Network Defense

Confidentiality, Integrity, Availability

3 key areas of cyber security that needs to be protected

Confidentiality

Information must not be exposed or accessed by any unauthorized individual

Integrity

Information must be consistent and correct unless an unauthorized change was made

Availability

Information must be accessible when and where it is needed

Assets

Anything of value to an organization that must be protected including servers, infrastructure devices, end devices, and the greatest asset, data

Vulnerabilities

A weakness in a system or its design that could be exploited by a threat actor.

Ex: Operating system, Application, Configuration

Threats

Any potential danger to an asset

Assets

constitute the attack surface that threat actors could target

Asset management

consists of inventorying all assets, and then developing and implementing policies and procedures to protect them

People

are considered assets based on knowledge they possess, the access they maintain, the expertise they provide, or the influence they possess

Information

includes the procedures, capabilities, data, and corporate information which enable military and economic superiority

Equipment

is tangible property (other than land or buildings) determined to be essential for the warfighter, industrial base, or supporting activities

Facilities

are manufacturing research, development,testing, and evaluation, operations, or infrastructure related places that if compromised or incapacitated would detrimentally impact technology and programs

Activities

are functions, missions, actions, or collections of actions

Operations

are sequences of activities with a common theme

Suppliers

are entities whose linked activities are associated with providing components, subject matter expertise, or RDT&E activities that if compromise would detrimentally impact programs or technologies.

Asset Lifecycle Stages

Procurement, Deployment, Utilization, Disposal

Procurement

The organization purchases the assets based on the needs identified from data gathered to justify the purchase and be added to inventory

Deployment

The asset is assembled and inspected to check for defects or other problems. Staff perform tests and install tags or barcodes for tracking purposes. Then, it will be removed from inventory to in-use

Utilization

The asset’s performance is continuously checked. Upgrades, patch fixes, new license purchases and compliance audits are all part of the utilization stage.

Maintenance

helps to extend an asset’s productive life. Staff may modify or upgrade the asset

Disposal

At the end of the asset’s productive life, it must be disposed of. All data must be wiped from the asset. Any parts that can cause an environmental hazard must be disposed of according to local guidelines

Procurement

Checking in a new delivery of laptops

Deployment

Adding barcodes to new equipment

Utilization

Rolling out software patches

Maintenance

Upgrading outdated assets

Disposal

Taking broken equipment out of commission

Threat identification

provides an organization with a list of likely threats for a particular environment

Confidentiality

Internal system compromise- The attacker uses the exposed e-banking servers to break into an internal bank system

Confidentiality

Stolen customer data- An attacker steals the personal and financial data of bank customers from the customer database

Integrity

Phony transactions from an external server- An attacker alters the code of the e-banking application and makes transactions by impersonating a legitimate user

Confidentiality or Integrity

Phony transactions using a stolen customer PIN or smart card- An attacker steals the identity of a customer and completes malicious transactions from the compromised account.

Integrity

Insider attack on the system- A bank employee finds a flaw in the system from which to mount an attack.

Integrity

Data Input Errors- A user inputs incorrect data or makes incorrect transaction requests

Availability

Data center destruction- A cataclysmic event severely damages or destroys the data center.

Firewall

Receives incoming traffic

-Firewall does check packet details (source, destination, port etc.)

-Policy Validation

-Allows traffic once validated to the destination host

-Logs traffic details e.g Time, date, IP Addresses etc.

Endpoint Detection and Response

Endpoint Protection

not just the usual anti-malware software.

Dynamic Detection

Performs pattern and behavioral detection to flag suspicious activity and indicators of compromised

Network Monitoring

Can also monitor unusual and anomalous network traffic

Trafic-Based

Blocks malicious traffic coming from external network.

Intrusion Detection Systems (IDS)

functions the same but does not block its detected malicious traffic

Signature Updates

same as AV, IPS also needs to update for new signatures

Onion

A common analogy used to describe

a defense-in-depth approach is

called

artichoke

The changing landscape of networking,

such as the evolution of borderless

networks, has changed this analogy to

the

Layering

setting up different layers of protection, creating a barrier of multiple defenses that work

together to prevent attacks

Limiting

access to data and information reduces the possibility of a security threat. An organization

should restrict access so that each user only has the level of access required to do their job.

Diversity

The layers must be different so that if one layer is penetrated, the same technique will not

work on all the others which would compromise the whole system

Obscurity

Organization should not reveal any information that cybercriminals can use to identify

critical information e.g. Operating System (OS), type or make of equipment or software it uses

Complexity

implementation of complex systems that are hard to understand and troubleshoot, this

may backfire

Regulations

and associated fines and penalties can be

imposed by governments at the national, regional or local level

Standards

cover a broad range of issues and ideas and may provide assurance

that an organization is operating with policies and procedures that support regulations and are widely accepted best practices

Policy

is informed by applicable law(s) and specifies which standards and guidelines the organization will follow

Procedures

Define the explicit, repeatable activities necessary to accomplish a specific task or set of tasks.They provide supporting data, decision criteria or explicit knowledge needed to perform each task