Edward Amoroso is currently Senior Vice President and Chief Security Officer of AT&T, where he has worked in cyber security for the past twenty-five years. He has also held the adjunct professor position in the computer science department at the Stevens Institute of Technology for the past twenty years. Edward has written four previous books on computer security, and his writings and commentary have appeared in major national newspapers, television shows, and books. He holds a BS degree in physics from Dickinson College, and the MS/PhD degrees in computer science from Stevens Institute of Technology. He is also a graduate of the Columbia Business School.
Cyber Attacks takes the national debate on protecting critical infrastructure in an entirely new and fruitful direction. It initiates an intelligent national (and international) dialogue amongst the general technical community around proper methods for reducing national risk. This includes controversial themes such as the deliberate use of deception to trap intruders. It also serves as an attractive framework for a new national strategy for cyber security, something that several Presidential administrations have failed in attempting to create. In addition, nations other than the US might choose to adopt the framework as well.This book covers cyber security policy development for massively complex infrastructure using ten principles derived from experiences in U.S. Federal Government settings and a range of global commercial environments. It provides a unique and provocative philosophy of cyber security that directly contradicts conventional wisdom about info sec for small or enterprise-level systems. It illustrates the use of practical, trial-and-error findings derived from 25 years of hands-on experience protecting critical infrastructure on a daily basis at AT&T. Each principle is presented as a separate security strategy, along with pages of compelling examples that demonstrate use of the principle. Cyber Attacks will be of interest to security professionals tasked with protection of critical infrastructure and with cyber security; CSOs and other top managers; government and military security specialists and policymakers; security managers; and students in cybersecurity and international security programs. - Covers cyber security policy development for massively complex infrastructure using ten principles derived from experiences in U.S. Federal Government settings and a range of global commercial environments- Provides a unique and provocative philosophy of cyber security that directly contradicts conventional wisdom about info sec for small or enterprise-level systems- Illustrates the use of practical, trial-and-error findings derived from 25 years of hands-on experience protecting critical infrastructure on a daily basis at AT&T
Front Cover 1
Cyber Attacks: Protecting National Infrastructure 4
Copyright Page 5
Contents 6
Preface 10
Acknowledgment 12
Chapter 1 Introduction 14
National Cyber Threats, Vulnerabilities, and Attacks 17
Botnet Threat 19
National Cyber Security Methodology Components 22
Deception 24
Separation 26
Diversity 29
Consistency 30
Depth 32
Discretion 33
Collection 34
Correlation 36
Awareness 38
Response 39
Implementing the Principles Nationally 41
Chapter 2 Deception 44
Scanning Stage 48
Deliberately Open Ports 50
Discovery Stage 52
Deceptive Documents 54
Exploitation Stage 55
Procurement Tricks 58
Exposing Stage 59
Interfaces Between Humans and Computers 60
National Deception Program 62
Chapter 3 Separation 64
What Is Separation? 66
Functional Separation 68
National Infrastructure Firewalls 70
DDOS Filtering 73
SCADA Separation Architecture 75
Physical Separation 76
Insider Separation 78
Asset Separation 81
Multilevel Security (MLS) 83
Chapter 4 Diversity 86
Diversity and Worm Propagation 88
Desktop Computer System Diversity 90
Diversity Paradox of Cloud Computing 93
Network Technology Diversity 95
Physical Diversity 98
National Diversity Program 100
Chapter 5 Commonality 102
Meaningful Best Practices for Infrastructure Protection 105
Locally Relevant and Appropriate Security Policy 108
Culture of Security Protection 110
Infrastructure Simplification 112
Certification and Education 115
Career Path and Reward Structure 118
Responsible Past Security Practice 119
National Commonality Program 120
Chapter 6 Depth 122
Effectiveness of Depth 124
Layered Authentication 128
Layered E-Mail Virus and Spam Protection 132
Layered Access Controls 133
Layered Encryption 135
Layered Intrusion Detection 137
National Program of Depth 139
Chapter 7 Discretion 142
Trusted Computing Base 143
Security Through Obscurity 146
Information Sharing 148
Information Reconnaissance 150
Obscurity Layers 152
Organizational Compartments 154
National Discretion Program 156
Chapter 8 Collection 158
Collecting Network Data 161
Collecting System Data 163
Security Information and Event Management 167
Large-Scale Trending 169
Tracking a Worm 172
National Collection Program 174
Chapter 9 Correlation 176
Conventional Security Correlation Methods 180
Quality and Reliability Issues in Data Correlation 182
Correlating Data to Detect a Worm 183
Correlating Data to Detect a Botnet 185
Large-Scale Correlation Process 187
National Correlation Program 189
Chapter 10 Awareness 192
Detecting Infrastructure Attacks 196
Managing Vulnerability Information 197
Cyber Security Intelligence Reports 199
Risk Management Process 201
Security Operations Centers 203
National Awareness Program 205
Chapter 11 Response 206
Pre-Versus Post-Attack Response 208
Indications and Warning 210
Incident Response Teams 211
Forensic Analysis 214
Law Enforcement Issues 216
Disaster Recovery 217
National Response Program 219
Appendix: Sample National Infrastructure Protection Requirements 220
Sample Deception Requirements (Chapter 2) 221
Sample Separation Requirements (Chapter 3) 222
Sample Diversity Requirements (Chapter 4) 224
Sample Commonality Requirements (Chapter 5) 225
Sample Depth Requirements (Chapter 6) 226
Sample Discretion Requirements (Chapter 7) 227
Sample Collection Requirements (Chapter 8) 227
Sample Correlation Requirements (Chapter 9) 228
Sample Awareness Requirements (Chapter 10) 229
Sample Response Requirements (Chapter 11) 229
Index 232
A 232
B 233
C 233
D 235
E 237
F 237
G 238
H 238
I 238
L 239
M 240
N 240
O 241
P 241
Q 242
R 242
S 243
T 245
U 245
V 245
W 245
| Erscheint lt. Verlag | 20.12.2010 |
|---|---|
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| ISBN-10 | 0-12-384918-7 / 0123849187 |
| ISBN-13 | 978-0-12-384918-2 / 9780123849182 |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 1,9 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Größe: 3,8 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
