Imagine this. You’re now the commander of a special military base and it’s your responsibility to protect it.
What’s your defensive strategy? Do you put all your resources into building a massive barricade around the entire base? Or do you split your resources and invest in a variety of defensive options?
It might be a silly example, but approaching your network security from a military perspective isn’t such a bad idea. By picturing tangible, real-world examples, it’ll help you come up with much safer, well thought-out strategies to improve your network security efforts.
To date, so many companies are investing heavily in only creating a secure perimeter; a solid, first line of defense. However, outside of that, they have very few resources to improve the depth of their security. That means if someone manages to breach their perimeter, there’s nothing to stop them from causing chaos on the inside.
To get things started, it might be a good idea to differentiate between perimeter and depth security. Perimeter security, in this case, refers to building one solid line of defense. Depth security refers to the practice of layering different types of defenses, one on top of the other.
If you had the choice to pick between the two, which would you choose?
Hopefully, a layered approach. While that should be the obvious choice, that doesn’t mean it’s the most common. Many businesses opt for a perimeter style approach because they don’t have the resources or knowledge to implement other security services. They hope if they can build one really good wall, they won’t need anything else.
It’s a gamble, and one that often fails. The vast majority of IT professionals recommend depth security and wish their organizations would invest more in this approach.
To help paint a better picture of how to properly layer your network, here are three points to consider:
The Surrounding Wall
Your first line of defense against cyber attacks should be a firewall. Firewalls are configured to monitor traffic by source, destination and port or protocol. Simply, your firewall determines whether or not traffic is allowed in.
There should be at least a front-end firewall for the external traffic and a back-end firewall for the internal traffic. In addition, it would be smart to invest in an Intrusion Prevention System (IPS). An IPS is security mechanism that’ll catch attacks that have snuck past the firewall.
If an attacker manages to make it past your wall, you’ll want to have a number of guards posted to catch them and minimize the threat. Make sure you are running the most current software and operating systems. Software and system updates come with patches that fill security holes that attackers could easily exploit (think Heartbleed and Shellshock).
On top of updates, there are numerous security controls you can place throughout your system. Antivirus software, encryptions, password security and permission controls all act as additional layers of defense and will help defeat those who’ve managed to make it past your wall.
Call for Help
Any great leader knows when to call for help and rely on his allies. A variety of reliable third-party services are available to help improve your network security.
Moving more and more company information into the cloud has become an increasingly popular option to improving security measures. By keeping some of your most prized assets hidden from your enemy, you’ll avoid loss or theft in the event of a network intrusion.
Cloud services have also led to the creation of cloud-based malware detection and DDoS services. These services sit outside and analyze traffic before it even hits.
A proper network solution involves layering multiple defensive strategies. Obviously you’ll want to have strong perimeter to deter anyone from attempting to break it, but should someone manage to find a way, it’s important to have good depth security to minimize damage.
Also, keep in mind that the threats facing security today may not be the ones we face tomorrow. You’ll want to ensure that whatever strategy you take, it’s flexible enough to meet future needs.
About the Author: Rick Delgado is a freelancer tech writer and commentator. He enjoys writing about new technologies and trends, and how they can help us. Rick occasionally writes for several tech companies and industry publications.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Image courtesy of ShutterStock.