lecture - 3 - layered approach to it security

Layered approach to Security

© Intelligent Quotient System Pvt. Ltd.

Traditional approach to security

© Intelligent Quotient System Pvt. Ltd.

If you spend more on coffee than on IT security, then you will be hacked.What's more, you deserve to be hacked.

Richard Clarke, Special Adviser on cybersecurity to the US President.

© Intelligent Quotient System Pvt. Ltd.

Threat is everywhere

© Intelligent Quotient System Pvt. Ltd.

IT IS ABOUT MAINTAINING APPROPRIATE SECURITY

MEASURES AND PROCEDURES AT FIVE DIFFERENT

LEVELS WITHIN YOUR IT ENVIRONMENT

ALSO KNOWN AS “DEFENCE IN DEPTH”

Layered security approach

© Intelligent Quotient System Pvt. Ltd.

Perimeter Level

Perimeter is the first line of defense from

outside, un-trusted networks

First and last point of contact for security

defences protecting the network

It is the area where your network ends and the

Internet begins

E.g. Makemytrip.com server hack – revenue loss

© Intelligent Quotient System Pvt. Ltd.

Perimeter Level

Firewall

Network-based anti-virus

VPN encryption

© Intelligent Quotient System Pvt. Ltd.

Network Level

Internal LAN and WAN

May include desktops and servers

Once you break perimeter you are inside and

once inside, you can travel across the

network unimpeded

© Intelligent Quotient System Pvt. Ltd.

Network Level

Intrusion detection /prevention system

(IDS/IPS)

Vulnerability management system

Network Access Control

Access control /user authentication

© Intelligent Quotient System Pvt. Ltd.

Host Level

Individual devices on the network, such as servers, desktops,

switches, routers, etc.

Configuration parameters if set inappropriately, can create

exploitable security holes

Includes - registry settings, services (applications) operating on

the device or patches to the operating system or important

applications

Configured to meet the specific operational characteristics of a

single device

© Intelligent Quotient System Pvt. Ltd.

Host Level

Hardware Component

OS Security

Host IDS

Host vulnerability assessment (VA)

Network access control

Anti-virus

Access control/user authentication

© Intelligent Quotient System Pvt. Ltd.

Application Level

Poorly protected applications can provide easy access to confidential data and records

Hard truth - most programmers don’t code with security in mind

© Intelligent Quotient System Pvt. Ltd.

Application Level

Application shield

Access control/user authentication

Input validation

© Intelligent Quotient System Pvt. Ltd.

Data Level

Blend of policy and encryption

Access control/user authentication

© Intelligent Quotient System Pvt. Ltd.

© Intelligent Quotient System Pvt. Ltd.