The bad guys are right outside your perimeter (not literally) and they want access to your network. A single point of defense is not a good strategy. The best approach is several layers of defense protecting your network in different ways. Layers make life difficult for attackers and reduce the likelihood of a successful compromise of your network. Layered Defense involves implementing several tools, processes, and configurations that work together to prevent threats from exploiting vulnerabilities. Below is a list of some basic “layers” that should be set up, at a minimum.
- Physical Security —The most basic form of security is Physical Security. If a bad guy has physical access to your system, it’s over. Hardware must be protected from physical access by unauthorized individuals. This can be accomplished by locking servers in rooms with cages and limiting access. Desktop should be locked down to docking stations.
- Authorized Access—Once a user is on your network, they should only be allowed access to assets for which they are authorized.
- System Hardening—Operating system hardening is often overlooked. Base configuration and continued patching are important to securing Operating Systems.
- Packet Filtering— It is good practice to filter network packets entering and leaving your network.
- Antivirus—Files and email coming in and out of your network should be scanned for viruses by an antivirus application. An antivirus application will try to match files on your system to signatures in its database.
- Firewalls—Security policy dictates how the firewall should be configured. Having a firewall is great…is it configured correctly?
- DMZ—Servers externally accessible should be located in the company Demilitarized Zone (DMZ).
- Intrusion Detection and Prevention—If by chance an attacker is able to penetrate the internal network, there should be a system in place to detect their presence.
- SIEM—Just about all the hardware devices on the network are capable of generating log files. Log files record the who, what, when, and where of network traffic as it relates to that device. Logs should be centrally stored and analyzed regularly.