The Design of Real-Time Adaptive Forensically Sound Secure Critical Infrastructure

Abstract

Network security design has seen significant advances in recent years. This has been demonstrated by a growing number of new encryption algorithms, more intelligent firewall and intrusion detection techniques, new developments in multifactor authentication, advances in malware protection and many more. During a similar period of time the industry has seen the need for network infrastructure which provides a greater degree of trust which has resulted in the development of forensic analysis tools which meet the requirements of law enforcement agencies. Such tools must provide for commercial intelligence and national security. This paper proposes that application of the common ground between security and forensics has great potential to provide for improvements in the effort to achieve real-time adaptive security. This implies an architecture which can detect security breaches and in real-time record and analyse traffic logs in a forensically sound manner, provide corrective feedback to security devices and attempt to trace back to the source of the attack. In addressing computer security and forensic analysis from a real-time perspective, this paper recognises that some of these processes already exist, but proposes methods whereby the ongoing damage and potential risk to critical infrastructure can be reduced. This requires the implementation of a highly integrated approach to security and forensics such that they can inter-work in real-time in order to address the significant security issues which currently face the industry.