet separation: Certain assets simply shouldn’t
be accessible from the Internet
• Network-based firewalls: These should be managed
by a centralized group
• DDOS protection: All assets should have protection in
place before an attack
• Internal separation: Critical national infrastructure
settings need an incentive to implement internal
separation policy
• Tailoring requirements: Vendors should be
incentivized to build tailored systems such as firewalls
for special SCADA environments
Copyright © 2012, Elsevier Inc.
All rights Reserved
C
h
a
p
te
r 3
–
S
e
p
a
ra
tio
n
National Separation Program