Defense in Depth. 1.A well-structured defense architecture treats security of the network like an...
-
Upload
teresa-cameron -
Category
Documents
-
view
214 -
download
0
Transcript of Defense in Depth. 1.A well-structured defense architecture treats security of the network like an...
Defense in Depth
Defense in Depth
1. A well-structured defense architecture treats security of the network like an
onion. When you peel away the outermost layer, many remain underneath it.
2. Defense in depth helps you protect network resources even if one of the
security layers is compromised. After all, no single security component can be
guaranteed to withstand every attack it might need to face.
3. We operate in a real world of system misconfigurations, software bugs,
disgruntled employees, and overloaded system administrators.
4. Moreover, any practical security design needs to accommodate business
needs that might require us to open certain firewall ports, leave additional
services running on the server, or prevent us from applying the latest security
patch because it breaks a business-critical application.
Defense in Depth
1. Treating perimeter security components as parts of a coherent
infrastructure allows us to deploy them in a way that accounts for
the weaknesses and strengths of each individual component.
2. Of course, given the requirements of your organization, you might
choose not to implement every component discussed here.
Components of Defense in Depth
1. The Perimeter
2. The Internal Network
3. The Human Factor
The Perimeter
When we think of network security, we most often think of the
perimeter. As we mentioned earlier in this chapter, the perimeter
includes any or all of the following:
1. Static packet filter
2. Stateful firewall
3. Proxy firewall
4. IDS and IPS
5. VPN device
The Internal Network
On the internal network, we could have the following "perimeter" devices:
1. Ingress and egress filtering on every router
2. Internal firewalls to segregate resources
3. IDS sensors to function as "canaries in a coal mine" and monitor the internal
network
On protected systems, we can use the following:
4. Host-centric (personal) firewalls
5. Antivirus software
6. Operating system hardening
7. Configuration management
8. Audits
The Internal Network
Configuration management can enforce the following:
1. That all Windows machines have a particular service pack installed
2. That all Linux machines have a specific kernel running
3. That all users with remote-access accounts have a personal firewall
4. That every machine has antivirus signatures updated daily
5. That all users agree to the acceptable-use policy when they log on
The Internal Network
An audit typically progresses like this:
1. An informational meeting is held to plan the audit. At the first informational meeting, the
auditor finds out what the client wants and expects and establishes risks, costs, cooperation,
deliverables, timeframes, and authorization.
2. Fieldwork begins (implementing the audit). When the client is ready, the auditor performs the
audit in line with what we established in the planning session.
3. The initial audit report (technical report) takes place. The auditor might prefer to give an initial
audit report to the technical representatives of a client before their management sees the final
report. This provides the technical staff with an opportunity to address some concerns before
the final report goes to management.
4. The final audit report (a nontechnical report with the final technical report) takes place. The
final audit report typically contains an executive summary, the general approach used, the
specific methodology used, and the final technical report.
5. Follow-up occurs (verified recommendations are performed).
Human Factor
1. Authority Who is responsible.
2. Scope Who it affects.
3. Expiration When it ends.
4. Specificity What is required.
5. Clarity Can everyone understand it?User awareness of your organization's security policy:
6. Have every user sign an acceptable-use policy annually.
7. Set up a security web page with policies, best practices, and news.
8. Send a "Security Tip of the Week" to every user.