Defense in Depth

Old but still Powerful.

Defense in depth (DiD) is an attack mitigation strategy that helps organizations and even individual computer users to protect their valuable information and systems from cyber-attacks. Defense in depth practices involve placing multiple layers of security measures to prevent cyber-attacks. These layers include different security techniques and multiple layers from the same technique. The simple idea is, if one security control fails, then there are multiple security layers that prevent cyber-attack. This approach is also called the castle approach because it aims on arranging layers of security measures similar to a castle where there are multiple strengthened walls. This type of security placement will help to protect resources from attacks that originated in various ways and in an attack situation it will buy more time for security engineers to initiate countermeasures. There is no single solution ever implemented that can protect valuable information with one single setup unless you place a computer where nobody can reach, disconnected from any communication channel. If so we could guarantee that the machine is fully secured. However, nobody is ever going to get any service from that type of a machine.

Layers of security controls can be mainly categorized into three groups based on their placement and what type of security risk that the control can handle. Security control categories are namely, Administrative controls, Technical controls, and Physical controls. Let’s get some idea about each layer and what controls we can use at each layer. 

layered security architecture

Physical controls focus on protecting the systems from any type of physical disruption. Physical disruption could happen due to a physical attack or environmental disaster. Physical disruption causes higher magnitude damage than other disruptions. Common techniques that are used to prevent physical attacks mainly focus on access controlling and real-time monitoring of user activities. Techniques used under physical controls include placing barriers, gates, using different flavors of locking mechanisms, employing security service personnel, monitoring user behaviors, and similar activities.

Technical controls focus on protecting resources from disruptions coming mainly through communication channels. Disruptions caused by malware, unauthorized access attempts, and service interruption are the main focus of technical controls. Controls that come under this category mainly divide into hardware-based controls and software-based controls. Hardware controls include firewalls, segregation networks, implement DMZ, place IDS/IPS boxers, and similar controls. Installing malware protection software such as antivirus software, network monitoring tools, web/email scanners, hashing, encryption, timely backup come under software-based controls. 

Administrative controls focus on implementing policies and procedures that limit and guide user behavior. Sometimes user behaviors could lead to service disruption. These disruptions could happen due to three main reasons. First, users purposely carry out disruptive actions against organizational resources, unintentional user actions cause system disruption, and user actions open loopholes that make threat actors to conduct disruptive actions. To prevent those types of disruptions we need to implement administrative controls. Administrative control includes identity/privilege management, patch management, two-factor authentication, timely access management, and similar controls.

References

Location: Sri Lanka

Comments

  1. Dulanga Kithmini29 November 2020 at 17:45

    Informative Osura. Can this defense in depth be applied in website protection too?

    ReplyDelete
    Replies
    1. Osura Weerasinghe6 December 2020 at 16:42

      Thanks for asking this question. Yes of course we can apply DiD to protect websites. As practice organizations place their public-facing resources such as web pages in DMZ. Creating DMZ and placing websites in there is adding an extra layer of security for the websites. In an attack, the attacker needs to pass the perimeter firewall and security measures in DMZ to do any harm to the organization's websites.

      Delete
  2. Suranga Wijayarathna10 December 2020 at 10:26

    Comprehensive article osura. Why do you think defense in depth is more suitable for an oragnization than any other layered security architecture ?

    ReplyDelete
    Replies
    1. Osura Weerasinghe11 December 2020 at 20:39

      Good question Suranga, defense in depth (DiD) also a layered security architecture. The way these layers organized and what are the security techniques used in each layer could vary from industry to industry depending on industries requirements and the investment that the organization can allocate for the implementation. In general, DiD more effective because of two reasons according to my view. First, the attacker has no idea about security layers that he or she needs to face this makes that the threat actor need to be highly skilled to bypass multiple security measures. Second, DiD will by security engineers fairly enough time to execute a counter-attack.

      Delete
  3. Rajitha Gamage10 December 2020 at 12:34

    Very informative Osura, you have explained that defense in depth is suitable for individual computers also. can that price is affordable. how much the cost nearly?

    ReplyDelete
    Replies
    1. Osura Weerasinghe11 December 2020 at 21:08

      Thanks for asking this question Rajitha, I think it is affordable because we already have multiple layers built-in when we take a personal computer. we have protection at the network layer from the network modem, we can add extra layers of protection by modifying the default setting for more security. Almost all personal computers nowadays have a built-in firewall, else that we can configure a lot of restrictions by properly configuring OS options already available. Then if you think still you need more security you can subscribe to antivirus applications. These applications are not that much expensive as we think, the price will vary based on the vendor but range between 40-100 dollars per year. If you are using windows 10 based computer I think windows defender is more than enough to protect your PC. It is frequently updated and offers very good protection. It is true early versions of Defender do not have a good image but now it is quite good.

      Delete

Post a Comment

Popular posts from this blog

How Cloud Resiliency organized in Microsoft Azure

Image
Disaster avoidance and Disaster recovery are two concepts used in many industrial areas. The two terms look alike but they are somewhat different based on the situation that we use them in. Sometimes disaster avoidance is also called resiliency. In information technology, these two terms are mainly used in system engineering and system designing areas. So, what is meant by terms resiliency and recoverability? Resiliency expresses the ability to operate services even in a disruptive system event. Recovery means actions needed to perform to make a system work again when a disruption causes a system to fail. For example, resiliency is like building structures to stay stable in an earthquake situation, on the other hand, recoverability means if some disaster happens to the structure how we are going to correct that damage. So, now as we know the meaning of the two terms, let’s move to our main topic, How Cloud Resiliency is organized in Microsoft Azure. Cloud consists of a larger number of...
Read more

Network Traffic Identification and Classification with Machine Learning

Image
A computer network should consist of four primary objectives: Fault tolerance, Scalability, Security, and Quality of Service (QoS). These objectives make computer networks efficient, reliable, and suitable to satisfy users' requirements. Network administrators try to continuously improve these properties to give a better experience for their customers. There are various practices network admins can implement to achieve these four main objectives related to computer networking. Knowing about the network is one of the initial and basic activities that we can commonly see in those practices. Network monitoring is the process we use to get to know about the network. Network traffic monitoring plays a significant part in computer networking. It has been used from network resources management to network security-related activities.  Network monitoring is an umbrella term that is used to combine a few other processes/techniques. Network traffic identification and classification (TIC) is a...
Read more

MalLocker.B

Image
New  Malware Affecting A ndroid Users. Malware has been there for a very long time from the beginning of computer systems. Any computer system could be a target for a malware attack. The common intention of any malware is to cause damage to computer systems. Before the era of smart devices, malware was mainly designed to attack servers, personal computers, and likewise. However, with the rapid increase of smart devices, malware attack surfaces grew rapidly. Smart devices became a comparably easy target for threat actors because of the extensive user base, less knowledge of users about the device, users trying to add various applications without checking their background, along with many other reasons. These reasons enable attackers to quickly and easily spread malware to smart devices. Ransomware is one type of malware that causes huge losses for both business and personal computer systems in current times. This type of malware holds the computer system in a captive state until t...
Read more