User:Davidy2001/sandbox
Defense strategy (in computing) is a concept, form of practice for computer designers, users, IT personnel to help reduce the risk of computer security or cybersecurity problems.
Common Strategies
[edit]Boundary protection - strategy employing different security measures and devices preventing unauthorized access to computer system (controlling system border). Approach is based on assumption that attacked did not penetrated system.
Examples of this strategy are using of Firewall (computing), password check, deleting suspicious mails / messages, using gateways, routers and limiting physical access.[1]
Information System Monitoring - strategy performing different security measures finding intruder or damage done by intruder. Strategy based on assumption that system is penetrated, but intruder did not gained full control.[2]
Examples of this strategy are using of antivirus software, using Patch (computing).
Unavoidable actions - strategy performing different security measures that cannot be prevented or neutralized. . Strategy based on assumption that system is penetrated, but intruder cannot access defensive mechanism.
Examples of this strategy are computer reboot, using Physical unclonable function, and using Security switch.
Secure enclave - strategy performing different security measures preventing access to some parts of system. Strategy based on assumption that system is penetrated, but intruder cannot access its special parts.
Examples of this strategy are using of Access level, using Trusted Platform Module, using microkernel, usign Diode (unidirectional network device).
False target – strategy of preparing non- real target for intruder. Strategy based on assumption that system is penetrated, but intruder does not know system architecture.
Example of this strategy is honeypot, Virtual Computer, Virtual security switch, fake files, addresses / passwords copies.
Moving target - strategy performing different security measures of changing data, processes. . Strategy based on assumption that system is penetrated, but intruder does not know system architecture, processes.
Example of this strategy is changing password, changing Key (cryptography), using Dynamic Platform [3]
Useless information - strategy performing different security measures to make important information useless for intruder. . Strategy based on assumption that system is penetrated, but intruder is not able to decrypt information or does not have enough time to decrypt it.
Examples of this strategy are Encrypting File System, using Encryption software.
Delete- strategy performing different security measures preventing intruder from gaining sensitive information at all cost. Strategy based on assumption that damage from information disclosure is more than system integrity. Assuming system may be penetrated, attempt is detected. Strategy is part of Data-centric security approach.
Example of this strategy is information deletion as response to security violation, unauthorized access attempt.
Information redundancy -strategy performing different security measures to keep redundancy for information and using it in case of damage. Strategy based on assumption that finding and repairing of damage is more complicated than restoration of system.
Examples of this strategy are using system restoration, keeping backup files, using backup computer.
Limiting of actions made by robot - strategy performing different security measures to limit robots (software bot) actions. Strategy based on assumption that robot can make more actions or create damage that human cannot.
Example of this strategy is using Anti-spam techniques, using CAPTCHA and other Human presence detection techniques, using DDS based defense (protection from Denial-of-service attack).
Active defense - strategy performing different security measures attacking potential intruder. Strategy based on assumption that potential intruder under attack have less abilities.
Example of this strategy is creating and using lists of trusted networks, devices, applications, blocking addresses, Vendor Management.
Strategy Analysis
[edit]Boundary protection Strategy Analysis.
Main strategy for computing system, if this type of defense is successful, no other strategies are required. Resources consuming strategy. External information system monitoring is part of Boundary protection. [5]
Information System Monitoring Strategy Analysis.
Strategy success based on competition of offence and defense. Time and Resources consuming strategy, affecting performance. Cannot be fully successful if not supported by other strategies.
Unavoidable actions Strategy Analysis.
Strategy can support any other strategy.[6],[7],[8],[9] Resources consuming strategy. Strategy can be fully successful, however in most cases its limiting system functionality.
Secure enclave Strategy Analysis.
Supporting strategy for Boundary protection and Information System Monitoring. Time and Resources consuming strategy. Strategy can be fully successful in its part, which does not guarantee overall success.
False target Strategy Analysis.
Supporting strategy for Information System Monitoring. Time-consuming strategy. Cannot be fully successful if not supported by other strategies.
Moving target Strategy Analysis.
Supporting strategy for Information System Monitoring. Time-consuming strategy. Cannot be fully successful if not supported by other strategies.
Useless information Strategy Analysis.
Supporting strategy for Information System Monitoring. Time and Resources consuming strategy, affecting performance. Cannot be successful if not supported by other strategies. Consequences of Claude Shannon theorems shows that if encryption key is smaller than secured information , the Information-theoretic security can not be achieved. There is only one known unbreakable cryptographic system, the one-time pad, this is not generally possible to use because of the difficulties involved in exchanging one-time pads without their being compromised. Other cryptographic system are only buying time, can be broken. This strategy need to be supported by Moving target strategy or Delete strategy.
Delete Strategy Analysis
Supporting strategy for Information System Monitoring. Resources consuming strategy. Cannot be fully successful, since detection is not quarantined.
Information redundancy Strategy Analysis.
Supporting strategy for Information System Monitoring. Considerable resources consuming strategy. Can be fully successful in its part.
Limiting of actions made by robots Strategy Analysis.
Supporting strategy for Boundary protection and Information System Monitoring. Time and Resources consuming strategy. Strategy cannot be fully successful.
Active defense Strategy Analysis.
Supporting strategy for Boundary protection and Information System Monitoring. Time and Resources consuming strategy. Strategy cannot be fully successful.
See also
[edit]- Firewall (computing)
- Antivirus software
- Patch (computing)
- Security switch
- Physical unclonable function
- Access level
- Trusted Platform Module
- Honeypot
- Virtual Computer
- Virtual security switch
- Encryption software
- Data-centric security
- Anti-spam techniques
- CAPTCHA
- Human presence detection
- Information-theoretic security
- Strong cryptography
References
[edit]- ^ SC-7 BOUNDARY PROTECTION, NIST Special Publication 800-53 [1]
- ^ SI-4 INFORMATION SYSTEM MONITORING, NIST Special Publication 800-53[2]
- ^ Moving Target Techniques: Leveraging Uncertainty for Cyber Defense, [3]
- ^ SANS Institute (2015). "Data-Centric Security Needed to Protect Big Data Implementations".
- ^ SI-4 INFORMATION SYSTEM MONITORING, NIST Special Publication 800-53 [4]
- ^ Best two-factor Authentication[5]
- ^ PUF based encryption [6]
- ^ Design and implementation of Hardware assisted security architecture for software integrity monitoring [7]
- ^ Real-time Captcha technique improves biometric authentication [8]