VIEWS: 2 PAGES: 2 CATEGORY: Computers POSTED ON: 7/14/2010
While this familiar methodology has served acceptably for many years, it is unfortunately not well suited to the needs of critical infrastructure protection. Firewalls often cannot be placed around assets, simply because no reasonable perimeter can be identified. Passwords are often ineffective in infrastructure settings where compromised insiders might be the primary risk.
From the CSO’s desk Rethinking infrastructure protection Edward Amoroso SVP/CSO, AT&T cerns to-day concerns of protecting tected by o one type of only T he approach that most rastructure massive infrastructure for method. security experts follow ational essential national services. The use of human discre- centers on three basic To begin with, deception mai tion in maintaining secrecy approaches: building security tentionally involves intentionally tricking around sec security operations walls around critical assets, adversaries using bogus traps. is applied i government in strengthening credentials ding Since hiding critical settings, bu not so much in but used to access critical assets, nd assets behind a massive corporate e environments. and placing surveillance corporate perimeter no Similar to log ﬁle capture, around these assets. Most of ks, longer works, separation intelligen collection of the intelligent you would recognize these olating involves isolating the right typ of data from type three approaches as ﬁrewalls, al most critical assets in a infrastr infrastructure systems passwords and log ﬁles. protected enclave that must be addressed. While this familiar method- d is separated from less The a ability to correlate ology has served acceptably important resources. disparate d into action- data for many years, it is unfortu- y Diversity ensures a mix able intellig intelligence requires nately not well suited to the ogies, of technologies, vendors human skil and automated skills needs of critical infrastructure aches, and approaches, thereby tools; while response involves protection. Firewalls often he reducing the likelihood of the creation of
Pages to are hidden for
"Rethinking infrastructure protection"Please download to view full document