13 things essential for an effective Cross Domain Solution (CDS)
Blog / 13 things essential for an effective Cross Domain Solution (CDS)
Firstly, what is a Cross Domain Solution? 1
As defined by the US National Institute of Standards and Technology (NIST), cross domain solutions refer to:
“A form of controlled interface (a boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems) that provides the ability to manually and/or automatically access and/or transfer information between different security domains”.
Does your organisation need CDS?
Does your organisation require data transferal between two or more domains?
A large majority of organisations need to transmit data between their own reliable network domains and external domains. A regular organisation may be in contact with over 300 external, third party connections and the internet, leaving their network(s) open to the ever-changing threat landscape. Cross domain solutions are important for organisations that handle high value data which requires further protective measures in addition to firewalls, SIEM (Security Information and Event Management) and IDS (Intrusion Detection Systems).
Regardless of the industry your organisation is geared towards, it is crucial to have in place an effective cross domain solution to ensure the security or your organisation’s network and assets and prevent the data of your customers, employees, business partners and shareholders from becoming leaked, stolen or corrupted.
The 13 key proponents for an effective CDS
- Network Protection
Numerous components regarding your cross-domain solution will need to transfer data between external domains thus, could be targeted by threat actors. Therefore, all external components should be separate from the internal components as internal components are more connected to core network systems. Furthermore, there needs to be additional controls in place between internal components and core network systems to prevent further compromise.
- Protection against attacks which use malicious content
Your CDS needs to be able to provide robust protection against attacks in which malicious content is utilised for example, a malicious data file. These types of attacks if successful will have a large negative impact upon the data processing on the receiving network and possibly, the operation of the CDS.
When designing a CDS capable of providing protection from content-based attacks, vulnerabilities of the target system to a content-based attack need to be regarded for example, the complexity of data formats used by your company.
- Protection against unapproved export of information
For a CDS to be considered as well-designed and effective, protection against unauthorised export of information must be a feature.
- Session isolation
A CDS should keep sessions separate, so that in the event of an intrusion, lateral movement of the attack is prevented. An attack on one session will not be able to influence another session that is simultaneously running. In the case of higher threat environments such as the Internet, isolation between input and output data flows between components should be enforced.
- Protection against repeated compromises
A CDS should be designed to provide protection against repeated compromise attempts, ensuring stability and the reliability of the CDS.
- Interaction between various people and the CDS
A CDS needs to be easy to use and secure to use by various people who may need to interact with it. This includes system installers, system administrators, employees who need to work with it every day, external users for whom a CDS crucial for working with those inside it and security staff who manage the solution.
A CDS should be actively and securely managed through all stages of its entire deployment, from the initial stage of its implementation, updates and day-to-day management. An issue with the management plan can result in weakened security of your organisation’s system.
- Audit and accounting
Your organisation’s CDS should transfer audit information to your chosen SIEM (Security Information and Event Monitoring) system.
Prior to session use, a CDS should confirm authentication for all users, equipment and connection between internal components.
User authentication will reduce the risk of unknown external users from gaining access to your system. It is also highly important for equipment and connection sessions to be authenticated to prevent unauthorised systems from using the CDS. To ensure transferal of data between the components within the CDS, each component should be authenticated to each other. Keep in mind that some forms of CDS will need to handle data from unconfirmed sources such as the Internet for which your CDS needs to be capable of.
- Protection for data-in-transit
A CDS should be able to offer protection for data-in-transit (CIA) for all connections between components and for connections between external devices and the CDS.
A CDS will need to frequently connect with other systems over insecure networks. A network that has been weakened by a potential intrusion may impact the confidentiality and the integrity of the data being accessed and therefore, reliable protection against this needs to be provided by the CDS.
- Data-at-rest protection
A CDS should provide protection for data-at-rest for sensitive data that is at risk from being copied or exfiltrated. Examples of such data includes business data, business logs, audit logs and configuration files.
A large majority of CDS systems will need to store information within its components and in the case of higher risk cases, the risk of this media being stolen increases.
At-rest protections are important for safeguarding data in the case that the system is inactive however, if a threat actor manages to successfully breach a running system, at-rest protection likely will not prevent loss of data.
Every component within a CDS needs to be regularly patched and developers need to actively provide patches and updates for everything used within the CDS, including third party libraries.
- Component integrity
A CDS needs to be able to prevent components from being unauthorised or exposed. The level of protection needed against system compromise will depend on the likelihood of a compromise and how critical security is.
How secure is
How secure is