It takes more than a good password or physical security policy to deal with a determined intruder. Although building a fail-safe access control environment might seem like the ideal goal, I doubt if most organizations can afford to pursue it. In this series you'll:
- Learn about deperimeterization and the way it's changing how managers deploy security measures
- Explore the need for configuration management and the activities necessary to protect your systems at the last line of defense
- Learn how intrusion detection systems (IDS) work
- Learn how intrusion prevention systems (IPS) protect your network and its connected systems
- Learn how to use
IPS and IDS as a layered intrusion defense solution
- Learn why spyware is becoming a larger threat than the ubiquitous viruses and worms and how to protect your organization against infection
- Examine how personal firewalls provide an additional layer of protection against unwanted visitors
There are many threats to the confidentiality, integrity, and availability of your data. We'll look at these threats from two perspectives:
- Inside threats caused primarily by disgruntled, financially stressed, or poorly trained employees
- Outside threats consisting of malware on the Internet and for-profit human attackers
Ten years ago, protecting your network from attacks consisted of good access controls and a solid perimeter defense. Today this isn't enough. Malware comes in many new forms, and it's often unintentionally invited into your network by unsuspecting employees. Further, attacks are shifting from an amusing pastime to a way to earn money - lots of it. Organized crime across the globe is cashing in on identity theft, corporate extortion, and corporate espionage enabled by weak information security practices. The perimeter defenses of yesterday are no match for today's attack vectors.
Deperimeterization defines the nature of network security in today's information processing environment. Its basic premise is that the deployment of perimeter defenses alone is not a reasonable and appropriate approach to safeguarding your information assets.
Perimeter firewalls might be 100% successful in stopping external attacks if you closed all ports and allowed no traffic to pass; but this is impractical. It's a security best practice to open only those ports necessary to conduct business with your customers and business partners. This includes restricting traffic to specific ports on specific IP addresses. However, attackers have developed ways to use these restricted paths to pass through your perimeter. And this isn't your greatest threat. Most security incidents originate inside your network.
Laptops used by mobile users may become infected at some remote location. The infection is transferred to your network when the user returns to the office and connects the compromised device. Employees surfing the Internet unknowingly bring malware into your environment by visiting certain web sites or by downloading free software. And let's not forget email. Email messages are probably the most popular attack medium. Finally, the spread of handheld devices provides another way to circumvent your perimeter security. Your perimeter is no longer the high protective wall it once was.
In an effective deperimeterization model, network defenses are designed from the inside out. See Figure 1.
At the device layer, secure configuration and effective patch management processes, together with a host-based prevention solution, help protect against inside attacks against a network segment. A segment layer defense consists of monitoring for and responding to attacks as the threat agent attempts to pass from one network segment to another. A strong perimeter defense is necessary to help block and detect incoming malware or casual human attacks.
In the Part 2, we'll examine configuration and patch management as ways to harden enduser devices and servers.
See other articles in this series...