Security 2

Question 1

Defence in Depth

Answer 1

• ‘Defence in depth’ originated as a military strategy at the time of the Roman empire. The idea was for defensive positions to be prepared at several locations.
• We have adopted the term in cybersecurity to describe defending a system through several independent measures.
• It is more valuable to detect and respond to a breach than it is to prevent one outright because preventative measures can always be bypassed, if not directly then by trying a different route of attack.
• The weakest approach to defence in depth is to secure all parts of the system equally.
• The best approach is to identify critical assets which should be protected and build the heaviest protections around those.
• High-risk areas of the system should be separated from the main system and protected independently.

Question 2

Risk Management

Answer 2

Three key areas:

• Confidentiality: Access to systems should only be shared amongst authorised persons or organisations.
  For example, credit card information should remain confidential and not accessible by unauthorised users.
• Integrity: The systems should be accurate, trustworthy and complete.
• Availability: The systems should be accessible when needed.
  e. g. A denial of service attack where an attacker directs so much internet traffic at a target that it can no longer function is an attack on availability.

Question 3

Stages of an Attack

Answer 3

1. Reconnaissance
2. Initial Exploitation
3. Establish Persistence & Escalate Privileges
4. Move Laterally
5. Exfiltration