This chapter presented defense in depth as a solution to secure a business network. Defense in depth is a concept using layers of defense to mitigate computer and network attacks. Those who fully deployed defense in depth were protected from the major worms and viruses that hit the Internet in recent years. The basic building blocks of defense in depth are as follows:
This book shows how to implement defense in depth on the ASA/PIX Security Appliance using ASDM. The following technologies and best practices are used to deploy defense in depth. Local device authentication (usernames and passwords) verifies management access to the security appliance. Perimeter security is implemented via the ASA/PIX Security Appliance using NAT for publishing Internet-reachable addresses; these are typically your web servers, mail servers, and DNS servers. Access to this exposed address is granted based on inbound access lists. Internet users cannot use your public services unless there is a specific access list allowing them to access these services. The ASA/PIX Security Appliance uses the technology listed in Table 2-2 to mitigate against various DoS attacks that can be expected from the Internet.
Host intrusion prevention is used as the critical last line of threat defense. It is the only portion of defense in depth that you cannot achieve using the ASA/PIX Security Appliance. CSA stops attacks based on the behavior of operating systems, network stacks, and applications. Additional best practices that are discussed in this chapter include remotes-access and security management. The ASA/PIX Security Appliance implements remote access using a combination of IPSec and authentication. In addition to these technologies, CSA is required on the hosts that will connect to the network remotely, thus ensuring that the unregulated computers that might connect via IPSec won't spread viruses or worms to the internal network. Security management best practices suggest choosing difficult-to-guess usernames and passwords for access to your security appliance and recommend that a remote syslog server be used to capture error messages for troubleshooting and security purposes. |