Summary

No single security countermeasure can always stop all attacks. Effective security requires multiple layers of countermeasure, so that if one is bypassed, the attack still has to get through the next layer, the layer after that, and so on. The concept of utilizing multiple layers of defense is called defense-in-depth.

A prime target on your network is your corporate database. Hopefully, this database is housed on your internal network and protected by various security measures. However, an external attacker can attack your corporate database in various ways. Some of the attack paths and mechanisms include the following:

• Accessing the database server from Internet

• Accessing the database server from a compromised internal system

• Accessing the database server from compromised DMZ web server

• Accessing the database server from a worm attack

Protecting against these external attacks falls into the following areas or layers:

• Layer 1: The Internet perimeter router

• Layer 2: The Internet perimeter firewall

• Layer 3: The DMZ firewall

• Layer 4: Network IPS

• Layer 5: NetFlow

• Layer 6: Antivirus

• Layer 7: Host IPS

Besides external attacks, you also need to worry about internal people who attempt to access unauthorized resources (either intentionally or accidentally). Protecting against these internal attacks falls into the following areas or layers:

• Layer 1: The switch

• Layer 2: Network IPS

• Layer 3: Encryption

• Layer 4: Strong authentication

• Layer 5: Host IPS

Your corporate security policy has an important role to play in defense-in-depth. It contains policies, procedures, guidelines, standards, implementation specifications, and requirements that should guide every facet of your security strategy. A typical corporate security policy contains four sections:

• Administrative safeguards

• Physical safeguards

• Technical safeguards

• Organizational framework