Defense in Depth and Layered Security
By Rob Chenault – VP Systems and Security
“Defense in depth and layered security” – these are terms that are frequently tossed around when talking about security, but what does it mean to you?
The basic theory is that any one layer of protection can fail. The evolution looked like this: back in the dawn of civilization, people were living in caves, and anybody could walk in and take their food stores. So, someone came up with the idea of building a wall at the entrance. That worked for a while, but sometimes the wall would fail, so they put up traps, and so on. Today, we have dead bolt locks and fancy security systems to deter crime.
The same approach applies to businesses – multiple layers of protection are important. You should have doors with badge systems and alarms, as well as security cameras at entrance points. If you have a server room, you should also have that protected.
Your data center should also have layered protection from hacking as well. Start with a quality, properly configured firewall. Next, apply vendor security patches as soon as they are released. Many successful attacks have occurred because a patch that was released six months before the attack had not been applied.
You should also be running an advanced anti-virus/anti-malware solution on your servers and workstations. The new breed of these tools not only has signatures to identify dangerous software, but also looks at the behavior of any software- looking for suspicious activity – and will block the action and send alerts. On workstations, there should also be local firewall software that helps block access to your operating system, which is especially important in remote work situations when you are outside the protection of your offices.
These security systems are not the place to skimp out by using open-source software or un-proven systems. Use commercial grade products with quality support. In the end, you are trying to make your critical data and assets hard to access so that the hackers go elsewhere.
I was talking to a police officer about protecting my house. His advice was that you cannot always protect yourself from a skilled determined intruder, but what you are really trying to do is make your home the least appealing target on your block. He said he never sees burglaries at houses with a dog that barks!