Rich McCue

Defense In Depth

  • SANS institute is a great security resource.
  • Defense in Depth. concentric circles (data, application, host, network).
  • Three core principles: confidentiality, integrity, availability (CIA).
  • Least Privledged model. You get only the amount of access you need to do your job.
  • Good Authentication: Something you know (passwd), something you have (key), something your are (biometrics).
  • Data classification: label data as to its sensitivity.
  • Threats: activity that represents a potential danger. You can’t protect against all, protect against the onces that are the most likely.
  • Vulnerabilities: threats and vulnerability must be paired.
  • Origin’s of a threat: external threats from outside. 
  • An internal threat from “inside the wire” (someone walks in and plugs into your network.
  • Network Level Protection: Firewall (you want a stateful one)(start by denying all traffic & then open traffic as necessary), Intrusion Detection System (sits off switch and looks at all traffic), Intrusion Protection System (this one is proactive & works hard to stop know exploits).
  • Host Level Protection: Virus Scanners, Host Firewall, Limit authority, detect changes.
  • Familiarize yourself with the hacker tools… you can test your own system.
  • Snort is a great tool… a good IPS… Highly recommended… can run on windows too.
  • Encryption DDDS encryption on wondows (you can encrypt a particular directory). Unless the key is escrowed, if the HD fails, you will loose the data.
  • Log watchers are also a good idea.
  • Application level Protection: there is a lot of bad code out there… e.g. buffer overflowing a stack, and causing the execution of arbitrary code.
  • Conclusion: Melissa virus: 100K machines over the weekend. Code Red 37K per hour.

Leave a Reply