Moving Target Defence: Security, Resilience and Obfuscation

A standard method that an army will use is to create a moving target, and which confuses an attacker. This might relate to change the movement of troops on a continual basis, or in the location of missile bases. With this, a static target can often be analysed in great detail, and then probed for its operation. With a moving target, an adversary will often spend a good deal of their time understanding and reanalyzing. As they do this there’s a good chance that they will be detecting in their spying operations.

An army, too, needs resilience, and where there is no single point of failure. Perhaps there is an army deployment base, and where the troops are shipped to. If an adversary finds out that all the troops are deployed from there, then they could attack that base first, and then look to attack other parts, as troops could not be deployed other different areas of the battlefield. An army would thus have plans to have alternative deployment bases, and also for the fast creation of one within a different area.

And so, let’s say that you had a Web site. Today it uses Microsoft ISS running from Amazon AWS, and then the next day it was running Apache within Microsoft Azure, and the day after it used nginx within the Google Cloud. Each instance of the Web server and all its services are continually changing too, with…