Defense in depth

Each year we hear of numerous security breaches or incidents. Name any organization/social media site and there is a possibility, that you  would have received a message from them that states this:

“There was a security breach and your information may have been compromised but we still urge you to change your password!!“

Given the magnanimity of today’s security scenario, wherein even non-security professionals can understand the repercussions of a security incident, it is but necessary to enforce additional security measures to bolster a home or business environment. It is here that the concept of ‘Defense in depth’ comes to the rescue of novice and experienced security practitioners alike. The meaning of ‘Defense in depth’ and the various components of ‘Defense of depth’ approaches forms the basis of discussion in this post.

What is ‘Defense in depth’?
The digital world has become a notorious place with increasing security incidents. There have been security breaches and DDoS attacks against organizations of all sizes and  interests – some examples of organizations that were involved in 2016 breaches and incidents are Yahoo, LinkedIn, Tumblr, MySpace, Tesco, Twitter.
Given these incidents and the smartness of today’s cyber criminals it is but necessary to employ the ‘defense in depth’ strategy to protect our personal and business assets.

‘Defense in depth’ thus involves creating multiple choke points for an attacker such as passwords, OTPs, anti-virus software, firewalls. 

Defense in depth(explained in easy terms)

It may be easy for an attacker to just break your password and penetrate your personal account(whether it be email, banking or mortgage account) On the other hand, it will be slightly harder(though not entirely difficult for a determined hacker) to break two layers( for example, password + challenge questions) and penetrate your personal account.
As an example, in physical security, it may be necessary to install ‘defense in depth’ components like anti-virus software, firewalls, IDS/IPS (Intrusion detection/prevention systems), VPN devices to thwart attacks.  The larger the number of defense layers, the more difficult it will be for a hacker to penetrate the system.

We will give brief description of the different components below:

Anti-virus software:
Installing anti-virus software is the most popular and most prevalent means of defense. It is also one of the easiest and most understood means of implementing security.  The most common way an anti-virus definition works is by comparing any unknown file against known virus signatures. If the unknown file is flagged as a being an infected file it is immediately quarantined.
Avast, McAfee,Bitdefender, Norton Security are just a few vendors who offer anti-virus solutions.

Firewalls:
‘Firewalls’ are yet another component of the ‘defense in depth’ strategy. Most Windows systems come pre-loaded with ‘Windows Firewall’. A firewall stands between your system/network and the Internet. It filters connections between your computer or your network and the Internet and vice-versa. The connections are filtered in/out based on rules. The basis of all firewall rules is ‘Deny all, add as needed’. This ensures that only required connections are allowed to your network and all other connections are denied.

 Firewalls can be software or hardware based. Checkpoint, McAfee, Sophos, Barrucuda firewall are examples of firewall vendors.

IDS/IPS(Intrusion detection systems/Intrusion prevention systems):

IDS and IPS are almost similar but different in that ‘Intrusion detection systems’ only detect anomalies on the network and sound an alarm whereas ‘Intrusion prevention systems’ detect and prevent attacks.

IDS function by placing sensors at different points in a network. These sensors watch for any malicious activity by comparing it to pre-defined signatures and alerting the user. The alerts can be in the form of email alerts or logging alerts. There are two types of IDS – they are – network based IDS known as ‘NIDS’ and host based IDS known as ‘HIDS’.  CheckPoint, FireEye,Fortinet are some vendors who offer IDS solutions.

IPS also function by placing sensors at different points in a network. If the IPS’s duty is to only detect any abnormal activity on the network, the IPS does not just stop with notifying the user or logging the activity. It immediately thwarts it. CheckPoint, SonicWall, TippingPoint are examples of vendors offering IPS solutions.

VPN:

‘VPN’ or ‘Virtual private network’ is primarily targeted towards the mobile workforce. Let’s say an employee would like to work from home and access business resources. How can this be done in a secure way? VPN creates an encrypted channel of communication over the Internet or LAN or WAN to enable one to work securely. The home user or road warrior must have the appropriate VPN software installed on their systems. F5 networks, Cisco and Citrix are some vendors who offer VPN solutions.

All or some of these choke points of the defense in depth strategy will effectively prevent a hacker from destroying systems.