FACULTY OF COMPUTING AND INFORMATION MANAGEMENT

BACHELOR OF SCIENCE IN INFORMATION SECURITY AND FORENSIC STUDIES

UNIT: BISF-3202

INFRASTRUCTURE FOR SECURITY & INTELLIGENCE

BY: KINYA SHARON KAGENI RegNo – 20/00208

Email: [email protected]

LECTURER: MR MARTIN KIBE

SEPT-DEC 2022

This ASSIGNMENT 1is submitted IN PARTIAL FULFILMENT OF THE REQUIREMENTS

OF the award of BACHELORS OF SCIENCE IN INFORMATION SECURITY AND
FORENSIC STUDIES in KCA University
In critical infrastructure security, all standards organizations, regulations, and
recommendations indicate that a defense-in-depth strategy should be implemented.

i. Map out a Defense in Depth Perimeter you would apply in strategizing the
security of a critical infrastructure component along with the Corresponding
Protective Measures (10 Marks)

Critical infrastructure are those physical facilities, supply chains, information technologies and
communication networks that, if destroyed, degraded or rendered unavailable for an extended
period, would significantly impact on the social or economic wellbeing of the nation or affect a
nation ability to conduct national defense and ensure national security

Defense in Depth is a cybersecurity strategy in which many protective measures are layered to
safeguard sensitive data and information. When one defense system fails, another springs into
action right away to stop an assault. This multi-layered strategy with deliberate redundancy
boosts system security overall and counters numerous attack routes.

Defense in Depth uses a comprehensive strategy to safeguard all assets, by providing effective
levels of monitoring and protection using the resources that are available to the organization
while taking into account its interconnections and dependencies

A defense in depth approach focuses on three primary areas:

 Prevention
 Detection
 Response
Defense-in-depth architecture: Layered security

Physical controls – These controls include security measures that prevent physical access to IT
systems, such as security guards or locked doors.

Technical controls – Technical controls include security measures that protect network systems
or resources using specialized hardware or software, such as a firewall appliance or antivirus
program.

Administrative controls – Administrative controls are security measures consisting of policies

or procedures directed at an organization’s employees’. It involves risk management, policy and
compliance management, information security, instructing users to label sensitive information as
confidential.
Defense in Depth Controls that I will implement will include: -

1. Physical access

I will implement the physical access control provides protection for the entire facility, from the
outside perimeter to the inside office space, including the data center or server room.

Corresponding Protective Measures:

i. Biometrics

Biometrics are physical traits or biological measurements that can be used to identify a person.
Examples of biometric technology include

 facial recognition,
 fingerprint mapping
 Retina scans.
 Voice recognition

ii. Physical Access systems

Physical access control ensures that only those who are allowed to enter an area can enter by
creating barriers to prevent unauthorized people from entering a physical space. They include: -

 Barriers include walls, fences, doors, bollards, and gates.

 Alarms are primarily for letting us know if that control is functioning properly that is, if it
has it been breached.
 Lights and Cameras
 Antitheft, Anti-tamper, and Inventory Controls for Alerting device manipulation such as
power removal, device resets, cabling changes, or the addition/use of removable media
devices
 Visitor escort requirements and procedures.
 iii. Use of Data Diode at the physical layer

A data diode is a unidirectional network communication device that enables the safe, one-way
transfer of data between segmented networks. Data diode design maintains physical and
electrical separation of source and destination networks, establishing a non-routable, completely
closed one-way data transfer between networks. Data diodes effectively eliminate external points
of entry to the sending system, preventing intruders and contagious elements from infiltrating the
network.

2. Network Access

I will implement the network access solutions to provide a way to manage access to network
resources by establishing which devices and users are authorized to connect to wired and
wireless networks in the critical infrastructure. This will make all devices and users visible to
network managers and allows technicians to enforce security policies across every part of
corporate networks. Network Access Control tools will also determine which resources are
available to a corporate network user. Security policies can set out different access tiers
dependent upon user roles, and Network Access Control software can make it impossible for
users to move outside their allotted permission.

Corresponding Protective Measures:

i. Network Access Control (NAC)

NAC tools determines which resources are available to corporate network users. Security
policies can set out different access tiers dependent upon user roles, and Network Access Control
software can make it impossible for users to move outside their allotted permission.

ii. Access management lists (ACLs)

These are the controls that supports implementation of security of application.

 iii. VPN

VPNs mask user data by routing all communications through an encrypted private server, rather
than a public internet service provider, allowing users to remotely connect to a network via a
secure tunnel.

On the network layer the following controls will be implemented: -

iv. Firewalls

Firewalls are software or hardware appliances that control network traffic through access or deny
policies or rules. These rules may include black or whitelisting IP addresses, MAC addresses,
and ports. There are also application-specific firewalls, such as Web Application Firewalls
(WAF) and secure email gateways that focus on detecting malicious activity directed at a
particular application.

v. Intrusion detection system (IDS).

An IDS detects unauthorized access attempts and flags them as potentially dangerous but does
not remove them.

vi. Intrusion prevention system.

Is designed to prevent intrusions by detecting and blocking unauthorized attempts to access a

network.

vii. Access management lists (ACLs)

An access control list (ACL) is a list of rules that specifies which users or systems are granted or
denied access to a particular object or system resource.
 3. User management

In order to successfully implement user-access management controls within an organization, I

will make a comprehensive and accurate understanding of personnel, roles and
system/information access requirements is needed. This will help me in creating a secure user
management control.

To Implement user-access management the following will be collected:

 Core principles.

Dentails of the core principles underpinning user-access management and providing the basis
for subsequent controls.

 Implementing governance controls.

Details of the key objectives and approaches to providing information security governance
oversight to user-access management.

 Implementing people controls.

Details of the key objectives and approaches to implementing user-access management controls
in the management of personnel within an organisation.

 Implementing process controls.

Details of the key objectives and approaches to implementing procedural user-access

management controls.

 Implementing technology controls.

Details of the key objectives and approaches to implementing specific technical controls into a
comprehensive user-access management scheme.
Corresponding Protective Measures:

i. Active Directory and LDAP

Active Directory is a database and set of services that runs on Microsoft Windows server.
Active Directory will provide this two main functions where it allows:

 Users to authenticate and access resources in the domain.

 Administrators to manage permissions and access to these network resources.

LDAP (Lightweight Directory Access Protocol) is a software protocol that allows users to locate
an organization’s data. LDAP authentication techniques are an effective deterrent to security
risks. LDAP will assist with:

 Prevention of disclosing any passwords, by use of an encrypted channel that the LDAP
server supports.

 Conversion to the more sophisticated SASL technique, which firmly secures

authentication procedures by separating them from application protocols.

On the Application layer the following controls will be implemented:

Monitoring and prevention – it will include logging, vulnerability scanning, and security
training for staff.
 4. Data access

Data access control will be used to control how users interact with critical infrastructure’s data.
The goal is to ensure that data is accessed in a manner that meets the security, privacy, and
compliance needs, without undermining efficiency or accessibility.

Corresponding Protective Measures:

 Permission Control

In permission control we have:

 Entity-centric methods
 Data centric methods
 Context centric methods
 Access control, Authentication and Authorization

i. Entity-centric methods

Entity-centric data access control involves setting permissions based on different entities’
attributes.

 Assigning entities, a defined role, with set permissions.

 Creating conditions to assign permissions to entities, based on their existing attributes

ii. Data centric methods

By setting up rules to control access, at the level of the data itself, rather than based on entities to
maximize on the security. For example, having a particular dataset that can only be accessed via
a dedicated application. to strictly control who can access the application, through authentication
and identity management tools.
 iii. Context centric methods

I will limit the capacity to export huge amounts of data to specific periods of the day based on
the context of how data is accessed, in order to avoid significant breaches. I could also limit the
activities that can be taken on particular database items based on where they are in a given
workflow.

iv. Access control

Access control is a security technique that regulates who or what can view or use resources in a
computing environment. Access control involves two main processes:

 Authentication is the process of ensuring users are who they say they are.
 Authorization is the process of ensuring authenticated users have access to the necessary
data and resources.

v. File integrity monitoring (FIM)

File integrity monitoring refers to an IT security process and technology that tests and checks
operating system (OS), database, and application software files to determine whether or not they
have been tampered with or corrupted.

File integrity monitoring, verifies and validates these files by comparing the latest versions of
them to a known, trusted baseline. If file integrity monitoring detects that files have been altered,
updated, or compromised and generates alerts to ensure further investigation, and if necessary
remediation takes place. File integrity monitoring encompasses both reactive (forensic) auditing
as well as proactive, rules-based active monitoring.
 5. Data
Data is the lifeblood of every organization. It informs decision-making, finds solutions to
problems, improves the efficiency and efficacy of operations, boosts customer service and
informs marketing efforts, reduces risks, increases productivity, enhances collaboration and, in
the end, is instrumental in increasing revenue and profit.

Data security is the practice of safeguarding digital information from unauthorized access,
accidental loss, disclosure and modification, manipulation or corruption throughout its entire
lifecycle, from creation to destruction.

Corresponding Protective Measures:

i. Data Diode

A data diode is a unidirectional network communication device that enables the safe, one-way
transfer of data between segmented networks. Data diode design maintains physical and
electrical separation of source and destination networks, establishing a non-routable, completely
closed one-way data transfer between networks. Data diodes effectively eliminate external points
of entry to the sending system, preventing intruders and contagious elements from infiltrating the
network.

6. Human element

The human element is the least secure and least controlled aspect of enterprise security because
of the inherent vulnerability of human trust, we are prone to the tactics of social engineering.
Humans motivate cyberattacks, and humans also, often unknowingly, facilitate cyberattacks.
program. Security starts with people, and technology should support them effectively. People
control explains the main goals, methods, and controls that may be used by an organization to
integrate defense in depth ideas into the field of human security. Through an employee lifecycle
strategy, I will implement a layered control which will be created to address the following areas
and reduce people-related risks in the organization:
  job and role definition
 recruitment and selection
 induction, training and development
 ongoing operations
 role change management
 management of morale
 termination of employment strategy avoiding any unnecessary level of employee distress

Corresponding Protective Measures:

i. Pre-engagement and engagement screening

ii. Enterprise-wide awareness campaign
 Reference

https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-
CERT_Defense_in_Depth_2016_S508C.pdf

https://blog.netwrix.com/2022/09/16/top-cis-critical-security-controls-for-cyber-defense/

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7122347/

https://nces.ed.gov/pubs98/safetech/chapter5.asp

https://blog.twinstate.com/cybersecurity/defense-in-depth-explained

https://www.forcepoint.com/cyber-edu/defense-depth

https://heimdalsecurity.com/blog/defense-in-depth-cybersecurity/

https://www.crowdstrike.com/cybersecurity-101/defense-in-depth/

https://budibase.com/blog/app-building/data-access-control/