The purpose of this chapter is to present a general background on cyber security and defense for analysis and targeting. We will begin with a description of current thinking on cyber security systems, including layered defense. This will be followed by a review of end points, connections, and key network nodes in terms of their vulnerabilities and possible technical tools to secure them. Included in this survey will be a review of the cyber attack cycle, a look at organized malware (e.g., botnets) construction and its detection, and a reflection on the importance of understanding defended network terrain in order to develop a successful network defense strategy. In addition, we will look at the broader context of cyber defense, and how we might incorporate conceptual security architecture approaches (e.g., denial and deception) in order to improve the likelihood of success in securing and defending a network.
Deception policies are implemented by processes that use technology solutions. For example, as discussed in Sect. 6.4, Stoll used honey files to track Russian KGB cyber attack operatives in a 1980s US defense network hacking attempt (Stoll, 2005). Other technical security measures include protecting files with blockchain encryption or obfuscating the environment (e.g., honeypots, moving target defense) to protect against a motivated attacker.
Technical solutions, however, do not ensure a successful cyber defense. Zero-day exploits and private key compromise are examples of vulnerabilities that defeat strong technical solutions. Cyber analysis is therefore key to providing network defenders with a clear structuring of how a system is protected at each phase of an attack cycle (Figs. 6.2, 6.3, and 6.5; Table 6.6), which help us to answer the questions posed at the beginning of the chapter.
Reference details
How to cite this reference: