Defense In Depth
- SANS institute is a great security resource.
- Defense in Depth. concentric circles (data, application, host, network).
- Three core principles: confidentiality, integrity, availability (CIA).
- Least Privledged model. You get only the amount of access you need to do your job.
- Good Authentication: Something you know (passwd), something you have (key), something your are (biometrics).
- Data classification: label data as to its sensitivity.
- Threats: activity that represents a potential danger. You can’t protect against all, protect against the onces that are the most likely.
- Vulnerabilities: threats and vulnerability must be paired.
- Origin’s of a threat: external threats from outside.
- An internal threat from “inside the wire” (someone walks in and plugs into your network.
- Network Level Protection: Firewall (you want a stateful one)(start by denying all traffic & then open traffic as necessary), Intrusion Detection System (sits off switch and looks at all traffic), Intrusion Protection System (this one is proactive & works hard to stop know exploits).
- Host Level Protection: Virus Scanners, Host Firewall, Limit authority, detect changes.
- Familiarize yourself with the hacker tools… you can test your own system.
- Snort is a great tool… a good IPS… Highly recommended… can run on windows too.
- Encryption DDDS encryption on wondows (you can encrypt a particular directory). Unless the key is escrowed, if the HD fails, you will loose the data.
- Log watchers are also a good idea.
- Application level Protection: there is a lot of bad code out there… e.g. buffer overflowing a stack, and causing the execution of arbitrary code.
- Conclusion: Melissa virus: 100K machines over the weekend. Code Red 37K per hour.