Defence in Depth Security Model
Cyberteam Security Services follow the following steps as a minimum to provide complete cyber and infrastructure security analysis reviews for our clients:
- We comprehend Internet, IT infrastructure, network (configuration and topology), network traffic and communication systems.
- Prepare a security policy, processes, procedures, and their implementation plan.
- Obtain approval for the above from management.
- Implement the above policies and plans.
- Maintain a standardised set of documentation of the entire IT infrastructure.
- Periodically test and audit the entire network security (Internet, Intranet and Extranet) and to update it regularly, and maintain an audit trail of all changes.
- Create security awareness among users through training, crash courses or "tip of the day" messages.
- Undertake proactive preventive security measures, before security incidents happen and corrective measures become necessary.
Four layers of Security
It is always said that "Depth is in depth", and we follow this rule while designing and implementing any security systems or models. This security model consists of four layers of security like and onion, and each layer is described in detail below.
Layered Security Model
Most of us don't work for organisations with vast budgets for procurement of security equipment or systems (or security personnel). In this context, we
implement this Layered Security Model with the help of tools/technologies available free on the Internet, to raise the height of the security fence as high
as possible. These tools perform data collection, analysis, reporting and generation of alarms.
The four key layers of the defence in depth security model are:
- Layer 1: Perimeter Defence.
- Layer 2: Host Protection.
- Layer 3: Operating Systems and Application Protection.
- Layer 4: Data/Information Protection.
Security Layer 1: Perimeter Defence Network Security Systems
This layer is like the four walls and the roof of a secure house. It includes firewalls, routers and proxy servers. A national survey showed that 70-80%
of attacks are internal i.e., from within the organisations internal network. Therefore, securing from internal attacks is the first line of defence.
However, having only this line is not enough to protect any network and valuable information.
One of the common attacks on this layer is DoS (Denial of Service) attack, which involves flooding the point of connection to outside world with unproductive traffic, which brings communications with the Internet to a standstill. Some of the common DoS attacks on routers are Smurf, Syn, Ack and Rst attacks.
Security Layer 2: Host Protection
Now that we have our perimeter defence tightened and the OS fine-tuned, we look at another threat from the internal workstations connected to the network.
We use workstation endpoint security for two reasons:
- To protect against someone trying to attack from within the network.
- To protect the data stored on workstation from someone coming in through the firewall.
Some of the key characteristics related to workstation security are listed below:
- Formulate User Access Policy and implement the same.
- Update regularly the patches/hot-fixes for the workstation operating system and applications.
- Limit the Network Resources Access from workstations. Assign only what is a MUST and is REQUIRED.
- Install Anti-virus software and update it regularly on all the workstations.
- Ensure workstation data is included in daily nightly backups.
- Allow no modems on workstations.
- If nature of work permits (or if you can make it work) allow only one user to login in on each workstation.
- Have as much logging enabled for workstations, as possible.
- Have a personal firewall installed on all (if possible) workstations.
- Do not retain faulty or old hard disk drives. DESTROY THEM if you are planning not to use them again.
Security Layer 3: OS and Application Security Systems
This layer holds protection of operating system, the application servers, web servers, and mail servers. While traffic is regulated at the perimeter depending
on the needs of the organisation, the applications utilising the traffic run on different application/web servers which in turn run on operating systems.
An abuse of operating system privileges can potentially compromise network security. Users with access to the underlying operating system can jeopardise the availability and integrity of the firewall and expose critical network resources to both internal and external security threats. Hardening this layer will protect the network from number of internal threats.
Vulnerabilities exist in operating systems, web servers, proxy servers, mail servers and application servers that need patches/service packs/hot fixes to fill those holes. An organisation may have multiple operating systems in its network. It is the responsibility of the OS vendors to make their products secure. In addition the user organisation also has the responsibility of applying the available security features.
Some of the General Practices to Secure Server Hardware are:
- Place servers and communication equipment in a secure room.
- Give restricted access to server/communication room.
- Avoid using server consoles as much as possible.
- Match hardware compatibility while buying/installing the server.
- Disable CD-ROM or floppy disk boot.
Security Layer 4: Data/Information Protection
Having all the security layers implemented on the corporate network helps secure all the PCs in the network but once the PC is removed for use at home or
on the road, security becomes more at risk.
Data protection can be broken down into three distinct categories:
- Operating system security.
- Sensitive data storage practices.
- Data encryption.
Operating system security covers the normal operating system (and services) security best practices.
Sensitive data storage practices cover the data that has to be on a server and data that can be on a desktop/laptop.
Data encryption covers the need of having the data protected by means of encryption. Precautionary steps:
- Do not use any option that remembers your password so that you do not have to re-enter it the next time you need it.
- Have all the laptops with Microsoft Windows installed with encryption enabled.
- Have different password for different accounts.
- Do not use same password for corporate network and public networks (Hotmail.com, Yahoo mail etc.).
- Apply newly released operating system patches and application patches.
Cyber and infrastructure security cannot be achieved by merely implementing various security systems, tools or products. However security failures are
less likely through the implementation of security policy, process, procedure and product(s). Multiple layers of defence need to be applied to design
a fail-safe security system.
The idea behind multi-layered defence cyber and infrastructure security is to manage the security risks with multiple defensive strategies, so that if one layer of defence turns out to be inadequate, another layer of defence will, ideally, prevent a full breach.
Cyberteam Security Services believes that, at a minimum, everyone must apply a range of security perimeter defences so that their resources are not exposed to external attacks and ensure that the security system is not limited by the weakest link, in any of the four security layers.
The defence in depth security information shown above is mostly generic and based on best-practice, therefore to get a better understanding on what we can do for your business, all we ask is that you contact us to discuss your cyber security defence in depth needs to protect your IT systems and data.
Click here to contact us