Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Defend the Network<br />
Perimeter access control (firewalls); secure rout<strong>in</strong>g table updates; explicit <strong>in</strong>ter-AS policies (security, QoS); Appropriate<br />
BGP policy sett<strong>in</strong>gs; Secure Multicast<br />
Defend the Enclave<br />
Network Access Controls; Virtual<br />
Private <strong>Networks</strong> (VPN); database<br />
security; publish and subscribe<br />
security; peer-to-peer identification<br />
and authentication<br />
Defend the Enclave<br />
Defend the Enclave<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
application<br />
Device Security: “Internet Harden” OS; Malicious Code Detection/<br />
Response; Code sign<strong>in</strong>g for mobile code; data-at-rest confidentiality,<br />
<strong>in</strong>tegrity and protection; human-to-mach<strong>in</strong>e identification and<br />
authorization; etc.<br />
Application security: authentication; authorization (separation of duties with least privilege);<br />
protocol <strong>in</strong>tegrity protection; confidentiality; etc.<br />
Figure 15. Sample Defense-<strong>in</strong>-Depth Technologies<br />
Each of these protection systems should preferentially support all elements of the control life<br />
cycle, which is shown <strong>in</strong> figure 16. Control life cycle defenses conta<strong>in</strong> the follow<strong>in</strong>g basic<br />
elements:<br />
• Protection: security controls that provide protections to thwart possible attacks.<br />
• Detection: security controls that detect, log, and report the existence of successful<br />
exploits that somehow overcame the protection system.<br />
• Reaction/Neutralization: security controls that seek to neutralize any possible damage<br />
from successful exploits.<br />
• Recovery/Reconstitution: controls that enable the entity to be reconstituted or recovered<br />
should successful exploits damage the entity beyond the capability of the neutralization<br />
controls to correct. The recovery and reconstitution often is <strong>in</strong>tegrated with system or<br />
network management processes.<br />
The exemplar network architecture recommended by this study <strong>in</strong> (see section 8.3) heavily relies<br />
upon defense-<strong>in</strong>-depth concepts to defend aga<strong>in</strong>st the network risks discussed <strong>in</strong> section 4 and<br />
appendix A.<br />
54