In broad terms, there are six different approaches that can be used to defend information systems against attacks by malicious parties. The first of these approaches is prevention, and preventing an attack can be accomplished by either blocking the attack, or by entirely closing or eliminating a vulnerability. Remember that an attack occurs when someone intentionally exploits a vulnerability. If we are therefore able to close or entirely eliminate the vulnerability, then the attack cannot occur. The second method of defense is deterrence, and deterring an attack can be accomplished by finding ways to make the attack more difficult to carry out. The third method of defense is deflection, and in order to deflect an attack, another target must be provided for the attacker which seems to be more attractive than the original target. In this way, it may be possible to artfully encourage the attacker to pursue a target that is of little real value.
After prevention, deterrence, and deflection, the fourth approach to defending information systems is through mitigation. An attack can be mitigated by taking steps to make the impact of the attack less severe. If despite our best efforts we are unable to prevent, deter, or deflect an attack, then the best strategy is to have mechanisms in place which will contain the damage.
The fifth method of defense is detection, and detection can take place either while an attack is in progress, or after the attack has been completed. If an attack can be detected while it is still underway, then it may be possible to stop the attack immediately, thus preventing further harm. It is, however, important to realize that detecting an attack after it has taken place can also be of great value. If an attack can be detected after it has taken place, then it may be possible to repair the damage and learn from the attack by determining exactly how the system was compromised. Such information can be useful in identifying and closing vulnerabilities, thus preventing similar attacks from being successful in the future.
Finally, the sixth method of defense is to recover from an attack. It is necessary to have mechanisms in place such as organizational protocols, backup copies of data, and so forth that allow us to quickly recover from a successful attack. Recovery is a legitimate method of defense because if an attacker finds that the effects of her attack are short-lived and quickly fixed, then she may be less likely to attack us in the future.
0 comments :
Post a Comment