DEFENSE IN DEPTHDEFENSE IN DEPTH

Preamble

In the computer era, Internet is the globally available medium which connects many individuals, computers, networks and corporate. Numerous global companies are highly depending on the Internet for information sharing and computing like email, data transfer, remote computing, and instant messaging and even for voice communications. Even so, it also increases the threats of damaging the business critical data, affecting services and stealing of business confidential information.

It has been a challenge for many years now to protect the information against these threats and vulnerabilities. Various security standards have been developed to minimize the risks by adapting to the best practices.

Although there are many standards, all of them primarily focus on the three core aspects of Confidentiality, Integrity and Availability.

This document describes the defense in depth strategy which can be implemented by any company to efficiently protect the IT infrastructure against these security threats.

Defense in Depth

The theory of Defense in Depth is to use a variety of security mechanisms in all the layers across the IT infrastructure to protect the critical data, network, services and users against various security threats.

DEFENSE IN DEPTH

Policy and procedures

Physical security

Data security

Applications security

Hosts security

Network security

Perimeter security

The defense in-depth model focuses on protecting the information at various layers as illustrated above.

Intertec Systems L.L.C, P.O Box no 27130, Dubai, UAE

People

People or employees are the most important asset in any company and they are considered as the first level of defense in the defense in-depth strategy. This category is segregated into three major sections as illustrated below,

Roles, Policy and awareness

It is mandatory to have a formal security policy before proceeding with the implementation of any security standards. The security policy provides a framework of best practices for the operations, so that the company can minimize the risks and respond effectively to any security incidents which may take place. It also ensures that the company complies with the legislation. More detailed aspects of security policy can be addressed, wherever necessary, by reference to additional documents dealing with explicit issues. Procedures are an add-on to the security policy which provide the instructions to perform everyday operations. Roles and responsibilities must be clearly defined from the information security perspective and the same should be reflected in the policies.

Skills and Training

It is also very important to effectively create security awareness among the people in the organization. Individuals in the organization must incorporate the policy and procedures into their everyday operations. In addition, necessary security awareness trainings should be conducted as and when required.

Incident Response

Incident response is an expedited reaction to any issue or occurrence. This is a must in the event that the security of a system has been compromised. A well defined incident response procedure helps the security team respond to the problem quickly and effectively. The incident response procedure also should contain the responsible people, contact information and escalation tree.

Intertec Systems L.L.C, P.O Box no 27130, Dubai, UAE

Network

Network is considered as the second level of defense in the defense in depth strategy, the three core aspects of network security is illustrated below,

Firewalls / VPNThe network can be secured with various components like firewalls, proxy servers, authentication servers etc. It is highly recommended to use stateful firewalls to protect against unauthorized access, network attacks rather than just using packet filters. VLANs are deployed to segregate the networks at data link layer and achieve coarse grained security.

Since most of the organizations are globalizing their business, connectivity with branch offices, extranet communications with business partners becomes critical and the data on the transit must be protected by security mechanisms like data encryption, packet authentication. VPN technologies are commonly used to create a secure channel over the Internet using security framework like IPSEC.

Network Topology

Network topology is another important factor in securing the network of any organization. It’s highly recommended to have switched infrastructure to protect against eavesdropping. Physical and logical network isolations must be done wherever required and traffic flow should be properly controlled. Effective security controls must be placed while introducing wireless networks in the corporate network infrastructure.

Network Intrusion detection system and Audit

Once the network is secured with necessary firewalls, access controls, it is mandatory to properly monitor the network for any intrusions. Firewall logs, system, applications logs and logs from various other security devices should be reviewed properly. Network IDS systems uses known attack signatures or anomaly detection techniques to monitor the network for intrusions, unauthorized activity. Network IDS can also be integrated with firewalls to provide real time attack prevention.

Performing constant network audits on the network archiving the results help in identifying vulnerabilities before an intruder exploits it.

Intertec Systems L.L.C, P.O Box no 27130, Dubai, UAE

Host

Host is the third line of defense and it includes the servers, workstations, and devices which are connected to the network. Eventually any attacker would target the host in any attacks. So effectively protecting and hardening the hosts against vulnerabilities would prevent an incident though an attacker breached the first two levels of defense. Below figure shows the three host components.

Host capacity, Capability and Configuration

Capacity, capability and configuration of the host are all also an important components of a comprehensive security strategy. Some of the commonly used best practices are listed below,

1. Hardening of host operating system2. Applying necessary operating system, application patches3. Host antivirus protection 4. Usage of Anti-Spyware and protection against Trojans, worms5. Services which are not required should be disabled on the hosts.6. Appropriate and restricted system privileges for the host users7. Avoid using weak passwords

Host intrusion detection / prevention

Host intrusion detection system (HIDS) and Host intrusion prevention systems (HIPS) mechanism are some of the effective techniques used to mitigate the vulnerabilities at the host level. HIDS/HIPS can monitor the host processes, files and generate alerts if it detects any malicious activity.

Host and Data integrity assurance

Integrity assurance is to ensure the data and contents of the hosts are not altered without authorization and if any data on the host is modified, then appropriate personnel should be notified about the same.

Intertec Systems L.L.C, P.O Box no 27130, Dubai, UAE

Application

The organization’s fourth level of defense is application. Applications include the organization’s intranet, database applications, payroll, accounting systems and all other applications which are used by the company.

Design and Implementation

Organizations should consider integrating security with the applications while in the developing phase itself rather than creating security patches at later stage once it’s completely developed. Applications must incorporate proper threat modeling during the design stage; threat modeling is the process of defining the security specifications for the application and testing that specification during QA process. Applications should also use appropriate error controls, built-in authentication mechanisms for increased security.

Integrity Assurance and Cryptography

Applications should be engineered in a manner that can ensure the integrity of data and it should use necessary input validation methods wherever required. Data encryption mechanisms like IPSEC, SSL, SSH or any other encryption protocols should be used to protect the data flow between the applications and end user.

The below figure describes all the components of the defense in depth strategy.

To find out more, call us now or email at infosec@intertecsys.com

Intertec Systems L.L.C, P.O Box no 27130, Dubai, UAE

DEFENSE IN-DEPTH

Intertec Systems L.L.C, P.O Box no 27130, Dubai, UAE