Thursday 14 February 2013

Defense In Depth Strategy


14] DEFENSE IN DEPTH STRATEGY

 The above words would make us visualize a scenario where we would be having many levels or a large number of defensive mechanisms in our organisation to protect it from the unwanted, malicious intruders. Almost correct, lets take a deep look in the concept.

 Defense in Depth specifies employing a multi-layer defense mechanism. To be more simpler, it specifies to have particular defense mechanisms at the various levels of the organisation. These levels would be say the external network, internal network, host layer, application layer, data layer. A diagram to this would simplify your thinking further.


                     (Photo credit : The Basics of Information Security by Jason Andress)

We will now see which defenses can be applied at which layer.All the unknown or unread terms appearing in the following section would be covered in detail in the later posts in the blog.

14.1) Defense mechanisms at external network layer: These would include the following

 (a) De-Militarized Zones (DMZ)
(b)Virtual Private Networks(VPN)
(c) Logging
(d) Auditing
(e) Penetration Testing
(f) Vulnerability Analysis
(g) Firewalls
(h) Proxy
(i) Stateful Packet Inspection

 14.2) Defense mechanisms at internal network layer : These would include the following

 (a) Intrusion Detection Systems (IDS)
(b) Intrusion Prevention Systems (IPS)
(c) Logging
(d) Auditing
(e) Penetration Testing
(f) Vulnerability Analysis.


14.3) Defense mechanisms at host layer : These would include the following
(a) Authentication
(b) Firewalls
(c) IDS
(d) IPS
(e) Password Hashing
(f) Logging

(g) Auditing
(h) Penetration Testing
(i) Vulnerability Analysis
14.4) Defense mechanisms at Application layer : These would include the following
(a) Single Sign On (SSO)
(b) Content Filtering
(c) Data Validation
(d) Auditing
(e) Penetration Testing
(f) Vulnerability Analysis

14.5) Defense mechanisms at data layer : These would include the following
(a) Encryption
(b) Access Controls
(c) Backup
(d) Penetration Testing
(e) Vulnerability Analysis
----------------------------------------------------------------------------------------------------






Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)