| When looking at security architecture, it is important to recognize that no single device is without flaws. Every significant application, server, router, and firewall on the market harbors some vulnerabilities. Additionally, all devices have a good chance of being misconfigured, unmonitored, and improperly maintained. On their own, each object will eventually become the weak link that allows a hacker into the network. This understanding is what leads to the expression: "Nothing can be 100% secure." If nothing can be 100% secure, then it would certainly not be wise to trust any one device with all security. The firewall, for example, should not be the only thing guarding a perimeter network. Always consider the fact that a security device will have some flaw in it that will ultimately be an exposure to attack. Basic Security Layering Rather than focusing on any specific device or application as an all-in-one security solution, we must look at security in layers. If one device succumbs to an attack, another device should be there to save the organization from exposure. In most situations, we should consider at least three layers of security (see Table 5.2): Internal layer The internal layer consists of controls that are applied directly to protected objects. If an attacker penetrates the outer layers, he or she should still not have complete access to internal resources. examples of this type of control include a host-based IDS on a server and a locked cabinet inside a computer room. Middle layer The middle layer consists of the primary security devices, such as firewalls and the front door to the server room. This is the main line of defense against outside intruders. External layer This consists of controls that protect the middle layer and help to protect us in the event that the middle layer fails. Example external layer devices include a screening router that protects the firewall and a gate outside a building.
Table 5.2. Examples of The Three Layers of SecurityScenario | External Layer | Middle Layer | Internal Layer |
|---|
Perimeter network | Screening router | Firewall/IDS | Server-based controls | Physical security | External gate | Front door | Internal locked cabinet |
Layering Network Security It is common to practice layered security within networks. Perhaps a hacker cannot gain access to internal systems because he or she is stopped by a firewall (the middle layer), but the firewall itself can be vulnerable to attack. Thus, we also implement measures to protect the firewall from attack, and to maintain security even if the firewall is compromised. Rather than just placing a lock on the castle gate, it is best to build a moat to protect the castle and the lock itself. A thief is far less likely to pick the lock if he or she must first swim a moat filled with hungry alligators. Similarly, we can force the thief to pass through multiple locks and multiple moats before access is granted. Once he or she passes the front gate, the thief will find that the treasure room also has a lock on it. We will look at this concept more in the section titled, Perimeter Defenses in Chapter 11, The Rules in Practice. For now, consider the following tips for layering network security: Start by having a firewall separating internal and external networks (middle layer). Enhance this by placing other security mechanisms, such as an IDS on the network between the firewall and Internet. Program an external router to limit access to the firewall and internal systems (external layer). The router should perform some minor sanity checking to catch any obvious attacks. Terminate all remote access services outside the firewall. Many dial-up and VPN vendors place security directly on remote access devices themselves, and recommend placing them in direct contact with the internal network. Doing so removes the essential middle layer and is a bad security practice. Make sure that such devices have security enabled, but are placed outside the firewall. Enforce strong internal security controls (internal layer). Make sure that if someone breaks through the perimeter and attacks the network, there are additional defenses. Controls should be placed on individual systems, services, and devices.
Layering Systems Security When possible, systems and devices should have some form of layered security. There are many resource control options within most operating systems and applications, making layered security possible. An intruder may be able to attack an operating system, for example, but critical resources are still controlled by the application. Even better, if we follow our practice of zoning, we can separate critical data from externally accessible services. By doing so, we can apply security on the both front-end and back-end systems: Apply front-end controls, preferably ones that are centralized for multiple applications (like chokepoints). These controls should be the primary line of defense, protecting background data and services. Apply security that protects the front-end. For example, provide a network filter to limit Internet Protocol (IP) ranges and ports to help protect the front-end from being attacked. Apply security directly to back-end data and services. This includes direct controls for protecting the DB, filesystems, and operating system.
Layering Physical Security Physical security should always be constructed in layers; the more controls that can be layered, the better the ability to control and monitor access. This can include simple layers, such as a locked front door, a locked server room door, or a locked cabinet within the server room; or, this can be complex, with stationed security guards, cameras, and other forms of access control in each area. The following guidelines will help in establishing physical security through layering: Protect your sensitive equipment and resources via strong centralized controls. Try to consolidate such controls by limiting the physical areas where equipment is stored. Locking doors, alarm systems, and cameras should be considered in this main area. Use physical protection that prevents unauthorized users from even trying to gain access to critical equipment areas. Hallways outside of sensitive rooms should be restricted to authorized personnel. If possible, cameras and other security measures should be placed in areas that lead to entranceways. At a minimum, staff should be trained to question any unknown person who is near an entry point to a sensitive area. Controls should be placed on sensitive objects within protected rooms as well. Critical servers and devices should be locked in cabinets. Someone gaining unauthorized access to a room, or even someone with authorized access, should not necessarily have access to all objects within the room.
Applying the Concept of Layered Security The following steps will help when contemplating layered security within your own environment: Take any object and apply as much security directly on the object as is reasonably possible. Consider the access points to the object and apply as much security between the subjects and the object as is reasonably possible. Consider all the object's dependencies, including operating systems, third-party services, etc., and apply security to each. This should be performed for both the object itself and any security mechanisms protecting the object. Make sure the object itself and anything guarding the object are monitored and generate access logs. If one object is compromised, secured logs should exist elsewhere on a secured device. NEVER consider an object safe simply because another object is protecting it. NEVER forgo directly applying security on the object assuming no one will ever be able to attack it.
|
