tnfomution Opumtinns Elements and Ranma Aptivitin • Mmrepudiatiori means proof of message receipt and sender identiEua— tion, so neither can deny having processed the data, IA incorporates CND to provide a defense in depth that protects the GIG against exploitation, degradation, and denial of service by employing vigorous protection, detection, reaction, and restoration capabilities. This incorporation allows for effective defensive measures and/or timely restoration of debilitated networks and INFOSYS. Contributions 2-51. IA attack contributes to defensive I0 by protecting friendly information and INFOSYS against friendly intrusion as well as adversary attacks. IA uses a defense in depth that includes CND to counter adversary CNA. 252, IA defense in depth protects all networks, including their INFOSY S (such as computers and radios) and iniiastructure implementation (such as gateways, routers, and switches). To contain damage and restore the networks, it provides information protection, intrusionlattaok detection, and reaction. 2-53, Intlirmatiein protection is utxomplished with a full range of security means. External and internal perimeter protection prevents unknown users or data from entering a network. External means include tmmmuoieations se· curity; renter iilteiing/access toutrol lists, and security guards. Where neeesv sary, physical isolation or hurrieis are pluoed between protected and unpro- tected networks. Internal perimeter protection consists of firewalls and router filters. These serve as barriers between echelons or functional communities. 2~54. Intrusion/attack detection is accomplished by monitoring the perimewr protection tools and devices to identify activities that violate security policies. Selected events or occurrences (such as numerous log-on attempts within a specitic period) are monitored to detect unautlmrized access and inadvertent, rnalieious, or noninalicious modification ar destruction of data, 2—55. Network managers react to counter the effects of on incident on the network. Reaction to n network or INFOSYS intrusion incorporates the capav bility to restore essential ixttixrmation services, as well as initiate attack rev sponse processes, Disaster reoovery capability requires stopping the breach and restoring the network. A detailed continuity of operations plan facilitates aceemphshing these tasks. 2-56. The Army INFOSYS Security Program addresses security measures that protect information and INFOSYS against all forms of threats (see ARBXO-i9)t System development requires INFOSYS security planning during acquisition, training, development, operations, and maintenance. When the program is properly functioning, an in-depth system provides protection and defense of information and INFOSYS (sue In/ormution Assurance: Legal, Regulatarv, Polwby and Organizational Considerations for details), Staff Coordination 2~57, The G—¢i is responsible iilr IA. IA is one of the components of NETOPS as is network management and information dissemination inanageinent. The IA manager, IA network manager, IA security oflicer, systems administrator, 2-13
