preview

Summary: Defense In Depth

explanatory Essay
739 words
739 words
bookmark

DEFENSE IN DEPTH Defense-in-depth involves using multiple layers of controls to avoid having a single point of failure. Computer security involves using a combination of firewalls, passwords, and other preventive procedures to restrict access. Redundancy also applies to detective and corrective controls. Major types of preventive controls used for defense in depth include:  Authentication controls to identify the person or device attempting access.  Authorization controls to restrict access to authorized users. These controls are implemented with an access control matrix and compatibility tests.  Training to teach employees why security measures are important and teach them to use safe computing practices.  Physical access controls to protect entry points to …show more content…

In this essay, the author

  • Explains that defense-in-depth involves multiple layers of controls to avoid having a single point of failure. computer security involves using firewalls, passwords and other preventive procedures to restrict access.
  • Explains that authorization controls restrict access to authorized users are implemented with an access control matrix and compatibility tests.
  • Describes the importance of security training to teach employees how to use safe computing practices.
  • Explains physical access controls to protect entry points to the building, to rooms housing computer equipment, wiring, and devices such as laptops, cell phones and pdas.
  • Explains that remote access controls include routers, firewalls and intrusion prevention systems to prevent unauthorized access from remote locations.
  • Explains digital signatures are hashed documents that have been encrypted with the sender’s private key.
  • Explains that an organization that issues public and private keys is a certificate authority.
  • Explains that preventive controls are never 100% effective, so organizations implement controls to enhance security by monitoring their effectiveness and detecting incidents.
  • Explains log analysis, the process of examining logs which record who accesses the system and the actions they take.
  • Explains that intrusion detection systems (ids) automate the monitoring of logs of network traffic permitted to pass the firewall.
  • Explains that managerial reports can be created to disclose the organization's performance with respect to cobit objectives. key performance indicators include downtime caused by security incidents, number of systems with ids installed, and the time needed to react to security incident reports.
  • Describes vulnerability scans, which use automated tools designed to identify whether a system contains any well-known vulnerabilities.
  • Explains penetration testing, which involves an authorized attempt by an internal audit team or external security consulting firm to break into the organization's is.
  • Explains that a computer emergency response teams (cert), consisting of technical specialists and senior operations management, to deal with major incidents. the cert leads the organization’s incident response process through four steps.
  • Explains that the firewall works with the border router to filter information trying to enter or leave the organization. the access control list determines which packets are allowed in and which are dropped.
  • Explains that web servers and email servers are placed in a separate network outside the corporate network referred to as the demilitarized zone.

It works with the border router to filter information trying to enter or leave the organization. Data is transmitted over the Internet in packets through a protocol called TCP/IP. A set of rules called an access control list (ACL) determines which packets are allowed in and which are dropped. Stateful packet filtering examines the header of each packet in isolation. Deep packet filtering examines the data in the body of a packet to provide more effective access control. Deep packet filtering is the heart of a new type of filter called intrusion prevention systems. Internal firewalls can be used to segment different departments within an organization. Web servers and email servers are placed in a separate network outside the corporate network referred to as the demilitarized zone. Special attention must be paid to use of rogue modems by employees. Wireless access and dial-up modems require special security procedures. Host and application hardening procedures involve the use of supplemental preventive controls on workstations, servers, printers, and other devices. Special attention should be paid to host configuration, user accounts, and software

Get Access