lecture - 3 - layered approach to it security
Post on 02-Dec-2015
12 Views
Preview:
DESCRIPTION
TRANSCRIPT
Layered approach to Security
© Intelligent Quotient System Pvt. Ltd.
Traditional approach to security
© Intelligent Quotient System Pvt. Ltd.
If you spend more on coffee than on IT security, then you will be hacked.What's more, you deserve to be hacked.
Richard Clarke, Special Adviser on cybersecurity to the US President.
© Intelligent Quotient System Pvt. Ltd.
Threat is everywhere
© Intelligent Quotient System Pvt. Ltd.
IT IS ABOUT MAINTAINING APPROPRIATE SECURITY
MEASURES AND PROCEDURES AT FIVE DIFFERENT
LEVELS WITHIN YOUR IT ENVIRONMENT
ALSO KNOWN AS “DEFENCE IN DEPTH”
Layered security approach
© Intelligent Quotient System Pvt. Ltd.
Perimeter Level
Perimeter is the first line of defense from
outside, un-trusted networks
First and last point of contact for security
defences protecting the network
It is the area where your network ends and the
Internet begins
E.g. Makemytrip.com server hack – revenue loss
© Intelligent Quotient System Pvt. Ltd.
Perimeter Level
Firewall
Network-based anti-virus
VPN encryption
© Intelligent Quotient System Pvt. Ltd.
Network Level
Internal LAN and WAN
May include desktops and servers
Once you break perimeter you are inside and
once inside, you can travel across the
network unimpeded
© Intelligent Quotient System Pvt. Ltd.
Network Level
Intrusion detection /prevention system
(IDS/IPS)
Vulnerability management system
Network Access Control
Access control /user authentication
© Intelligent Quotient System Pvt. Ltd.
Host Level
Individual devices on the network, such as servers, desktops,
switches, routers, etc.
Configuration parameters if set inappropriately, can create
exploitable security holes
Includes - registry settings, services (applications) operating on
the device or patches to the operating system or important
applications
Configured to meet the specific operational characteristics of a
single device
© Intelligent Quotient System Pvt. Ltd.
Host Level
Hardware Component
OS Security
Host IDS
Host vulnerability assessment (VA)
Network access control
Anti-virus
Access control/user authentication
© Intelligent Quotient System Pvt. Ltd.
Application Level
Poorly protected applications can provide easy access to confidential data and records
Hard truth - most programmers don’t code with security in mind
© Intelligent Quotient System Pvt. Ltd.
Application Level
Application shield
Access control/user authentication
Input validation
© Intelligent Quotient System Pvt. Ltd.
Data Level
Blend of policy and encryption
Access control/user authentication
© Intelligent Quotient System Pvt. Ltd.
© Intelligent Quotient System Pvt. Ltd.
top related