“Security is not a product; it’s a continuous process.” - Unknown
An information security professional is a lifetime student. The more you learn, the more you realize how much more there is to learn. That being said, it’s time to wrap up our discussion of Defense in Depth.
The main objective of any security program is to ensure confidentiality, integrity, availability, authentication, and non-repudiation of information systems. These five items make up the five pillars of information assurance:
-Confidentiality - the prevention of unauthorized disclosure of information
-Integrity - ensuring information is protected from unauthorized or unintentional alteration, modification, or deletion
-Availability - ensuring information is readily accessible to authorized users
-Authentication - the establishment and verification of user identity
-Non-repudiation - method of guaranteeing message transmission between parties via digital signature and/or encryption; assurance that a transmission cannot later be denied by either of the parties involved
DID strategies support this objective. The concept of DID is based on the premise that multi-layered defenses create a comprehensive strategy that is stronger than any single system. These defenses span multiple technological solutions, operational procedures, and the education of personnel. Throughout this blog series, we have covered each layer of the DID model in detail, but we can summarize a DID strategy here with the inclusion of the following tools:
-User policies and training
-Strong password policy
-Workstation lockdown rules
-Access control policies based on the principal of least privilege
-Packet filtering firewall with stateful packet inspection
-DMZ for isolated, externally-facing servers
-Intrusion detection/prevention
-Proxy server
-Wireless network authentication and encryption
-Antivirus protection for network, file servers and clients
-Spam filtering at server and client
-Content monitoring and filtering
-Mobile device validation
-Host-Based firewall for servers and clients
-Patch management
-Application layer firewall with deep packet inspection
-Application security features
-Appropriate use of data encryption
(Again, this is not an exhaustive list, and the need for security measures varies from system to system.)
So this completes the blog series on Defense in Depth. I hope you learned as much as I have. Join me again soon to visit more information security topics.
Thanks for reading!
Jen