Defend the Computing Environment
g. provide access controls on hosts and servers to resist insider, close-in, and distribution attacks).
Layered Defenses. Even the best available Information Assurance products have inherent weaknesses. So, it is only a matter of time before an adversary will find an exploitable
Examples of Layered Defenses
First Line of Defense
Second Line of Defense
Link & Network Layer Encryption and Traffic Flow Security Defend the Enclave Boundaries Physical and Personnel Security Physical and Personnel Security Trusted Software Development and Distribution
Security Enabled Applications
Defend the Computing Environment Authenticated Access Controls, Audit Technical Surveillance Countermeasures Run Time Integrity Controls
Class of Attack
vulnerability. An effective countermeasure is to deploy multiple defense mechanisms between the adversary and his target. Each of these mechanisms must present unique obstacles to the adversary. Further, each should include both “protection” and “detection” measures. These help to increase risk (of detection) for the adversary while reducing his chances of success or making successful penetrations unaffordable. Deploying nested Firewalls (each coupled with Intrusion Detection) at outer and inner network boundaries
is an example of a layered defense. The inner Firewalls may support more granular access control and data filtering.
Specify the security robustness (strength and assurance) of each Information Assurance component as a function of the value of what’s it is protecting and the threat at the point of application. For example, it’s often more effective and operationally suitable to deploy stronger mechanisms at the network boundaries than at the user desktop.
Deploy robust key management and public key infrastructures that support all of the incorporated Information Assurance technologies and that are highly resistant to attack. This latter point recognizes that these infrastructures are lucrative targets.
e) Deploy infrastructures to detect intrusions and to analyze and correlate the results and react accordingly. These infrastructures should help the “Operations” staff to answer questions such as: Am I under attack? Who is the source? What is the target? Who else is under attack? What are my options?
Operations. The operations leg focuses on all the activities required to sustain an organization’s security posture on a day to day basis.