Defense In Depth

Article by Ron Frechette

Last month we focused on educating our readers about the EU-GDPR due to the overwhelming inquiries we received, to learn more about the regulation and how it affects us here in the US.  This month we are back on the track of protecting ourselves in the everchanging world of cyberspace.  Our April article, Adopting a Cyber Risk Management System, provided us with a system to identify vulnerabilities that surround our digital footprints. Now that we have a system to identify and manage risk, we must focus on building various defense strategies that span from our security perimeter to the data we are trying to protect.  In the information security industry, we refer to this as “defense in depth.”

The concept of defense in depth focuses on protecting our digital footprints so that if one security control fails, another will be in place to prevent an attack.  There is no single method for successfully protecting our digital footprints. A defense in depth approach will reduce the risk of having a costly attack.

There are three primary types of attack scenarios we must be mindful of when thinking about a defense in depth strategy.  The first scenario is an attack by a script kiddie from the Internet, the second is an attack from a skilled hacker, and the final attack is from a trusted user who has access to our network.

Script Kiddies

The script kiddie is someone looking for the easy targets to compromise in cyberspace. They do this by focusing on a small number of exploits, and then searching the entire Internet for that exploit. Any person can go to the Dark Web and gain access to lists of exploits and information about how to identify vulnerable systems and the code to launch an attack.

A strong security perimeter defense is the best defense against script kiddies. A firewall manages both incoming and outgoing traffic on a network and is essential to a strong perimeter defense. Firewalls are extremely effective, but they cannot be relied on as the only means of securing a network perimeter.

Network based intrusion detection systems (IDS) provide another layer of perimeter defense. A network-based IDS will monitor network traffic to identify scans or traffic patterns that indicate an attack.

Anti-virus software is another essential tool for securing any system on a network. It will recognize known viruses, worms and Trojans, take specified actions to deal with the infection, and notify users or systems administrators of the problem.

Social engineering is a common method of attack to get an exploit past a firewall. Script kiddies are likely to implement social engineering by email.  The most important line of defense against this type of attack is security awareness training. For instance, we should know the risks of opening email attachments,

sending sensitive information across the network, and so on.

Skilled Hackers

The skilled hacker is more successful by researching the company being attacked, utilizing additional methods of attack, and being more aggressive with the same tools as the script kiddie. It is even more important to use properly configured firewalls, secure each individual system, employ intrusion detection systems and antivirus software but additional methods also need to be employed.

Physical security can be implemented in many  ways such as biometric controls for doorways, motion detectors, and surveillance cameras.

Strong passwords are essential to a secure network.

Using strong passwords and changing them frequently will make it much more difficult for an attacker to gain access to the network through password guessing or cracking. Passwords should not be dictionary words or names. They also should not be words or names with numbers concatenated to them. A strong password will be a mix of upper and lower case alpha characters, special characters and numbers. Passwords also need to be something the user will remember so it won’t be written down and taped to the computer monitor.

No single security measure can adequately protect our digital presence in cyberspace. Having a strategy of defense in depth will discourage hackers from compromising our sensitive data. Firewalls, intrusion detection systems, well trained users, policies and procedures, switched networks, strong password, and good physical security are examples of the things that go into an effective security plan. Each of these mechanisms by themselves are of little value but when implemented together become much more valuable as part of an overall security plan.

For more information on how you can implement these types of controls into your organization, send me a tweet @GoldSkyRon.  Until next month… wishing you a safe and prosperous journey in cyberspace!

GoldSky Security offers small and medium sizes business cybersecurity solutions across the US and currently has offices in Orlando, Florida and in Denver, Colorado.

Questions? Send me a tweet: @GoldSkyRon or email ron.frechette@goldskysecurity.com

Sources:

The 7 Top Management Errors that Lead to Computer Security Vulnerabilities. The SANS Institute, May, 1999. http://www.sans.org/newlook/resources/errors.htm .

The Honeynet Project. Know Your Enemy. http://project.honeynet.org/papers/enemy/