Security in depth
-
Created: Thursday, 03 October 2019 23:55
Photo by Pixabay from Pexels
When you think of securing a building, one of the first things that may come up is to put up a fence, and maybe add a armed guard. Your next layer of defense maybe another guard or guard dog to roam the the property to address any threats that get past the fence and the gate guard. No security strategy would be complete unless you add locks on all of the doors and windows. The building may also include cameras and alarm as technical security measures as a last layer of defense.
When it comes to security, the risks and likelihood of occurance will generally drive the types of safegards put in place. Cybersecurity professionals are very familiar with the balancing of risks with appropriate safegards for the data that is being protected. The difference is that when it comes to physical security, it is easy to identify where your investments are going. Technical security measures are a bit more difficult to see the investment, and notice that the impacts of the implementation.
In the cyber world, security in depth can also be applied. The idea behind the security in depth concept is to provide differring layers of security, that will have some overlap, to provide better protection coverage. While it is possible to bypass or exploit a weakness within one system, it increases the difficulty by adding the layers. If properly configured, these systems could also aid in the detection of a threat. Most of this could be done with the tools already on hand by utilizing all of their capabilities.
In future posts, I will go into the how and why to implement the various tools you already have. Right now, I will just highlight some basics:
- The simplest thing you can do is to properly secure your operating system by following best practices. Best practices would include, but not limited to, password protection and logging. All systems should have antimalware detection installed with a firewall in place.
- Your layer 2 devices can also assist with the security in depth concept. Managed layer 2 devices come with the capability to do logging and VLAN. Being able to log what devices are connecting or segregating network devices can assist in boosting your security posture.
- Most environments now are using wireless access points to provide connectivity to differing systems. By implementing the highest encryption level possible, with complex passphrases add to the difficulty. Logging is also important to implement at this level to monitor what devices are connecting. It is also best to separate connections at this level as well by not allowing guest systems to connect to the same network.
- Your layer 3 devices should be configured to only allow traffic you approve in. In a perfect world, you would also control the traffic that is leaving your network. As with the other devices mentioned, logging is also important to implement to monitor what data is coming into or out of your network.
