Defense in Depth helps ensure an organization can prevent or minimize a security breach. This is accomplished by implementing many layers of defense against the progression of an attack.
By implementing a firewall between your internal network and Internet, you are establishing a first layer of defense. This device ensures unauthorized traffic is not able to traverse to the trusted internal network.
It is important to review the firewall rules in place and determine the their need on a recurring basis. Many times an application deployed, but may fall out of compliance of a hardening policy. In this case, an outdated firewall rule could allow an attacker to gain access to the out of date system or application.
Administrative controls should also be into place to ensure that access to systems is properly logged and audited. This ensures that activities performed by an account can be associated with an action. For example, when an admin logs into a server containing sensitive information. This provides the baseline for creating correlation rules that can be used with a syslog or SIEM server to send alerts.
Finally, with the use of physical controls, we can ensure that our systems are protected from unauthorized persons. This can include door locks, security cameras, and badging systems that record a users physical movement. Badging can also be leveraged to restrict an admin from opening a door in Building A when they recently opened a door in Building B, for example.
A security assessment will highlight gaps in the security of your organization.
Considering upgrading your organization's Defense in Depth strategy? Let's Talk.
Author: Chad Akileh
Equilibrium IT Solutions, Inc.