Defense in Depth Flashcards
Defense-in-Depth Layers
- Policies
- Physical
- Perimeter
- Internal Network
- Host
- Application
- Data
Physical
Physical security is an absolute necessity in Network security.
If just any cro magnon baby-headed simpleton can make their way into an establishment and plug themselves into the network’s maintenance board, then at that point, any other form of network security implemented will have been rendered practically useless
Perimeter
Ex. your router and the two sides of the DMZ (front facing and inward facing interfaces).
This ^ is the perimeter firewall, where all traffic would be analyzed and filtered.
Internal Network
Just behind the Perimeter, this is made up of all the Network Zones that Ermin touched on before (people or devices sorted into groups depending on their level of access/what kinds of access they should be allowed to have).
Host
Past the Internal Network, you have Hosts which are individual devices like personal computers, servers, and just about any other devices with networking capabilities.
These hosts 𝘩𝘰𝘴𝘵 a range of services, which are essentially applications.
Applications
Applications are hosted on Network Hosts.
The nature of the Applications being hosted can vary pretty widely. Sort of things like: - Web Applications - a Mobile App's back-end - a file's FTP
Data
This is made up by all the data of all the applications being hosted on the network, user data, or anything else in transit w/in the network.
What is the purpose of Defense-In-Depth ?
Defense-In-Depth is implemented so that an attacker would have to break through multiple layers of security to obtain certain (and often more fragile) information, data, etc. instead of having to break through just a single barrier and then have access to the entirety of the system.
What is the definition of Defense-In-Depth ?
Defense-In-Depth is a security strategy in which several layers of protection are implemented and placed throughout the information system in order to mitigate or all-together prevent attacks (but mainly to mitigate).
Security Policies
Security policies are the core of an organization’s security infrastructure. They define the rules and requirements that the system uses to protect the organization’s information systems.
Why do we implement Security Policies ?
We implement Security Policies to reduce risk (being that security risk, legal liabilities, so on).
(Note: resource management policies are also very commonly implemented.
Ex. not letting the water run when washing your hands, turning the lights off after you leave the office, shutting down unnecessary programs on system servers).
If you have good policies, your risks will be minimal to nearly non-existent (but never entirely non-existent).
How do you implement policies (probably a little bit of an over-simplification )?
- Policies must be in written form
- Policies must be distributed to all entities w/in the system that the policy applies to
- Must have conformation from all previously stated entities that they have reviewed and accepted the policy or policies in question (maintain nonrepudiation).