Chapter 24. A Unified Security Perimeter: The Importance of Defense in Depth

When we were young teenagers, we were fearless. We drove our cars too fast, didn't wear seatbelts; it is amazing we are alive today. Now that we are older, we still drive fast, but we do it in very sophisticated vehicles. We wear seatbelts, our cars have front and side airbags, antilock breaks, and skid management, we pay insurance, and as we age, we eat vitamin A to improve our night vision and we wear special driving glasses. We apply a defense-in-depth approach to driving. What's the difference? Nowadays, with a spouse and kids counting on us, we have something to lose.

Could it be that in our journey as system and network builders a similar thing has happened? Just a dozen years ago, less than half the organizations that employ the readers of this book had a firewall. Today, many of our security operations centers look like NASA control rooms with failover firewalls, VPNs, intelligent IPS switches, antivirus, antispam, IDS (including anomaly IDS to pick up the activity of the worms our IPS switches don't have a signature for), correlation engines, and enough cooling to keep it all running to ice the streets of a really hot city such as Houston, Texas in August. What's changed? We have something to lose. What are we trying so hard to protect? Over the past decade the value of our organizations is measured more and more by the value of our intellectual property (IP). Today, IP accounts for more than half the value of most nonagricultural organizations and is at least 90% of high-tech companies.

Throughout the book, we have touched on defense in depth. We have made an assertion that no single defensive component is enough to protect our information assets. We are at a crossroads as a community, in our desire for ease of use; the most prevalent desktop operating systems simply cannot be secured without resorting to external tools. Do you remember the discussion of rickety operating systems in the preface of this book? If security was as simple as putting a firewall between the Internet and the system needing to be defended, that would be great, but it is not that simple. Even if the system is robust, there is more to do to achieve a reasonable level of risk. The lesson of devastating attacks such as Nimda is that a vulnerable system simply has to browse from a hostile web server and it can be infected. Does this depress you? We hope not. Life is full of risk, damage, and mayhem, yet we not only survive, but we prosper. To prosper, defense in depth is imperative as a design paradigm. Bad things are going to happen. We need to limit the damage to a minimum.

This chapter gives you a lot to think about and helps to tie all the topics of the book together. In the first half of this chapter, we employ the classic castle analogy to help make our perimeter defense points crystal clear as we introduce the problem of the rigid perimeter. At the end of that discussion, we focus on static packet filters and Network Address Translation (NAT) from a defense-in-depth perspective. Then we consider softer perimeter solutions that tie up the attacker's time by absorbing the attacks, much like the crumple zone of your automobile absorbs energy in a crash. We discuss internal defenses, which are the information technology equivalent of the watertight doors built in to ships. Finally, we consider defense in depth for information.